understanding more with logon

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

My notebook runs Winxp. I examine its two usernames under control -> users

The first one is say, ykkfc for working with local machine itself. The
second username is, say domainXUser1 for Domain XXX logon.

When I am online, I signon as domainXUser1 normally. I reset the password
for ykkfc. I logoff, put myself offline, and signon as ykkfc. I verify the
new signon password for ykkfc and that works. When I typed the wrong password
for ykkfc, it rejected. This makes perfect sense as the machine must have
stored my password somewhere in the local disk.

Then still staying offline (remove my cable, wireless network connections,
etc.), I experienced it with a test to log on to the domain with
domainXUser1, entering the incorrect username/password pair. It rejects my
signon. Then I typed the correct username/password pair again. To my surprise
my pc did NOT reject my logon. I thought the password has to be compared with
a "central security store" held in the Domain server. Am I wrong.

I am surprised because if that centralized authetication function is not
available (because I am offline), how come the system could tell if my domain
username/password pair is correct or not correct. Can someone explain if I
miss something?
 
Then still staying offline (remove my cable, wireless network connections,
etc.), I experienced it with a test to log on to the domain with
domainXUser1, entering the incorrect username/password pair. It rejects my
signon. Then I typed the correct username/password pair again. To my surprise
my pc did NOT reject my logon. I thought the password has to be compared with
a "central security store" held in the Domain server. Am I wrong.

I am surprised because if that centralized authetication function is not
available (because I am offline), how come the system could tell if my domain
username/password pair is correct or not correct. Can someone explain if I
miss something?
Click to expand...

Credentials for the domain logon can be cached locally.
 
Where in Windows XP screen could I verify if the credentials has been cached?
Click to expand...

The setting to allow/disallow cached credentials is in Administrative
Tools> Local Security Settings (secpol.msc). With the window for that tool
open, expand Local Policies\Security Options. In right pane, look for:

Interactive logon: Number of previous logons to cache (in case domain
controller is not available)

Default setting is 10.
 
Back
Top