Is it possible to preload a user profile from a domain on a workstation that will be disconnected from the DC?

Solution 1:

This is not possible using any supported methods. However:

• you can provision the profile, it's just a directory, and a registry key structure under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList. Both are easily copied from a machine they've already logged into. You can also use the Default user profile directory if you don't have one already. Be sure to check permissions on the directory when you're done copying.

• Their password is a hash stored in a registry entry in HKEY_LOCAL_MACHINE\SECURITY\Cache. This can again by copied from a machine they've logged into already. You'll need the psexec utility from the SysInternals suite; run psexec -i -s -d regedit or you wont be able to access the SECURITY hive of the registry.

  Also, there may be multiple keys cached in that directory. I'd generically suggest either pulling the hash from a machine where the user is the only person to log-on, or a limited set of users; or using a cracking program to identify which hash belongs to the user in question. I wont provide any more detail on the latter method, as it should be easy to find information on the Internet.

Solution 2:

so that they can log into them without needing to be connected to the domain controller.

Typically, you'd configure a VPN on the notebook that runs as a service, so that the remote laptop establishes a VPN connection before the user logs in, so that when they type their credentials in, they are able to authenticate.

Solution 3:

this is not possible using any microsoft supported methods.

Solution 4:

you could manually use the "run as another use" feature while the laptop is connected to the domain.

This will cache the user credentials on the laptop allowing logon without access to a domain controller.

right click on a shortcut (e.g. calculator) select logon as different user supply credentials.

et voila!