cached credentials?

[dimitric]

Greetings,

I'm just curious. I have AD running on my home network. I took one of my boxes from home to work today...and logged in using my HOME domain account (wanted to perserve desktop settings and I can terminal into my work computers anyways)

i'm just curious, how long do these 'cached' credentials last for? how long before my box here at work will stop letting me use my home domain logon?

 

[Antony13]

It will work forever as long as the profile is left on the machine (if you right click on My Computer, go to Properties and then User Profiles, it'll show all the local profiles). As long as that profile is there, the logon will work.

As and when you reconnect the machine to your home domain, it will then check the password with your DC i.e. if you have password expiration set on the domain, whilst that machine is disconnected from the domain, you will not be prompted to change the password. Once you reconnect it, if you're password has expired, it will prompt you to change it.

Cheers, Antony

 

[dimitric]

thanks for the reply antony,

so basically you're saying my home domain password is cached locally for as long as the profile exists. I do not have a password expire policy set on my home domain...does this type of information get stored locally as well?

for example, If I had a policy set on the domain for 30 days, and i had the box at work for 31 days..would I eventually get a password 'expired' notice? ..probably not right?

 

[Antony13]

no, the password policy isn't stored locally, so if you had a password reset policy of 30 days, reset your password whilst connected to the domain and then took your machine off the domain for 31 days, you wouldn't be prompted to change your password.

Only when you brought your machine back and put it back on the domain after those 30 days would you be prompted to change your password.

Cheers, Antony