4
4
4udik2012-10-19 13:19:22
Microsoft
4udik, 2012-10-19 13:19:22

Sign in to a computer with a locally saved domain account

There is a CD on win server 2008 r2, there are clients on win 7. When a user enters a domain, his profile with a desktop and other things is loaded on the computer. Group policies are configured to delete local profiles after a day of inactivity, so there are no local users on computers.
Due to temporary network instability, it became necessary to allow domain users to log on to their computers when the network is down. Now I remove the deletion of profiles in group policies and allow login from local accounts, respectively, if the user has ever logged into the computer under the account, it is saved and gives him the opportunity to log into the system without a network (of course he will have a black desktop and all its files absent).
Actually the question is: what will happen to the data when you reconnect to the domain - is something overwritten? updated? ignored local profile? And is it possible to set it up somewhere.
And secondly, are there better options for emergency user login to a computer than this?

Answer the question

In order to leave comments, you need to log in

3 answer(s)
V
Vladimir Dubrovin, 2012-10-20
@z3apa3a

ChiefPilot, here is a description of the parameter: technet.microsoft.com/en-us/library/cc755473 (v=ws.10).aspx
foxmuldercp, Windows always creates a local user profile and uses it. If the user has a network (roaming) profile configured, the local profile is synchronized with it when the user logs in, in the opposite direction, synchronization occurs when the user logs out. Only certain special folders (Desktop, My Documents, etc.) can be used directly over the network.

V
Valery Eremeev, 2012-10-19
@ChiefPilot

The data should not be overwritten (since the deletion is removed). Another thing is that under local accounts you can log in as many times as you like, but under domain accounts only a certain limited number of times (it is configured in the policy, but it seems that there is no way to remove it altogether). After reaching this limited number of logons, the next time you can log in, you must still establish a connection between the PC and the domain controller. In general, if communication with a domain controller often appears (and this number is often reset to zero during a “normal” entry (in the presence of a connection), then you can live.

V
Vladimir Dubrovin, 2012-10-19
@z3apa3a

Synchronization of the local profile with the network one occurs when the user logs out. When a user logs in, if the local profile is fresher than the network one (that is, it was not synchronized upon exit), the local one is used, i.e. profile data will not be lost. If the network profile is fresher than the local one, the network profile is used. There can be problems if one user works from several computers, it is better to limit user accounts to logging on to one computer.
PS there is no need to set the policy parameter to 50. This is the number of different accounts for which the password is cached locally. If 1 user works at the computer, it is enough to put 1-2. Betting more is considered unsafe, because. password information will be remembered, such as administrators who logged on to this computer.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question