PaulDotCom mailing list archives
Windows Cached Credentials/Security Verifier
From: lonervamp at gmail.com (Michael Dickey)
Date: Fri, 16 Oct 2009 14:57:41 -0500
I don't know the exact mechanics, but I believe it drops the oldest one. If you have access to domain machines and accounts, you could probably test this. If you set the number down to 2 and grab yourself 3 logins, you could start to verify which one is bumped off as you get to the third one. Personally, setting this value to 5 is no better than the default value of 10. I personally prefer to use 1. This pretty much means the primary user will be the only cached credential. If you have concerns about your admin staff then being locked out, you could make a case for 2. But really, it's those admin credentials you really don't want lingering all over. For any non-mobile systems that you expect to always be on a domain-enabled network, you could make a good case for 0. On Fri, Oct 16, 2009 at 9:30 AM, k41zen <k41zen at live.co.uk> wrote:
So the business wants users to be able to log onto laptops using cached domain credentials whilst they are offline. The supplier has limited the number of cached credentials/security verifier's available to 5. My question is how is the "security verifier's table" (for want of a better description) managed? If it is full and as a 6th unique account I logon connected to the domain, which entry gets overwritten? Does it overwrite the oldest verifier that hasn't been logged on recently? Does it overwrite the first one in the table? I'm finding little info on the algorithm used (if any). Grateful for any insight. _______________________________________________ Pauldotcom mailing list Pauldotcom at mail.pauldotcom.com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
-------------- next part -------------- An HTML attachment was scrubbed... URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20091016/50022d54/attachment.htm
Current thread:
- Windows Cached Credentials/Security Verifier k41zen (Oct 16)
- Windows Cached Credentials/Security Verifier Michael Dickey (Oct 16)
- Windows Cached Credentials/Security Verifier k41zen (Oct 16)
- Windows Cached Credentials/Security Verifier Scott Webster (Oct 16)
- Windows Cached Credentials/Security Verifier k41zen (Oct 17)
- Windows Cached Credentials/Security Verifier k41zen (Oct 16)
- Windows Cached Credentials/Security Verifier Michael Dickey (Oct 16)