aaronburro Sup, B 53146 Posts user info edit post |
Alright, this is a little convoluted, so stay with me.
I've got an application that will be run on a tablet pc running XP Tablet. My company has a domain that all manages our user accounts. If I log on to a tablet while I am connected to the network, it caches my credentials so I can later log on without being connected.
I need, effectively, to cache ALL of the user credentials on this tablet, not just the users who have logged on before. No, a wireless network is not an option. Is there a group policy setting that does this for me automatically?
Thanks 3/18/2010 2:06:44 PM |
Noen All American 31346 Posts user info edit post |
you can't do this. it doesn't cache your credentials when you log on. it creates a local user repository for your network account.
you would need to login as EACH individual. and it's going to take an assload of disk space if you have several hundred active directory users.
Why not tell us what you are actually trying to do? 3/18/2010 3:05:15 PM |
DeltaBeta All American 9417 Posts user info edit post |
I can't figure out why you'd want to do this. Are they all going to be in some remote location and all need to login individually on that tablet? 3/18/2010 3:18:16 PM |
aaronburro Sup, B 53146 Posts user info edit post |
i'm telling you exactly what we need, lol. yes, it is a "remote" location, no we can't run wires (not at $2 million a foot, due to the hazards involved), and wireless is out of the question. And the difficulty in getting back to a location where there is a network is large.
sounds like I'm just going to have to see if we can create a common domain account and have them use that for logon access. sux. 3/18/2010 4:47:21 PM |
darkone (\/) (;,,,;) (\/) 11611 Posts user info edit post |
Consumer satellite internet services are on the same order of cost as residential cable internet. It sounds like this situation is most easily solved by having some internet connectivity. 3/18/2010 6:48:14 PM |
evan All American 27701 Posts user info edit post |
if this was allowed, it'd be horribly insecure. you're basically wanting to carry a replica of your AD schema around with you on an easily stolen device.
also, that locally stored hash expires eventually.
why do the users need to log on with their domain credentials if they don't have network access (and, thus, cannot access network resources) in the first place? local user accounts seem like the best solution here. 3/18/2010 7:15:32 PM |
aaronburro Sup, B 53146 Posts user info edit post |
"remote" is in quotes. Also, satellite is laughably out of the question, unless it can be penetrate through 12 feet of concrete at a minimum. Theft of the device is not even close to a concern, lol.
I wanted to log on with the domain credentials for ease of updating passwords, really. I'm gonna have over 100 potential users of an application that was going to make use of windows accounts for authentication purposes. A shared password is not preferable, given the eventual pressure we will be under to get away from shared passwords.
This machine does occasionally connect to the LAN. It will probably spend most of its time connected, actually. it's just that we take the device out for potentially a day at a time, and there is no guarantee that the person who took it out will be the only one using the application.
The end goal is to have a SQL Server Express instance use Windows Integration for authentication of the roaming database. BUT, sounds like mixed mode is gonna have to do, and we'll just have a common account. I can still force Windows Integration for uploading data back to the main database, which will accomplish enough of the security concern. 3/18/2010 7:35:49 PM |
Shaggy All American 17820 Posts user info edit post |
the "net account" command will let you add users to the local account cache i think. There may be something a little more robust in WMI that could do it for you. 3/18/2010 7:41:07 PM |
smoothcrim Universal Magnetic! 18968 Posts user info edit post |
why not just put a thumb reader on the tablet? your thumb print is hard to replicate and doesn't have to be remembered or changed.
[Edited on March 18, 2010 at 9:04 PM. Reason : ?] 3/18/2010 9:04:42 PM |
darkone (\/) (;,,,;) (\/) 11611 Posts user info edit post |
^^^ You can't place hardware anywhere with a view to the sky? How does ventilation work? 3/18/2010 10:07:32 PM |
aaronburro Sup, B 53146 Posts user info edit post |
^^ that's a 100+ thumbprints on multiple machines. and these users aren't exactly computer savvy. I'd never get them all enrolled...
^ no, not at all. it's all inside. 3/18/2010 10:30:30 PM |
evan All American 27701 Posts user info edit post |
^^^^you're thinking of "net accounts" which only lets you modify/see things like maximum password age
Quote : | "I can still force Windows Integration for uploading data back to the main database, which will accomplish enough of the security concern." |
this sounds like the most efficient solution to me.
[Edited on March 19, 2010 at 5:54 AM. Reason : or maybe the tablets have smartcard readers? ]3/19/2010 5:51:26 AM |