Trying to understand Fas Logon Optimization

I'm not really sure how this works.

Description of the Windows XP Professional Fast Logon Optimization feature

As a result, Windows XP does not wait for the network to be fully initialized at startup and logon. Existing users are logged on using cached credentials.

This term keeps coming up, 'cached credentials.' Not sure what this means from an XP point of view.

Does this get applied during the start up script or the login script?

Also it talks about the 'network to be fully initialized.' Not sure what this means either...

thanks

Find more posts tagged with

Comments

undomiel

Cached credentials are basically that the user has logged into that machine before and the machine has stuck the password info into its cache. This means that the next time the user tries to log in and a domain controller is not available, such as when the network has not been fully initialized or is completely down, then the logon can be facilitated by the cached password info.

The network not being fully initialized is referring to the entire network stack. The system has to bring up the network driver, bring up TCP/IP, get itself an IP address, locate a domain controller, and more. Check your system event log sometime after a reboot and you'll find entries referring to the network being initialized. This is important to remember when taking cached logons and group policy processing into consideration.

For a bit of reading: Cached credentials security in Windows Server 2003, in Windows XP, and in Windows 2000

Hyper-Me

udomiel is very right.

This is an important thing to consider when configuring the policy "Wait for network before allowing logon"

Essentially barring anyone from logging on cached, and forcing users to be authenticated everytime.