Saturday, November 13, 2010

Cached Domain Credentials and Registry Key

As you know domain cached credentials are stored in HKEY_LOCAL_MACHINE\SECURITY\Cache registry key on the local machine.  By default, you won’t be able to view the Cache registry key because of the default registry permission.

image

By default only SYSTEM account has full permission on Security registry key. 

image

If you need to view the Cache registry key, you need to add the appropriate user account and assign full permission on the Security registry key. With the proper registry permission, you will see the Cache registry values as shown in the following screenshot:

image

Also, the cached logon information is controlled by the following key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\Current Version\Winlogon\
ValueName: CachedLogonsCount
Data Type: REG_SZ
Values: 0 – 50

image

You can change the number of previous logon attempts that a computer will cache. The valid range of values for this parameter is 0 to 50. A value of 0 turns off logon caching and any value above 50 will only cache 50 logon attempts. By default, all versions of Windows remember 10 cached logons.  If you set the CachedLogonsCount key to 25, the computer will cache most recent 25 cache account information.

2 comments:

how to i add the domain user in cache. does not make any difference what is the password as long the user is correct. i like to add domain\user to laptop which is not connect to domain but it is on domain.

Post a Comment

Popular Posts

Share

Twitter Delicious Facebook Digg Stumbleupon Favorites More