help with windows domain & remote laptop users please.

rossy t

rossy t

rossy t

Associate
Joined
25 Sep 2003
Posts
95
hi guys, and a happy new year to all.

currently my company is switching from a workgroup to a win2003 domain.

there are quite a few sales users who work from home more often than not. i am concerned about them being able to log on to the "domain" from home. i am aware that when the laptops are connected to the local network in the office they can go and authenticate against a domain controller then they are granted permission to log in.

when working from home however they will not be able to access these domain controllers when logging in. sometimes users do not come into the office for upto a month, i dont want them being able to log in on cached credentials for a week, only to find when they are abroad they are unable to log into their laptops!

i am hopeful it is a group policy setting somewhere on the AD that can allow a longer window of these cached credentials...

advice welcomed!
 
I was under the impression that once a machine had joined a domain, you'd be able to log on to the local machine using those credentials without a network connection for as long as you wanted.

(i have several laptops at work that have been sat in the server room for months, I can fire them up without a network connection and still log on to the local machine with the domain details)


obviously a machine logging on with no network will miss all the group policy and log on scripts set.

someone please correct me if I'm wrong
 
thank you kindly for your response blastman.

i have done some more reading into the subject and it appears you are indeed correct. by default the domain policy is set that machines cache the credentials of 10 logon users. as there are only ever one domain user then this is a non starter. i was concerned about a "time out" period whereby after X days then the laptops are forced to authenticate against the domain.

in my last job i do remeber machines not being logged on for almost a year but as i was not in control of the infrastructure there i had no way to confirm that there is at least a months grace period to logon or a special group policy setting had been activated.

i appreciate that users will not get any new policies and such when logging on this way, but i don't predict this being a problem.
 
You must log in or register to reply here.
Back
Top Bottom