Interactive logon: Number of previous logons to cache (in case domain controller is not available)-via Intune

Yogender Singh Negi 40 Reputation points
2023-03-10T10:53:28.0666667+00:00

The "Interactive logon: Number of previous logons to cache (in case domain controller is not available)" setting which is available in GPO GPO_name\Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options

How can we do this via Intune.

reference: https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj852209(v=ws.11)

Microsoft Intune
Microsoft Intune
A Microsoft cloud-based management solution that offers mobile device management, mobile application management, and PC management capabilities.
4,571 questions
0 comments No comments
{count} votes

Accepted answer
  1. Crystal-MSFT 44,851 Reputation points Microsoft Vendor
    2023-03-13T01:46:44.23+00:00

    @Yogender Singh Negi, Thanks for posting in Q&A.

    For the policy setting "Interactive logon: Number of previous logons to cache (in case domain controller is not available)", based on my check on group policy analytics, I find the setting don't apply to cloud-based policy management or don't apply to cloud native endpoints.

    User's image

    https://learn.microsoft.com/en-us/mem/intune/configuration/group-policy-analytics-migrate

    You can check if the following registry key can help.

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\

    Value name: CachedLogonsCount

    https://learn.microsoft.com/en-us/troubleshoot/windows-server/user-profiles-and-logon/cached-domain-logon-information

    If yes, you can write a PowerShell script to change this registry key. Here are some examples for the reference:

    https://stackoverflow.com/questions/70578709/powershell-a-registry-key-via-intune

    https://kwetiaw-goreng.github.io/Push-Registry-Value-Using-PowerShell-And-Intune/

    Note: Non-microsoft link, just for the reference.

    Hope it can help.


    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    2 people found this answer helpful.

1 additional answer

Sort by: Most helpful
  1. Hafedh Guiga 35 Reputation points
    2023-03-12T12:35:35.33+00:00

    Hello,

    This is how i"ll proceed,

    From your onprem, export the GPO containing these settings

    then from Intune/ Group Policy analytics, import the exported GPO and you'll see if the settings related to "Inetractive logon" are not supported, then, you can create a PS Script to push these settings.

    you can then create a win32 app and put this script as installation action.

    A lot of settings are not supported but my advice is to check if you really need these settings or not during the migration process (It's a way to review/clean).

    Regards,

    0 comments No comments