Trying to understand cached credentials

SA · Apr 20, 2004

Hi,
I am trying to understand type different types of cached credentials. I
want to disable the clients from storing the cached LAN manager hash to
prevent people from running things like PWdump. My questions are:

1) What group policy is this done on (ie DOmain Controller Security Policy)
2) How does this affect the cached credential logon process? Will the
client still be able to logon if the DC is not available?

Thanks,
SA.

Laura E. Hunter \(MVP\) · Apr 20, 2004

The best step-by-step in existence on this topic is from Mark Minasi's
newsletter archives on www.minasi.com

http://www.minasi.com/showdoc.asp?docname=nws0304.htm

I think that link requires (free) registration, but it's entirely worth it.
Mark's newsletters are required reading for me.

SA · Apr 20, 2004

Laura,
You are right. That was simply awesome.

-SA.

Cached credentials issue	1	Feb 24, 2005
Understanding Cached Credentials	8	May 17, 2006
Cached credentials.	1	Dec 15, 2006
Logon using cached credentials	6	Mar 1, 2007
remoted machines with cached domain logons	11	Aug 30, 2006
cached login credentials	11	Jul 31, 2007
synchronizing domain user Local cached credentials with domain (VP	4	Apr 14, 2008
Cached Credentials Expiring	5	Jun 27, 2005

Trying to understand cached credentials

SA

Laura E. Hunter \(MVP\)

SA

Ask a Question

Similar Threads