Windows 7 / Networking

Using Cached Credentials

Windows 7 will cache the domain credentials of up to 10 users who have logged on to a system. These cached credentials are stored in an encrypted format in a secure area of the Registry, and they can be used by Windows 7 if a domain controller is not available to authenticate a user.

Consider a user named Jasmin who has a mobile computer. When she's at work, her mobile computer is connected to the domain and she uses her domain account to log on. Her credentials are then cached onto her system. Jasmin then goes on a business trip. While at the airport, she can still log on to her mobile computer using the same domain account even though a domain controller isn't reachable.

This works the same way in a network if a domain controller is unreachable. The network could have problems preventing the user from accessing a domain controller, but the user can still log on using a domain account. There is no indication to the user that cached credentials are being used, other than the logon seems to take a little longer and network connectivity is prevented after the user is logged on.

The Network and Sharing Center appears when a user is logged on with cached credentials. Notice the warning icon between the computer and the network.

Users cannot access any domain resources when authenticated with cached credentials. If a user tries to access a network share, print to a network printer, or use any other network resources that require valid credentials, the attempt will fail with cached credentials.

The reasoning is that the user has not been authenticated by Active Directory, and it's possible the account has been disabled or deleted. Until the account can be authenticated with Active Directory for this session, access is not granted.

When Windows 7 is logged on with cached credentials, it will periodically try to connect to the domain controller and authenticate normally. If the domain controller comes back online or the network is repaired so that the domain controller can be reached, the user's credentials will be authenticated and the user will have access to network resources as normal.

[Previous] [Contents] [Next]

In this tutorial:

  1. Managing Windows 7 in a Domain
  2. The Domain
  3. What is Wrong with Workgroups
  4. The Domain Concept
  5. Active Directory
  6. Domain Security
  7. Joining a Domain
  8. Windows 7 Offline Domain Join
  9. Browsing the Domain
  10. Searching the Domain
  11. Custom Searches
  12. Assigning Permissions to Domain Members
  13. The Double-Thick Security Trick
  14. Creating a Test Bed
  15. Creating a Domain
  16. Installing Windows Server 2008 on vPC
  17. Configuring a Windows Server 2008 Server
  18. Promoting a Server to a Domain Controller
  19. Joining Windows 7 to a Domain
  20. Authentication vs Authorization
  21. Authentication
  22. Authorization
  23. Built-in Groups
  24. Organizing Users with Groups
  25. Group Scope and Group Type
  26. Creating Users and Groups in a Domain
  27. Using HomeGroup with a Domain-Based Computer
  28. Identifying and Resolving Logon Issues
  29. Hardware vs. Network
  30. Using Cached Credentials
  31. Password Expiration
  32. Determining Logon Context
  33. Logon Hours Compliance
  34. Restricting Computer Access
  35. Time Synchronization
  36. Understanding User Profiles
  37. Standard Profiles
  38. Roaming Profiles
  39. Implementing Roaming Profiles
  40. Mandatory Profiles
  41. Super-Mandatory User Profiles
  42. Modifying the Default User Profile
  43. Configuring Settings with Scripts
  44. Anti-Malware Software
  45. Microsoft Windows 7 Defender
  46. Third-Party Anti-malware Software