Cached Active Directory Credentials - Password Expiration Notification

[Staticfactory]

Does anyone know how to force XP to check the AD controller for credentials upon login? We have about 20 machines on site that are not getting prompted regarding their AD password expiration and I have a feeling that it's due to the machine using locally cached credentials. When the password does expire, they simply get locked out of their network resources until they change the AD password.

Any insight?

 

[sab4you]

On your domain security policy located in administrator tools, open up 'local policies' and then 'security policies'

Here you will see 'number of previous logons to cache' and you will want to lower this setting, or set to zero.

I am not confident this is a solution to your problem though. I would also make sure these computers are registered in AD.

 

[Staticfactory]

That makes sense, but we have over 100 machines with identical configurations.. only 80% of them are actually getting prompted. All the computers/users have accounts in AD, as policy prevents machines to be joined to the domain without an account in place. Why then, would 20% of the machines be using cached credentials when the AD controller is available?