Default password aging for machine accounts is 30 days in AD and 7 days in NT4 domains..
Now - it will support current and previous, I believe, so techically you can get 60 days out of it, IIRC. -------------------------------------------------------------- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. > -----Original Message----- > From: Depp, Dennis M. [mailto:[EMAIL PROTECTED] > Sent: Thursday, May 06, 2004 6:54 AM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] Cached Domain Credential logon > expiry for Win2k/XP > > There is not a time limit for cached credentials, but if the machine > does not change its password it will not be able to talk to the domain > when it returns. The default time for this is 90 days. > > Denny > > > ________________________________ > > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of joe > Sent: Wednesday, May 05, 2004 12:01 PM > To: [EMAIL PROTECTED] > Subject: RE: [ActiveDir] Cached Domain Credential logon expiry > for Win2k/XP > > > Our cached logon expert is Rick, he should be along shortly with > info... :o) > > I do not believe that there is an expiration. However a simple > test would be to take a test domain and set the password > policy to 1 or > 2 days and then join a laptop and see what happens if you don't log on > to the domain for 3 or 5 days or whatever. > > joe > > ________________________________ > > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of > [EMAIL PROTECTED] > Sent: Wednesday, May 05, 2004 11:47 AM > To: [EMAIL PROTECTED] > Subject: [ActiveDir] Cached Domain Credential logon expiry for > Win2k/XP > > > > Does anyone know how long cached credentials for domain logons > are valid on Win2K/XP machines? Is there even an expiry date? A > concern was raised by our desktop OS group that cached credentials for > domain logons may expire for laptop users who spend considerable time > away from the office, leaving them unable to access the > workstation. In > My life as a road warrior, I never had this happen to me, but I was > never way from a network connection (VPN or otherwise) for more than 2 > weeks. > > I have been searching for a definitive answer in terms of a KB > article or some other "authoritative source" ( I guess my trust me > response was not authoritative enough), but have been unable to find > one. > > > > David Frost > Directory Engineering, > Messaging, Directories and PKI Engineering Services > Industry Canada > > > List info : http://www.activedir.org/mail_list.htm > List FAQ : http://www.activedir.org/list_faq.htm > List archive: > http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
