How does Windows authenticate domain users without a network connection?
Solution 1:
- Windows will cache your account information locally once you login to the machine once.
- If the next time you try to login the DC can't be reached it will use the cached settings. This might be useful for laptops which might be needed to work off the network.
- About the security issues, when you logon to Windows by using cached logon information, if the domain controller is unavailable to validate your account, you cannot access network resources that require domain validation. However, you can access network resources that do not require domain validation.
- (for server 2k8) There is a GPO to control logon caching- Interactive logon: Number of previous logons to cache (in case domain controller is not available). You can find it under [Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options]
4.