Windows 7 Registry – CachedLogonsCount
A security hack sounds like an oxymoron. However, I once had a client who wanted to improve their laptop security, for them, minimizing cached logons was the answer.
The default number of cached logons for a client such as Windows 7 is 50 (10 in Vista). With a quick registry edit of CachedLogonsCount, we can reduce this to value zero. My client had laptops which operated on an Active Directory domain, and they did not want users (or hackers) to logon unless the laptop could authenticate with a domain controller. Since there is no GUI to reset the cached logons, this is a job for a registry tweak.
Topics for Windows 7 CachedLogonsCount
- First Objective to Reach the Winlogon Registry Folder
- Second Objective to set the CachedLogonsCount value = 0
- Key Learning Points
- See CachedLogonsCount in Vista
- Windows 8 Registry Hacks
♦
First Objective to Reach the Winlogon Registry Folder
I have divided our task into two parts. Our first task is to find the correct part of the registry; our second task is to edit the actual registry value.
Method 1) Flashy. Launch Regedit, click on the Edit menu and then select ‘Find’. Now type Winlogon in the ‘Find what:’ dialog box. Put a tick in only the ‘Keys’ box, see screenshot to the right. The purpose of this technique is to navigate to the folder containing CachedLogonsCount as quickly as possible.
Note: If you don’t tick ‘Match whole string only’, you may have to press F3 two or three times until you see the following path at the very bottom of the regedit screen:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\winlogon
Method 2) Safe and sure. If Method 1 fails, then here is an alternative method, launch regedit and manually drill down to:
HKLM**\Software\Microsoft\Windows NT\CurrentVersion\winlogon.
** HKLM is an abbreviation of HKEY_LOCAL_MACHINE, and HKCU is shorthand for HKEY_CURRENT_USER. These acronyms are so well-known that you can even use them in .reg files, Vista will understand and obey the registry instruction.
Second Objective to Set the CachedLogonsCount value = 0
The default value for the cached logons count is 50. Our job is to edit this REG_SZ value from 50 to zero. Before you go any further, check the path; there are at least four instances of ‘Winlogon’ in the registry.
Let us assume that you have reached: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\winlogon. The next task is to double-click CachedLogonsCount. If this setting is not present, no worries, just right-click in the right hand pane, and create a new REG_SZ called CachedLogonsCount.
For greater security, double-click and change the value for CachedLogonsCount to 0 (zero). Alternatively, to give a laptop the maximum cached logons when it is away from its domain controller, set the value = 50 (maximum number)
Recommended: Solarwinds’ Permissions Analyzer – Free Active Directory Tool
I like the Permissions Monitor because it enables me to see WHO has permissions to do WHAT at a glance. When you launch this tool it analyzes a users effective NTFS permissions for a specific file or folder, and takes into account network share access, then displays the results in a nifty desktop dashboard!
Think of all the frustration that this free SolarWinds utility saves when you are troubleshooting authorization problems for user’s access to a resource. Give this permissions monitor a try – it’s free!
Download SolarWinds’ Free Permissions Analyser – Active Directory Tool
CachedLogonsCount
Key Learning Points
- Were you able to master: Find – ‘Keys’?
- Do you find the CachedLogonsCount value in HKCU** or HKLM?
Answer: HKLM - Do you have to add a value, or modify an existing setting?
Answer: Modify changing 50 –> 0. - Is it a String Value or a DWORD?
Answer: REG_SZ (String value). - Do you need to Restart, or merely Logoff / Logon?
Answer: Restart - This example merely edits an existing value.
- Tip: F3 speeds up searching when using ‘Find’.
** HKLM is an abbreviation of HKEY_LOCAL_MACHINE, and HKCU is shorthand for HKEY_CURRENT_USER. These acronyms are so well-known that you can even use them in .reg files, Vista will understand and obey the registry instruction.
Windows 7 CashedLogonsCount Summary
The default number of cached logons for Windows 7 is fifty. With a quick registry edit of CachedLogonsCount, we can reduce this to value zero. Because there is no convenient GUI to reset the cached logons, this is a job for a registry tweak.
If you like this page then please share it with your friends
More Windows 7 Registry Tweaks
- Gpedit – Local Group Policy Editor
- Editing the Windows 7 Registry with PowerShell
- PaintDesktopVersion (Build Number)
- Change the Name of a Windows 7 Computer
with LocalizedString - Hide User From Welcome Screen
- RegisteredOwner – Windows 7 Registry Hack
- NoDriveTypeAutoRun
- Delete Roaming Profile Cache
- Windows 7 .Reg Files Examples
- Performance Monitoring