1

The goal is to have over 100 users be able to log into an offline machine using their cached domain credentials.

Is there any way to override the limit? Do I have any other options for storing credentials?

OS: The machine in question is running Windows 7 on our Windows Active Directory.

HopelessN00b
  • 53,795
  • 33
  • 135
  • 209
user260569
  • 11
  • 2
  • 1
    [There's no *supported* way, so I have to strongly recommend against trying](http://support.microsoft.com/KB/172931). – HopelessN00b Dec 19 '14 at 16:37
  • @HopelessN00b are there any alternatives to using the cache? I wouldn't mind having to manually input it somewhere to store credentials for offline logins. – user260569 Dec 19 '14 at 16:40
  • Make a local user on it ? Make them use owa or such if they happen to have a internet access later on. You will have to think on what they work and how to save that mostly (usb disk, etc..) – yagmoth555 Dec 19 '14 at 17:19

1 Answers1

0

The number of cached logons is enforced by the default authentication package MSV1_0 (MSV1_0.DLL) which uses aforementioned registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\Current Version\Winlogon\CachedLogonsCount.

Is there any way to override the limit?

  • Patch MSV1_0.DLL.

    While this could be done, it requires assembly knowledge and forbidden by license terms.

Do I have any other options for storing credentials?

  • Use custom authentication package, such as pGina:

    pGina is a pluggable Open Source Credential Provider (and GINA) replacement. Plugins are written in managed code and allow for user authentication, session management and login time actions.

    You can combine LDAP Plugin with Single User Plugin to allow users to login locally if LDAP is not available. While this is not exactly what you've asked for, this is as close as you could get in my opinion.

beatcracker
  • 1,359
  • 8
  • 13