Guy Recommends

A solution to monitor, manage and archive thousands of events that are generated by devices across the entire network. 
Download FREE trial

---

---

Guy's Top 10 Free Tools

1) FreePing
2) Network Monitor
3) Xobni
4) PuTTY (UNIX)
5) IP SLA Monitor
6) BgInfo
7) Net-SNMP
8) CatTools 
9) Exchange Monitor
10) WinDiff

Vista Registry - CachedLogonsCount

Vista Registry - CachedLogonsCount

A security hack may be a contradiction in terms!  However, I once had a client who wanted to improve their laptop security, for them, minimizing cached logons was the answer.  Another user with a different laptop wanted to increase their cached logons to 50; in both cases tweaking the registry was the only solution.

The default number of cached logons for a client such as Vista or XP is 10 (increased to 25 in Windows 7).  With a registry edit of CachedLogonsCount, we can reduce this to value zero.  My client had laptops which operated on an Active Directory domain, and they did not want users (or hackers) to logon unless the laptop could authenticate with a domain controller.  Since there is no GUI to reset the cached logons, this is a job for a registry tweak.

Topics for CachedLogonsCount

• First Objective to get to the Winlogon registry folder
• Second Objective to set the CachedLogonsCount value = 0
• Key Learning Points

 ♦

First Objective to reach the Winlogon registry folder

I have divided our task into two parts.  Our first task is to find the correct part of the registry; our second task is to edit the actual registry value.

Method 1) Flashy  Launch Regedit.  Click on the Edit menu and then select 'Find'.  Now type Winlogon in the 'Find what:' dialog box.  Put a tick in only the 'Keys' box, see screenshot to the right.  The purpose of this technique is to navigate to the folder containing CachedLogonsCount as quickly as possible.

Note: If you don't tick 'Match whole string only', you may have to press F3 two or three times until you see the following path at the very bottom of the regedit screen:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\winlogon

Method 2) Safe and sure  If Method 1 fails, then here is an alternative method, launch regedit and manually drill down to:
HKLM**\Software\Microsoft\Windows NT\CurrentVersion\winlogon.

Second Objective to set the CachedLogonsCount value = 0

The default value for the cached logons count is 10 (maybe increased to 25).  Our job is to edit this REG_SZ value from 10 to zero.  Before you go any further, check the path; there are at least four instances of 'Winlogon' in the registry.

Let us assume that you have reached: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\winlogon.  The next task is to double-click CachedLogonsCount.  If this setting is not present, no worries, just right-click in the right hand pane, and create a new REG_SZ called CachedLogonsCount.

For increased security, double-click and change the value for CachedLogonsCount to 0 (zero).  Alternatively, to give a laptop the maximum cached logons when it is away from its domain controller, set the value = 50 (maximum number)

CachedLogonsCount

Key Learning Points

• Were you able to master: Find - 'Keys'?
• Do you find the CachedLogonsCount value in HKCU** or HKLM?
  Answer: HKLM
• Do you have to add a value, or modify an existing setting? 
  Answer: Modify changing 10 --> 0.  (or 10 --> 50)
• Is it a String Value or a DWORD?
  Answer: REG_SZ (String value).
• Do you need to Restart, or merely Logoff / Logon?
  Answer: Restart
• This example merely edits an existing value.
• Tip: F3 speeds up searching when using 'Find'.

** HKLM is an abbreviation of HKEY_LOCAL_MACHINE, and HKCU is shorthand for HKEY_CURRENT_USER.  These acronyms are so well known that you can even use them in .reg files, Vista will understand and obey the registry instruction.

Best Practice for Editing the Vista Registry

• Before you make any changes to the registry settings, get into the habit of exporting at the branch of the registry that you are working with.
• Backup the system state before you try anything radical in the registry.
• Check out the .sav files in the \system32\config folder.
• Research Volume Shadow Copy, and test how it restores a previous version of your registry files.
• If your computer has a serious problem, which requires pressing F8 at boot-up, remember to try Last Known Good as your first recovery option.
• Seek alternative methods; think laterally.  Instead of risking making changes with your registry editor, what else could you do?  I urge you to consider configuring a Group Policy rather than tweaking the registry.  Occasionally Vista may provide a new GUI to configure a setting, for example, instead of launching regedit and changing the value for AutoAdminLogon, you could launch the Control Panel --> Users and un-tick the setting called, 'Users must enter a user name and password.'
• Learn how to perform a remote registry edit with: Connect Network Registry.
• As you work through my registry examples, make a point of studying each page's 'Key Learning Points'.

Guy Recommends: SolarWinds Engineer's Toolset v10

The Engineer's Toolset v10 provides a comprehensive console of utilities for troubleshooting computer problems.  Guy says it helps me monitor what's occurring on the network, and the tools teaches me more about how the system literally operates.

There are so many good gadgets, it's like having free rein of a sweetshop. Thankfully the utilities are displayed logically: monitoring, discovery, diagnostic, and Cisco tools.  Download your copy of the Engineer's Toolset v 10

Windows Vista Registry Tweaks:

 *