Tip

Domain cached logons: no warning or notification

This tip was submitted to the SearchWin2000.com tip exchange by member Tim Fenner. Please let other users know how useful it is by rating it below.


When using Windows NT 4.0, if a domain controller could not be contacted at the time your system was logging on, you were given the warning: "A domain controller for your domain could not be contacted. You have been logged on using cached account information. Changes to your profile since you last logged on may not be available."

If you had previously logged onto that system with a domain account, Windows NT would log you on the system using that domain account's locally stored profile, or cached credentials, to allow you access to the system. This is important to know because most network resources require you to be authenticated with a domain controller in order to access them. And if you are logged on using cached credentials, then you will be denied access to them. This warning has been disabled by default in Windows 2000 but can be re-enabled by performing the following:

  1. Start the registry editor (Regedit.exe).
  2. Move to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon.
  3. From the Edit menu select New - String Value.
  4. Enter a name of ReportControllerMissing and press Enter.
  5. Double click the new value and set to TRUE (must be uppercase). Click OK.

Now for each user who you wish to have controller missing message displayed perform the following:

  1. Start

    Requires Free Membership to View

  1. the registry editor (Regedit.exe).
  2. Move to HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon.
  3. From the Edit menu, select New - DWORD Value.
  4. Enter a name of ReportDC and press Enter.
  5. Double click the new value and set to 1. Click OK.

You may want to automate this via a logon script or via a policy template. This warning was probably removed by default since most users would not understand the warning and they would just ignored it, so be selective about re-enabling.

If you find yourself seemingly logged onto the domain, yet cannot access network resources then you may be logged on using cached credentials. To verify this, open a command prompt and type: set. The output displays something similar to the text below.

After typing the SET command at a command prompt, find LOGONSERVER in the output that the SET command displayed. If LOGONSERVER is set to the name of your computer, you have been logged on using cached credentials. If LOGONSERVER is set to the name of a domain controller, you have been logged on to the domain:

C:\WINNT\SYSTEM32>set

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\(username)\Application Data
AVENGINE=C:\PROGRA~1\COMPUT~1\SCANEN~1
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=(pc-name)
ComSpec=C:\WINNT\system32\cmd.exe
HOMEDRIVE=H:
HOMEPATH=\
HOMESHARE=\\Server1\Share1
INOCULAN=C:\Inoculan
Isuser=C:\DOCUME~1\(username)\LOCALS~1\Temp\{0F86FD09}\isuser.dll
LOGONSERVER=\\(domain controller or local pc)   
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Os2LibPath=C:\WINNT\system32\os2\dll;
Path=C:\WINNT\system32;C:\WINNT;C:\WINNT\System32\Wbem;C:\DMI\bin;
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 6 Model 8 Stepping 6, GenuineIntel
PROCESSOR_LEVEL=6
PROCESSOR_REVISION=0806
ProgramFiles=C:\Program Files
PROMPT=$P$G
SystemDrive=C:
SystemRoot=C:\WINNT
TEMP=C:\DOCUME~1\(username)\LOCALS~1\Temp
TMP=C:\DOCUME~1\(username)\LOCALS~1\Temp
USERDNSDOMAIN=Domain.COM
USERDOMAIN=Domain
USERNAME=(username)
USERPROFILE=C:\Documents and Settings\(username)
WIN32DMIPATH=C:\DMI\
windir=C:\WINNT

This was first published in July 2003

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.