[windows2000] Windows cached credential security issue

• From: Anthony Abraham <AABRAHAM@xxxxxxxxxxxxx>
• To: "'windows2000@xxxxxxxxxxxxx'" <windows2000@xxxxxxxxxxxxx>
• Date: Thu, 12 Feb 2004 09:17:19 +1100

Thought as much - will look at delcache...  May also look at the Group
Policy setting that allows the cache to remain for 1 logon only.  Apart from
that setting, not much else exists...

Anthony

Msg: #22 in digest
Date: Wed, 11 Feb 2004 09:08:48 -0800
From: David Spanne <werenomads@xxxxxxxxxxxxxxx>
Subject: [windows2000] Re: Windows cached credential security issue

I'm not aware of a policy/reg edit that allows for expiration of cached
roaming
profiles, though I'm going to do more research, and I'd sure like such a
function.

There are two other ways to deal with this, one is to stop them from caching

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"DeleteRoamingCache"=dword:00000001

The other way I have used is to put DelCache.exe (from the appropriate OS
resource kit) on each workstation, and set it to run with appropriate
toggles
once a month on each workstation.  This may accomplish what you want.

David Spanne

>Quoting Anthony Abraham <AABRAHAM@xxxxxxxxxxxxx>:

 Hi
 
 Can anyone tell me if there is an AD policy that allows me to delete
locally
 cached profiles  automatically after x days?? .  There is a bug where if an
 AD user is deleted or disabled, a user can theoretically log on locally
with
 cached credentials.  We don't want to disable cached credentials - these
are
 obviously useful if the AD servers are unavailable.
 
 From my testing, a user can logon with cached credentials indefinately.
 Passwords will not expire either and they can still map a drive to the
 server where their home drive is at
 
 In an ideal world, it would be great to have a policy that deletes locally
 cached profiles if it hasn't been updated within 7 days - has anyone
 accomplished this?
 
 Thanks
 Anthony
________________________________________________________
NOTICE
The information in this email and or any of the attachments may contain;
a. Confidential information of Credit Union Services Corporation (Australia) 
Limited (CUSCAL) or third parties; and or
b. Legally privileged information of CUSCAL or third parties; and or
c. Copyright material of CUSCAL or third parties.
If you are not an authorised recipient of this email, please contact CUSCAL 
immediately by return email or by telephone on 61-2-8299 9000 and delete the 
email from your system.
We do not accept any liability in connection with computer virus, data 
corruption, interruption or any damage generally as a result of transmission of 
this email.
********************************************************
This Weeks Sponsor StressedPuppy.com Games
Feeling stressed out? Check out our games to
relieve your stress.
http://www.StressedPuppy.com
********************************************************
To Unsubscribe, set digest or vacation
mode or view archives use the below link.

http://thethin.net/win2000list.cfm

Other related posts:

• » [windows2000] Windows cached credential security issue
• » [windows2000] Re: Windows cached credential security issue
• » [windows2000] Windows cached credential security issue
• » [windows2000] Re: Windows cached credential security issue

1. Home
2. windows2000
3. Archive
4. 02-2004

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---