When the Active Directory (AD) domain controller is unavailable to authenticate and validate user account, whether because the client computer is not connected to the domain’s network, or the domain controller is down, user still can log on to the computer as the user’s logon information is cached, allowing access to network resources that do not require domain validation.
If a domain controller is unavailable and a user’s login information is cached, the user will be prompted with a dialog that says:
A domain controller for your domain could not be contacted. You have been logged on using cached account information. Changes to your profile since you last logged on may not be available.
For some reasons, administrators or management may want to enforce the rule where login request to the client computer must always be authenticated and validated by domain controller, it’s possible to reduce and even eliminae the number of cache logins that Windows saved to 0 (zero).
By default, all versions of Windows, including Windows 7 and Windows Vista remember 10 cached logons except Windows Server 2008 and Windows Server 2008 R2, which remembers 25 cached logins instead. Through system registry, user can change the number of previous logon attempts that a server will cache, with the valid range of values for this parameter is 0 to 50. A value of 0 turns off logon caching and any value above 50 will only cache 50 logon attempts.
To change the cached logons value, follow these steps:
- Run Registry Editor (RegEdit).
- Navigate to the following registry key:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\Current Version\Winlogon\
- In the right pane, right click on blank space, and create a New String Value (REG_SZ) registry value named CachedLogonsCount.
Note: Skip this step is “CachedLogonsCount” is already defined.
- Set the CachedLogonsCount with a value between 0 and 50, both inclusive, which represents how many previous login credentials the system should remember.
To disable cached logins, set the value data to 0 (zero).
With caching disabled, the user is prompted with this message when attempting to login without a domain controller in sight:
The system cannot log you on now because the domain
is not available.
Share This Post
- Able2Extract Professional 11 Review – A Powerful PDF Tool
- How to Install Windows 10 & Windows 8.1 with Local Account (Bypass Microsoft Account Sign In)
- How to Upgrade CentOS/Red Hat/Fedora Linux Kernel (cPanel WHM)
- How to Install Popcorn Time Movies & TV Shows Streaming App on iOS (iPhone & iPad) With No Jailbreak
- Stream & Watch Free Torrent Movies & TV Series on iOS with Movie Box (No Jailbreak)
- Windows 10 20H1 Insider Preview Build 18898 Released to the Fast Ring with Task Manager Improvements
- Dashlane Premium Free 1-Year Access With No Cost
- Media Creation Tool for Windows 10 Build 18362 (19H1)
- Windows 10 Insider Preview Build 18885 (20H1) Released to Windows Insiders in Fast Ring – Here What’s New, Fixes, Changes, Improvements
- Google Chrome 74 Released – Here the Changes and Download Links