Cached Logons

  • Thread starter Thread starter Kevin
  • Start date Start date
K

Kevin

I'm surfing TechNet and I'm trying to find out how to
determine if a user has logged on using cached resources.

Using cached resources a user won't run the logon script -
we want to catch these users.

Not having much luck - can anyone point me in the right
direction?

Kevin
 
You will need to enable auditing of logon events on their computers either via Local
Security policy or at the domain/OU level. A logon with cached credentials will show
as Event ID 528 and logon type 11 in the security log of Event Viewer on the computer
that cached credentials was used to logon . You can disable logging on all together
via cached credentials if you want using security options in security policy by
setting number log logons to cache to zero. --- Steve

http://support.microsoft.com/default.aspx?scid=KB;en-us;q248260
http://www.microsoft.com/technet/tr...l/windowsserver2003/proddocs/standard/518.asp
http://tinyurl.com/p4ve -- Same link as above, but shorter.
 
Back
Top