Will cached domain credentials stay working if machine never re-connects to domain?

windows-server-2008 active-directory domain-controller
11,394

My experience is the same as what others have said - if you have a PC with cached credentials and it can't connect to a Domain Controller, those credentials don't expire.

But...

An exception could be if they set a security policy to disable or limit credential caching. The default is to cache 10 sets of credentials, but this could be overridden. If it was set to 0, then they wouldn't be able to use cached credentials, or if it was set to a low #, e.g. 2, then only the last 2 accounts to log in would have their credentials cached.

And as one of the comments said, whoever is providing support to this company should use one of the many tools or tutorials to create a local admin account with a known password. By default, the Administrator account is only accessible in Safe Mode and is blank, so they could try that if they haven't already (although getting to safe mode in Win8 requires a tutorial of its own...).

Share:
11,394

Related videos on Youtube

Alex Chance
Author by

Alex Chance

Updated on September 18, 2022

Comments

  • Alex Chance
    Alex Chance almost 2 years

    I have researched this thoroughly, and cannot find the answer I am looking for.

    A company I recently left is going through a bankruptcy. They have already auctioned off most the IT equipment, including the server that was the domain controller. However, they still have the client workstations set up in the office. These computers have no network access and will not be able to reach the domain controller, but still belong to the domain. There are not local accounts set up aside from the local administrator account, and they do not know the password. They are wanting to know if they can still log in and access local files, quickbooks, etc...

    Would someone still be able to log in using the last cached domain credentials? If so, is there a limit on how long those credentials will stay working?

    The client workstations are running Windows 7 Pro, or Windows 8.1 Pro. The server that was once there, was running Active Directory 2008, not sure if that matters.

    Thanks for the help.

  • joeqwerty
    joeqwerty over 8 years
    Your problem will be the machine account password - this is refreshed periodicaly when the computer connects to the domain controler. If this password was not changed for over 30 days (default value), domain accounts - even with cached credentials - won't be able to login - That's not technically accurate. If the DC is no longer running and is not contactable by the computers then the users will continue to be able to log on with cached credentials. - blogs.technet.microsoft.com/askds/2009/02/15/…
  • Alex Chance
    Alex Chance over 8 years
    Yeah I knew there were tools available for resetting the local admin password if it comes to that. I used to work in the IT department for them, but they currently don't have any IT staff or anybody that is technologically sound. I was trying my best to just give them advice and guide them without having to get my hands dirty.
  • Alex Chance
    Alex Chance over 8 years
    I told him to see if his cached credentials would work, and if they did to create a local account. He doesn't even know how to set up a local account, but I can probably guide him through it. I also wonder if the group policies that were in place are still in affect? Guess I can post another question in regards to that.
  • Alex Chance
    Alex Chance over 8 years
    Thank you. The server is no longer on site, they were just trying to get access to the workstations that were still there. There are likely some workstations that this particular user had never logged into, and basically all the employees are gone already, so the best option would probably be to just reset the local admin.
  • Alex Chance
    Alex Chance over 8 years
    Yes, the DC is no longer running. It has already been removed from the site. They have also gutted all the network equipment, but the workstations were left there. I'm guessing he is just wanting to try to pull any data they may have been left on the machines. I suggested just pulling the hard drives if they would allow him to do that. Bankruptcy attorney is trying to ensure he can gather up as much data just in case some is needed in the future.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

No longer able to edit scripts in SYSVOL/domain/scripts on Server 2008
processing of Group Policy failed only on 2008 Servers and Name Resolution failure on the current domain controller
DCDIAG VerifyEnterpriseReferences test failed on PDC
Domain Controller/Active Directory Time is 5 minutes slow
GPO Printer Deployment Ordering greyed out
Adding another domain controller to a small 2008R2 network: steps I am missing(?)
How to change the default domain controller when querying AD in a different site?
Server 2008 DFS Replication Issues
Cannot connect to Active Directory Domain Controller
ADPREP /forestprep fails to verify replication cycle on schema master