Using Cached Credentials
Windows 7 will cache the domain credentials of up to 10 users who have logged on to a system. These cached credentials are stored in an encrypted format in a secure area of the Registry, and they can be used by Windows 7 if a domain controller is not available to authenticate a user.
Consider a user named Jasmin who has a mobile computer. When she's at work, her mobile computer is connected to the domain and she uses her domain account to log on. Her credentials are then cached onto her system. Jasmin then goes on a business trip. While at the airport, she can still log on to her mobile computer using the same domain account even though a domain controller isn't reachable.
This works the same way in a network if a domain controller is unreachable. The network could have problems preventing the user from accessing a domain controller, but the user can still log on using a domain account. There is no indication to the user that cached credentials are being used, other than the logon seems to take a little longer and network connectivity is prevented after the user is logged on.
The Network and Sharing Center appears when a user is logged on with cached credentials. Notice the warning icon between the computer and the network.
Users cannot access any domain resources when authenticated with cached credentials. If a user tries to access a network share, print to a network printer, or use any other network resources that require valid credentials, the attempt will fail with cached credentials.
The reasoning is that the user has not been authenticated by Active Directory, and it's possible the account has been disabled or deleted. Until the account can be authenticated with Active Directory for this session, access is not granted.
When Windows 7 is logged on with cached credentials, it will periodically try to connect to the domain controller and authenticate normally. If the domain controller comes back online or the network is repaired so that the domain controller can be reached, the user's credentials will be authenticated and the user will have access to network resources as normal.
In this tutorial:
- Managing Windows 7 in a Domain
- The Domain
- What is Wrong with Workgroups
- The Domain Concept
- Active Directory
- Domain Security
- Joining a Domain
- Windows 7 Offline Domain Join
- Browsing the Domain
- Searching the Domain
- Custom Searches
- Assigning Permissions to Domain Members
- The Double-Thick Security Trick
- Creating a Test Bed
- Creating a Domain
- Installing Windows Server 2008 on vPC
- Configuring a Windows Server 2008 Server
- Promoting a Server to a Domain Controller
- Joining Windows 7 to a Domain
- Authentication vs Authorization
- Authentication
- Authorization
- Built-in Groups
- Organizing Users with Groups
- Group Scope and Group Type
- Creating Users and Groups in a Domain
- Using HomeGroup with a Domain-Based Computer
- Identifying and Resolving Logon Issues
- Hardware vs. Network
- Using Cached Credentials
- Password Expiration
- Determining Logon Context
- Logon Hours Compliance
- Restricting Computer Access
- Time Synchronization
- Understanding User Profiles
- Standard Profiles
- Roaming Profiles
- Implementing Roaming Profiles
- Mandatory Profiles
- Super-Mandatory User Profiles
- Modifying the Default User Profile
- Configuring Settings with Scripts
- Anti-Malware Software
- Microsoft Windows 7 Defender
- Third-Party Anti-malware Software