User can logon domain pc with locked account

Posted on

User can logon domain pc with locked account – Managing your servers can streamline the performance of your team by allowing them to complete complex tasks faster. Plus, it can enable them to detect problems early on before they get out of hand and compromise your business. As a result, the risk of experiencing operational setbacks is drastically lower.

But the only way to make the most of your server management is to perform it correctly. And to help you do so, this article will share nine tips on improving your server management and fix some problem about windows, domain, active-directory, , .

Windows 2008r2 domain. windows 7 client.
After locking user domain account, user can login domain pc with locked account once, at the same time user have no access to netwrok shares, only local files.
I expected that after locking domain account user cann`t login domain pc

Solution :

This is due to the client computer caching the user’s credentials. With this setting enabled, the client computer stores X number of logons locally, and when the user tries to logon again, client computer checks the password against a locally-stored hash, rather than contacting a domain controller.

If you want to disable local credential caching, you can (and it’s even advised as a best practice by Microsoft), but you better be sure you know the local Administrator credentials, and be aware of the implications of not caching credentials – particularly, users won’t be able to logon to their computers unless they’re already connected to a network where they can access a domain controller. So, for example, if you have remote or traveling employees who need to access the corporate network with a VPN client, you might want to leave credential caching in place for those users’ machines.

Leave a Reply

Your email address will not be published.