Logging on to domain offline

  • Thread starter Thread starter Cornelius
  • Start date Start date
C

Cornelius

Hi,

I have setup Windows XP Professional w/ service pack 2 for two users in
my company. They are setup to join a domain on a Windows 2000 server
environment.

Recently these users travelled abroad on a project for 3 months. They
were able to log on to their machines for a while with their domain
user accounts even though they were not connected to the office network
(domain). I suppose that their user settings were cached.

All of a sudden one day, when logging in, one of the users got a
message "the system cannot log you on because the domain <domain name>
is not available".

I had to get the user to courier the laptop back to us in the office. I
plugged it in to the network here, and it logged in perfectly with his
account.

My question is, what settings/policies do i have to check in order to
ensure this does not happen again? These users (and many others) often
travel abroad, where they have no access to the network during log on.

Thanks in advance for your help.
 
Cornelius said:
I have setup Windows XP Professional w/ service pack 2 for two
users in my company. They are setup to join a domain on a Windows
2000 server environment.

Recently these users travelled abroad on a project for 3 months.
They were able to log on to their machines for a while with their
domain user accounts even though they were not connected to the
office network (domain). I suppose that their user settings were
cached.

All of a sudden one day, when logging in, one of the users got a
message "the system cannot log you on because the domain <domain
name> is not available".

I had to get the user to courier the laptop back to us in the
office. I plugged it in to the network here, and it logged in
perfectly with his account.

My question is, what settings/policies do i have to check in order
to ensure this does not happen again? These users (and many others)
often travel abroad, where they have no access to the network
during log on.
Click to expand...

I like to join the laptops to the domain, create their domain account (by
logging in), log out - log in as an administrator and create a local account
(setting the level the same as it would be for their domain account), log
out, log in as that user and get the user to change that password.. Then I
will log that user out, reboot, log in as an administrator (not either of
those two user accounts) and change where the new local account created and
password changed in the last step points to for its profile in the
registry(specifically - point it to the domain account profile directory).
Then go into Documents and Settings and make sure BOTH accounts have FULL
access to the domain account directory structure(since it was created
first - the domain account should just be the username and not
username.computername or username.domainname.) After that - I just have
them always log into the local account.

Registry area in question..
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList

It's mainly because I have seen the cached logon cause things like slow
logons and strangeness like you have - and this way - along with another
local admin account I don't mind (in an emergency) giving the user the
password for so they can reset their password - I rarely have to see that
laptop again.
 
Back
Top