|
Posted by Elizabeth StrachanøIbͦ޶�§! on September 30, 2005, 5:07 am
Please log in for more thread options
FB,
I don't really have an answer to your question but I do have something to
add..
The cached credentials just means the number of users login's that the
system will cache and has nothing to do with the number of times one
particular user can login with cached credentials.
I have experienced a situation where one particular notebook (WinXP) was
away from a domain for 1.5 years and the user could still login with cached
credentials so they do not seem to expire. That being said that computer
could have not then actually logged onto the domains network because it's
computer account password would have long ago expired. The user was logging
into the system pretty much every day and not doing a VPN into the network.
I have heaps and heaps of laptops out and about that connect infrequently
(ie. go out for a few weeks) and we never have any troubles with them losing
the ability to logon with cached credentials. You just need to keep in mind
that the computer account password is supposed to be changed every 30 days by
default so perhaps you need to increase this threshold - but this yould
manifest as a problem logging on when you are connected to the domain.
In relation to using local user accounts you can do that if you like as
Windows XP has the ability to store network passwords but this has it's
downsides because it will limit your ability to apply user based group
policy, you will not be able to cache the users profile on the servers for
backup purposes and it will make password changes difficult - and this only
the few things I can think of, there would probably be more.
Sincerely,
Elizabeth
"FB" wrote:
> A customer have 75 Laptops and 99% of time, the Laptops are out of the
> company and sometimes they tend to not connect to the enterprise for several
> days and sometimes even several weeks!
>
> From time to time, some Laptops looses connectivity with the DCs (it´s a
> worldwide AD forest) and the user cannont logon with the cached credentials
> while the´re in home, for example.
>
> Why? I´ve read a lot of material and MS states that the number states the
> number of users that can use the settings, and no the number of times a user
> can logon with the cached creds.
>
> The customer will increase the Laptop use to more than 250 laptops and the
> problem will, in the future, be a BIG HUGE problem.
>
> There is a way to minimize or eliminate the problem? Some users have VPN
> connections. If they establish a VPN connection (using a Token and a CISCO
> software) the system "refreshes" the creds information? It helps? Not all
> users have VPN connections.
>
> If the customer have 250 Laptops and 90% of the laptops connects
> infrequently to the AD, how can use the cached cdredentials feature? The
> solutiin is to create a local user?
| 
XML Sitemap