Interactive logon: Number of Previous Logons to Cache (in Case Domain Controller Is Not Available)
|ID: oval:gov.nist.usgcb.windowsseven:def:73||Date: (C)2012-04-13 (M)2018-05-14|
|Class: COMPLIANCE||Family: windows|
All previous users' logon information is cached locally so that, in the event that a domain controller is unavailable during subsequent logon attempts, they are able to log on . If a domain controller is unavailable and a user's logon information is cached, the user is prompted with a message that reads as follows:
Windows cannot connect to a server to confirm your logon settings. You have been logged on using previously stored account information. If you changed your account information since you last logged on to this computer, those changes will not be reflected in this session.
If a domain controller is unavailable and a user's logon information is not cached, the user is prompted with this message:
The system cannot log you on now because the domain <DOMAIN_NAME> is not available.
In this policy setting, a value of 0 disables logon caching. Any value above 50 only caches 50 logon attempts.
(1) GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Interactive logon: Number of previous logons to cache (in case domain controller is not available)
(2) REG: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon!CachedLogonsCount
|Microsoft Windows 7|