Expire Cached Domain Logon Credentials

Imran 20 Reputation points


How can I can set a timer for cached domain logon credentials on a end users machine, here is the scenario.

I'm going to deactivate a user tonight and they have their machine at a remote location and the user will not be returning the machine until next week, I do not want the user to have access to this machine anymore from tonight, how do i ensure that the user is not able to logon to the machine.

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,600 questions
0 comments No comments
{count} votes

Accepted answer
  1. Ian Xue (Shanghai Wicresoft Co., Ltd.) 34,191 Reputation points Microsoft Vendor

    Hi Imran,

    Thanks for your post. Generally speaking, regarding the machine account password policy, this is refreshed periodically when the computer connects to the domain controller. If this password was not changed for over 30 days (default value), domain accounts - even with cached credentials - won't be able to login. You can change the maximum password age e.g. via GPO: Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options. The user-defined number of days between 0 and 999.

    Reference: Domain member: Maximum machine account password age | Microsoft Learn

    Best Regards,

    Ian Xue

    If the Answer is helpful, please click "Accept Answer" and upvote it.

    1 person found this answer helpful.
    0 comments No comments

0 additional answers

Sort by: Most helpful