Remove a cached credential

[JN]

I have an odd problem. I recently had to change my user's naming
convensions from just their name to first initials + last name. I did this
pretty easily by just changing the users logon names in AD so all their SIDs
stayed the same and I also updated their profile and home directory names
(%USERNAME%) to reflect the new logon name.

I have a problem with some laptop users where they occasionally make the
mistake of using their old username when they are not on the network. When
they are on the network it is fine because they get denied logon because of
the non-existing name on the domain but when they are at home, the laptop
allows them to logon with the old name and that ends up screwing up some
things in their user profile until they get back into the building for me to
fix.

I know I can disable caching logons, but I don't want to do that for obvious
reasons for the laptop users. Is there a way I can just gut on the one old
logon name from the cache?

 

[JN]

Never mind. I found out how to do it without having to mess with GPOs.

I got the idea from another work around that I saw for gaining access to the
system under the system account.

1. use AT to run CMD.EXE one minute from now (12:00) as follows:
at 12:01 /interactive cmd.exe

2. This will open a command windows at 12:01.

3. CTRL +ALT + DEL and kill explorer.exe process.

4. from the command window type explorer.exe and you will be running as the
SYSTEM account.

5. Open Regedit and go to HKLM\Security\Cache and export the keys to a .reg
file.

6. Edit the REG file so all the keys that look like NL$1 - 10 are padded
with 00

I would have rathered find the right key for the credentials I wanted to
delete, but this just clears them all for sure. Now you just need to logout
and log back in again and just the accounts you use from that point on start
the cache again.