Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Autologin Domain User on DC while disconnected from Domain

Status
Not open for further replies.
gwdrsmith

gwdrsmith

MIS
Jul 15, 2008
8
US
I’m looking for a way to have a domain user, autologin to a domain controller in a remote site while the WAN link is down. The server runs 2 applications that cannot be setup as a service, but must be running at all times. I do not want the domain Admin doing autologin. I have several servers that have this requirement, with POS machines at those locations that must also be able to login during a WAN outage. The servers are DCs with a copy of the Global Catalog. Does anyone know of a method of accomplishing this? Is this a KDC issue? Can I create several KDC slaves?

Thanks.
 
Sort by date Sort by votes
how funny, i was just reading something that might be what you're looking for.

Here's a link:

You can also google Universal Group Membership Caching for more information.

If the user successfully logs in at this remote site while the WAN link is up it will cache the user credentials on his laptop/workstation. It caches for 8 days so if the link is down with no GC available to authenticate the cache authentication will allow the user to login for at least 8 days.

Hope this helps you out.

ceez
 
Upvote 0 Downvote
I just re-read your post and understand that this user is login onto a domain controller and not a laptop/workstation.

Dont know if the Universal Caching would serve the same purpose when it comes to servers.

Good luck
 
Upvote 0 Downvote
Your 2nd read is correct. The user must be able to login to the DC with the WAN link down. It doews not cache the credentials by default. I have been unable to find a configuration setting that will allow this to happen.

Any other ideas?
 
Upvote 0 Downvote
in the domain controllers group policy, u can add the user in comp config/windows settings/security settings/local policies/user rights assignments - add the user account to log on locally. That way the GP will be on the DC when the WAN link goes down. As far as auto-logon after that, I am sure a reg hack could handle it....maybe

I may or may not have fully understood the question..:)
 
Upvote 0 Downvote
The user is already a member of a group that has been added to the default domain controllers GPO to allow log on locally. If anyone knows of a registry setting to allow this, I would appreciate the information. Currently the user can will auto login as long as the domain controller is able to communicate with the PDC emulator. If the WAN link is down and the server restarts, it will not allow the user to login. With the WAN link down, only the Administrator is able to login.
 
Upvote 0 Downvote
I found the information. For a user other than the Domain Administrator to autologon interactively on a remote Domain Controller with the WAN down, you have to add the following key to the registry.

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon.

From the Edit menu, select New, String value.

Enter a name of AutoLogonCount, and press Enter.

Double-click the new value, and enter the number of times you want autologon to occur.

 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

goombawaho
  • Locked
  • Question
Domain join from wifi connected laptop
Replies
4
Views
1K
goombawaho
goombawaho
MattM1975
  • Locked
  • Question
Domain Admin Logon 1
Replies
2
Views
369
ADB100
ADB100
DrB0b
  • Locked
  • Question
Windows 2016 IIS FTP server with a ton of user accounts
Replies
4
Views
809
DrB0b
DrB0b
fredmartinmaine
  • Locked
  • Question
Domain Controller without DNS Server
Replies
4
Views
841
fredmartinmaine
fredmartinmaine
andyferris
  • Locked
  • Question
DC Event logs auditing cannot be set by GPO
Replies
1
Views
339
RRankin355
RRankin355

Part and Inventory Search

Sponsor

Back
Top