Myths #1: Number of previous logons to cache
You know, as an IT Pro I often meet some persistent myths about OS, protocols or whatever else. Sometimes these encounters become sooo frequent, that explaining these wrongs just bore me to death. What’s even more amazing: these wrongs are explained usually on so many blogs, pages and other places that… Well, anyway, probably some people who know people who read my blog don’t read those blogs and pages, therefore I’ll try to show some more of these mistakes.
Let’s begin from the very basic, but one of the most frequent mistakes about Group Policy. Yeah, the one which is in the subject of the post. I saw once a man who was nearly fired because of it. Really. Like always: “the boss comes in and tells an IT guy to restrict number of times his sales managers can logon into their laptops without connecting to the company’s LAN by 15 times”. “No problem” answers the guy, changes the setting to 15 and reports the task is done. Some time later it occurs that it wasn’t and all hell’s broke loose. What’s happened and how to fix it?
First of all, it was a mistake not to check if everything works smoothly after changes (I’ve done some nasty things over it too… Bad memories ).
Next, the settings is not what many think of it. If we read its description (this is a good thing to do before a change) then we’ll see the following line: “Determines the number of users who can have cached credentials on the computer”. Number of users, not number of logons per user. That’s it. If you have notebook with 15 users using it (wow…), then the setting will help you. But no restriction for the only one.
Third. Bad news here: I don’t know actually the way to do what this boss wants. And I am not sure that it exists while using only built-in means. Still it is not a cause for telling the boss that you’ve done it