[windows2000] Re: Windows cached credential security issue

• From: David Spanne <werenomads@xxxxxxxxxxxxxxx>
• To: windows2000@xxxxxxxxxxxxx
• Date: Wed, 11 Feb 2004 09:08:48 -0800

I'm not aware of a policy/reg edit that allows for expiration of cached roaming
profiles, though I'm going to do more research, and I'd sure like such a 
function.

There are two other ways to deal with this, one is to stop them from caching

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"DeleteRoamingCache"=dword:00000001

The other way I have used is to put DelCache.exe (from the appropriate OS
resource kit) on each workstation, and set it to run with appropriate toggles
once a month on each workstation.  This may accomplish what you want.

David Spanne

>Quoting Anthony Abraham <AABRAHAM@xxxxxxxxxxxxx>:

 Hi
 
 Can anyone tell me if there is an AD policy that allows me to delete locally
 cached profiles  automatically after x days?? .  There is a bug where if an
 AD user is deleted or disabled, a user can theoretically log on locally with
 cached credentials.  We don't want to disable cached credentials - these are
 obviously useful if the AD servers are unavailable.
 
 From my testing, a user can logon with cached credentials indefinately.
 Passwords will not expire either and they can still map a drive to the
 server where their home drive is at
 
 In an ideal world, it would be great to have a policy that deletes locally
 cached profiles if it hasn't been updated within 7 days - has anyone
 accomplished this?
 
 Thanks
 Anthony
 ________________________________________________________
 NOTICE
 The information in this email and or any of the attachments may contain;
 a. Confidential information of Credit Union Services Corporation (Australia)
 Limited (CUSCAL) or third parties; and or
 b. Legally privileged information of CUSCAL or third parties; and or
 c. Copyright material of CUSCAL or third parties.
 If you are not an authorised recipient of this email, please contact CUSCAL
 immediately by return email or by telephone on 61-2-8299 9000 and delete the
 email from your system.
 We do not accept any liability in connection with computer virus, data
 corruption, interruption or any damage generally as a result of transmission
 of this email.
 ********************************************************
 This Weeks Sponsor StressedPuppy.com Games
 Feeling stressed out? Check out our games to
 relieve your stress.
 http://www.StressedPuppy.com
 ********************************************************
 To Unsubscribe, set digest or vacation
 mode or view archives use the below link.
 
 http://thethin.net/win2000list.cfm
 
 

-------------------------------------------------
This mail sent through GTC Telecom's webmail interface.
********************************************************
This Weeks Sponsor StressedPuppy.com Games
Feeling stressed out? Check out our games to
relieve your stress.
http://www.StressedPuppy.com
********************************************************
To Unsubscribe, set digest or vacation
mode or view archives use the below link.

http://thethin.net/win2000list.cfm

• Follow-Ups:
  • [windows2000] Re: Windows cached credential security issue
    • From: Sorin Srbu

Other related posts:

• » [windows2000] Windows cached credential security issue
• » [windows2000] Re: Windows cached credential security issue
• » [windows2000] Windows cached credential security issue
• » [windows2000] Re: Windows cached credential security issue

1. Home
2. windows2000
3. Archive
4. 02-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---