User not logged in - login - register
Home Calendar Books School Tool Photo Gallery Message Boards Users Statistics Advertise Site Info
go to bottom | |
 Message Boards » » Replicate Active Directory to individual machines Page [1]  
aaronburro
Sup, B
53146 Posts
user info
edit post

Alright, this is a little convoluted, so stay with me.

I've got an application that will be run on a tablet pc running XP Tablet. My company has a domain that all manages our user accounts. If I log on to a tablet while I am connected to the network, it caches my credentials so I can later log on without being connected.

I need, effectively, to cache ALL of the user credentials on this tablet, not just the users who have logged on before. No, a wireless network is not an option. Is there a group policy setting that does this for me automatically?

Thanks

3/18/2010 2:06:44 PM

Noen
All American
31346 Posts
user info
edit post

you can't do this. it doesn't cache your credentials when you log on. it creates a local user repository for your network account.

you would need to login as EACH individual. and it's going to take an assload of disk space if you have several hundred active directory users.

Why not tell us what you are actually trying to do?

3/18/2010 3:05:15 PM

DeltaBeta
All American
9417 Posts
user info
edit post

I can't figure out why you'd want to do this. Are they all going to be in some remote location and all need to login individually on that tablet?

3/18/2010 3:18:16 PM

aaronburro
Sup, B
53146 Posts
user info
edit post

i'm telling you exactly what we need, lol. yes, it is a "remote" location, no we can't run wires (not at $2 million a foot, due to the hazards involved), and wireless is out of the question. And the difficulty in getting back to a location where there is a network is large.

sounds like I'm just going to have to see if we can create a common domain account and have them use that for logon access. sux.

3/18/2010 4:47:21 PM

darkone
(\/) (;,,,;) (\/)
11611 Posts
user info
edit post

Consumer satellite internet services are on the same order of cost as residential cable internet. It sounds like this situation is most easily solved by having some internet connectivity.

3/18/2010 6:48:14 PM

evan
All American
27701 Posts
user info
edit post

if this was allowed, it'd be horribly insecure. you're basically wanting to carry a replica of your AD schema around with you on an easily stolen device.

also, that locally stored hash expires eventually.

why do the users need to log on with their domain credentials if they don't have network access (and, thus, cannot access network resources) in the first place? local user accounts seem like the best solution here.

3/18/2010 7:15:32 PM

aaronburro
Sup, B
53146 Posts
user info
edit post

"remote" is in quotes. Also, satellite is laughably out of the question, unless it can be penetrate through 12 feet of concrete at a minimum.
Theft of the device is not even close to a concern, lol.

I wanted to log on with the domain credentials for ease of updating passwords, really. I'm gonna have over 100 potential users of an application that was going to make use of windows accounts for authentication purposes. A shared password is not preferable, given the eventual pressure we will be under to get away from shared passwords.

This machine does occasionally connect to the LAN. It will probably spend most of its time connected, actually. it's just that we take the device out for potentially a day at a time, and there is no guarantee that the person who took it out will be the only one using the application.

The end goal is to have a SQL Server Express instance use Windows Integration for authentication of the roaming database. BUT, sounds like mixed mode is gonna have to do, and we'll just have a common account. I can still force Windows Integration for uploading data back to the main database, which will accomplish enough of the security concern.

3/18/2010 7:35:49 PM

Shaggy
All American
17820 Posts
user info
edit post

the "net account" command will let you add users to the local account cache i think. There may be something a little more robust in WMI that could do it for you.

3/18/2010 7:41:07 PM

smoothcrim
Universal Magnetic!
18968 Posts
user info
edit post

why not just put a thumb reader on the tablet? your thumb print is hard to replicate and doesn't have to be remembered or changed.

[Edited on March 18, 2010 at 9:04 PM. Reason : ?]

3/18/2010 9:04:42 PM

darkone
(\/) (;,,,;) (\/)
11611 Posts
user info
edit post

^^^ You can't place hardware anywhere with a view to the sky? How does ventilation work?

3/18/2010 10:07:32 PM

aaronburro
Sup, B
53146 Posts
user info
edit post

^^ that's a 100+ thumbprints on multiple machines. and these users aren't exactly computer savvy. I'd never get them all enrolled...

^ no, not at all. it's all inside.

3/18/2010 10:30:30 PM

evan
All American
27701 Posts
user info
edit post

^^^^you're thinking of "net accounts" which only lets you modify/see things like maximum password age

Quote :
"I can still force Windows Integration for uploading data back to the main database, which will accomplish enough of the security concern."

this sounds like the most efficient solution to me.

[Edited on March 19, 2010 at 5:54 AM. Reason : or maybe the tablets have smartcard readers? ]

3/19/2010 5:51:26 AM

 Message Boards » Tech Talk » Replicate Active Directory to individual machines Page [1]  
go to top | |
Admin Options : move topic | lock topic

© 2024 by The Wolf Web - All Rights Reserved.
The material located at this site is not endorsed, sponsored or provided by or on behalf of North Carolina State University.
Powered by CrazyWeb v2.39 - our disclaimer.