Windows cached password question

Topic

New Reply

Hi all. I have a Windows 7 laptop that’s a member of a Windows domain. The person using this laptop can obviously log into it with his domain credentials (domainnameusername and then his domain account password) when he’s connected to the network or not. What I’m wondering is if there’s a time limit set on how long that password will be cached locally. This laptop may not connect directly to our network for 6 months or more. What I’m worried about is if one day in a few weeks he’ll attempt to log into the laptop with his domain credentials and be told he can’t because he’s not connected to the domain. Any idea on how long that password is cached for?

Reply | Quote

Replies

There is no time limit. Once authenticated you remian authenticated – unless you re-connect to the network.

cheers, Paul

Reply | Quote

That’s good to know. Here’s an added question. If he connects back to our corporate network via the Juniper SSL VPN solution we use will that sync up his password on his desktop? In other words, his password will change every 3 months. He’ll be spending 3 days on site and 2 days off site every week for the foreseeable future. The laptop will remain off site, however, and he doesn’t want to have to bring it back with him every so often if at all possible. He just wants to leave it at its other location off network. So while he’s in the office let’s say his password expires and he changes it. Now he goes to his off site location, logs into his laptop using his old password and then connects to the corporate network via the Juniper SSL VPN, using his newly changed password of course, will that mess with his locally cached domain password?

Reply | Quote

I don’t know that particular VPN solution, but the standard mechanism is for the password to be left alone – you might be connecting to a network that has nothing to do with the laptop. Doing this will require 2 passwords, one for the laptop and one for the VPN connection.

cheers, Paul

Reply | Quote

Windows it’s self has a built in password that the PC uses to log into the DOMAIN, and it has an expiration time frame just like a user account.
If the PC, is not connected to the network/domain before the PC password expires, windows will not authenticate with the domain, and he will have authenication issues.
IF the VPN is setup correctly, it should pass the domain info thru, and all should be well.
Get with your Network/secutity team to verify the configuration.

Reply | Quote

The machine password is changed every 7 days by default, but it’s expiry will not prevent the machine connecting to the domain – the machine will connect and then the password will be changed. Disabling the machine account will stop logon, but this does not occur unless you do it manually – lots of places automatically disable accounts not used for X days as part of normal admin processes.

cheers, Paul

Reply | Quote