When clients take laptops outside the network....question?

Robbo777Robbo777 Posts: 331Member ■■■□□□□□□□
Hi, i'm curious as to what happens when for example, a client in a company takes their domain laptop outside the network range? How does that user log back on or access files from the network without VPN into the network?
Are their logon details cached on that machine and do offline files come into it when they're off the network and not signing into a domain controller?

Thanks

Comments

  • AndersonSmithAndersonSmith Posts: 471Member ■■■□□□□□□□
    Yes, exactly. The laptop will cache the domain credentials for a period of time which will allow you the ability to logon locally and then connect to a VPN if desired. Offline files will work as long as the files were synchronized before being disconnected from the network. So for example if you had a folder on a server called Sales and you had that folder set to be available offline and you had a Group Policy that set offline files to synchronize at logoff then they would be available to you the next time you boot up your laptop even if it's not connected to the domain. The next time you connect to the domain, whether by actually connecting in the office or through VPN, if any changes were made to any of those files then they would be synchronized back to the server. The thing you have to be careful about is when you have a Password Policy that sets your password to expire in X number of days and your password expires before you logon to the domain again. Another problem that could come about is if you change your password on a different computer while your laptop is disconnected from the domain because it will have cached the old password and the domain will have the new one. It's not as bad as it used to be but it still does cause some issues sometimes.
    All the best,
    Anderson

    "Everything that has a beginning has an end"
  • AndersonSmithAndersonSmith Posts: 471Member ■■■□□□□□□□
    Also, I should mention that I'm pretty sure some of this can be tweaked in Group Policy and/or Local Security Policy to restrict the caching of local credentials. I'm not 100% on that but I think I remember reading that somewhere.
    All the best,
    Anderson

    "Everything that has a beginning has an end"
  • 4_lom4_lom Posts: 485Member
    AndersonSmith is correct. The credentials are cached on the local machine. This can be controlled with Group Policy. This presents a bad scenario. If a user forgets their password and they are away from the network, resetting their password in Active Directory will not help them. Their computer is not connected to the corporate network, and therefore they are not actually logging into the domain. They are using cached credentials. This is where DirectAccess can prove as a major benefit to an IT dept.

    Here is a good article on how to control credential caching with Group Policy:

    Domain Credential Caching | Windows content from Windows IT Pro
    Goals for 2018: MCSA: Cloud Platform, AWS Solutions Architect, MCSA : Server 2016, MCSE: Messaging

  • Robbo777Robbo777 Posts: 331Member ■■■□□□□□□□
    Cheers everyone
Sign In or Register to comment.