A security hack may be a contradiction in terms! However, I once had a client who wanted to improve their laptop security, for them, minimizing cached logons was the answer. Another user with a
different laptop wanted to increase their cached logons to 50; in both cases tweaking the registry was the only solution.
The default number of cached logons for a
client such as Vista or XP is 10 (increased to 25 in Windows 7). With a registry edit of CachedLogonsCount, we can reduce this to value zero. My client had laptops which operated on an Active Directory domain, and they did not want users (or hackers) to logon unless the laptop could authenticate with a domain
controller. Since there is no GUI to reset the cached logons, this is a job for a registry tweak.
I have divided our task into two parts. Our first task is to
find the
correct part of the registry; our second task is to edit the actual registry value.
Method 1) Flashy Launch Regedit. Click on the Edit menu and then select 'Find'. Now type Winlogon in the 'Find what:' dialog box. Put a tick in only the 'Keys' box, see screenshot to
the right. The purpose of
this technique is to navigate to the folder
containing CachedLogonsCount as quickly as possible.
Note: If you don't tick 'Match whole string only', you may have to press F3 two or three times until you see the following path at the very bottom of the regedit screen: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\winlogon
Method 2)Safe and sure If Method 1 fails, then here is an alternative method, launch regedit and manually drill down to: HKLM**\Software\Microsoft\Windows NT\CurrentVersion\winlogon.
The default value for the cached logons count is 10 (maybe increased to 25). Our job is to edit this REG_SZ value from 10 to zero. Before you go any further, check the path; there are at least four instances of
'Winlogon' in the registry.
Let us assume that you have reached: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\winlogon.
The next task is to double-click CachedLogonsCount. If this setting is not present, no worries, just right-click in the right hand pane, and create a new REG_SZ called CachedLogonsCount.
For
increased security, double-click and change the value for CachedLogonsCount to 0 (zero). Alternatively, to give a laptop the maximum cached logons when it is away from its domain controller, set the value = 50 (maximum number)
CachedLogonsCount
Guy
Recommends: The Free Config Generator
SolarWinds' Config Generator is a free tool, which puts you in charge of
controlling changes to network routers and other SNMP devices.
Boost your network performance by activating network device features
you've already paid for.
Guy says that for newbies the biggest benefit of this free tool is that
it will provide the impetus for you to learn more about configuring the SNMP
service with its 'Traps' and 'Communities'. Try Config Generator now - it's
free!
Do you find the CachedLogonsCount value in HKCU** or
HKLM? Answer: HKLM
Do you have to add a value, or modify an existing setting? Answer: Modify changing 10 --> 0. (or 10 --> 50)
Is it a String Value or a DWORD? Answer: REG_SZ (String value).
Do you need to Restart, or merely
Logoff / Logon? Answer: Restart
This example merely edits an existing value.
Tip: F3 speeds up searching when using 'Find'.
** HKLM is an abbreviation of HKEY_LOCAL_MACHINE, and HKCU is shorthand for
HKEY_CURRENT_USER. These acronyms are so well-known that you can even use them in .reg files, Vista will understand and obey the registry instruction.
Guy Recommends: A Free Trial of the Network Performance Monitor
(NPM)
SolarWinds'
Orion performance monitor
will help you discover what's happening on your network. This
utility will also guide you through troubleshooting; the dashboard will
indicate whether the root cause is a broken link, faulty equipment or
resource overload.
What I like best is the way NPM suggests solutions to network
problems. Its
also has the ability to monitor the health of individual VMware
virtual machines. If you are interested in troubleshooting, and creating
network maps, then I recommend that you try NPM now.
Before you make any changes to the registry settings, get into the habit of exporting at
the branch of the registry that you are working with.
Backup the system state before you try anything radical in the registry.
Check out the .sav files in the \system32\config folder.
Research Volume Shadow Copy, and test how it restores a previous version of your registry files.
If your computer has a serious problem, which requires pressing F8 at boot-up, remember to try Last Known Good as your first recovery option.
Seek alternative methods; think laterally. Instead of risking making changes with your registry editor, what else could you do? I urge you to consider configuring a Group Policy rather than
tweaking the registry. Occasionally
Vista may provide a new GUI to configure a setting, for
example, instead of launching regedit and changing the value for AutoAdminLogon, you could launch the Control Panel --> Users and un-tick the setting called, 'Users must enter a user name and password.'
Learn how to perform a remote registry edit with: Connect
Network Registry.
As you work through my registry examples, make a point of studying each page's 'Key Learning Points'.
If you like this page then please share it with your friends
Guy Recommends:
SolarWinds' NPM - Network Performance Monitor
SolarWinds' performance monitor is designed for detecting network outages,
making it easy to see what's working, and what needs your attention.
This utility guides you through creating network maps; it also helps
identifying whether the
root cause is faulty equipment, or resource overload. Give NPM a try.
