Personally, I've never given any thought to changing the default on this policy. Do your security people have a good reason for wanting to change it?
It might be a good issue to pose to the experts at the Technical Chat next Tuesday: Account Passwords and Policies in Windows Server 2003 http://www.microsoft.com/technet/treeview/default.asp?url=/technet/itcommunity/chats/default.asp Tony ---------- Original Message ---------------------------------- From: Roger Seielstad <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] Date: Fri, 22 Aug 2003 08:03:43 -0400 So let me get this straight - your 'security' people are asking you to make your systems less secure? I would think increasing the number of cached logins decreases the security of the system. IIRC, cached logins are reset basically whenever the system comes 'online' - in other words has access to a DC. Therefore, the more you cache the longer you're allowing the sytem to live autonomously, without getting policy updates, etc. Roger -------------------------------------------------------------- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. -----Original Message----- From: De Schepper Marc [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 7:41 AM To: [EMAIL PROTECTED] Subject: [ActiveDir] Number of Interactive Logons Hey all, I would like to have some feedback of the following Policy setting: Interactive logon: Number of previous logons to cache (in case domain controller is not available) The default is 10, but our Security people would like to put it on 50. Does anyone have some arguments not to use 50? Marc ************************************************************* Dit e-mail bericht inclusief eventuele ingesloten bestanden kan informatie bevatten die vertrouwelijk is en/of beschermd door intellectuele eigendomsrechten. Dit bericht is uitsluitend bestemd voor de geadresseerde(n). Elk gebruik van de informatie vervat in dit bericht (waaronder de volledige of gedeeltelijke reproductie of verspreiding onder elke vorm) door andere personen dan de geadresseerde(n) is verboden. Indien u dit bericht per vergissing heeft ontvangen, gelieve de afzender hiervan te verwittigen en dit bericht te verwijderen. This e-mail and any attachment thereto may contain information which is confidential and/or protected by intellectual property rights and are intended for the sole use of the addressees. Any use of the information contained herein (including but not limited to total or partial reproduction or distribution in any form) by other persons than the addressees is prohibited. If you have received this e-mail in error, please notify the sender and delete its contents. ************************************************************* List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
