When u find some cool tip or trick POST IT HERE!

randomly found this when looking for a way to remove cached domain credentials
http://www.shijaz.com/windows/Removing_cached_credentials.htm

1 Open Command Prompt.

2 Type the command:
rundll32.exe keymgr.dll, KRShowKeyMgr

This is for clearing those pesky cached network credentials that aren't domain related.

9/24/2008 1:51:35 PM

i was RDPed into a server at work yesterday and forgot to log out when i went home. When i tried to log in last night, the max connections wouldn't let me in. so i sshed in and used qwinsta and rwinsta to kick myself off

btw, if anybody has used a ssh tunnel with Putty to remote into a SQL2005 server through SQL Server Management Studio, please post

[Edited on September 24, 2008 at 2:26 PM. Reason : i'm sure this thread will quickly turn into a "what you didn't know how to do that? n00b" thread]

9/24/2008 2:24:36 PM

^ protip override the console session to get a login to the server. Alternative boot up the terminal services managemer tool, connect it to the server in question, and logout one of the connections.

9/24/2008 2:29:35 PM

ctrl + z is undo.

9/24/2008 2:59:31 PM

there is in fact a group policy and local policy to prevent the caching of domain credentials. I always use this as I feel it's more secure.

9/24/2008 3:10:48 PM

doesn't help for laptops that aren't on the network 24/7

9/24/2008 3:50:44 PM

Quote :

"i was RDPed into a server at work yesterday and forgot to log out when i went home. When i tried to log in last night, the max connections wouldn't let me in. so i sshed in and used qwinsta and rwinsta to kick myself off"

/console is your friend

Quote :

"btw, if anybody has used a ssh tunnel with Putty to remote into a SQL2005 server through SQL Server Management Studio, please post"

create two dynamic tunneled ports, tcp 1433 and udp 1434
go to management studio, connect to localhost
boom

Quote :

"doesn't help for laptops that aren't on the network 24/7"

if they're members of a domain, group policy is cached, it will use the cached copy until you reauth to a DC

[Edited on September 24, 2008 at 5:52 PM. Reason : .]

9/24/2008 5:50:51 PM

my response was to smoothcrim who suggested turning off the caching.

9/24/2008 5:58:46 PM

he suggested turning off cached credentials through group policy, which is an excellent idea

i'm talking about cached group policy settings. if a computer is a member of a domain, it doesn't matter if it's connected to the network or not - it will use the most recent cached copy of the group policy that applies to its OU if it can't grab it from a GC.

therefore, if you disable cached credentials in GP and apply that to an OU, all the computers in that OU won't cache credentials, regardless of whether they're connected to the network or not after they download the GP refresh.

[Edited on September 24, 2008 at 6:03 PM. Reason : .]

9/24/2008 6:02:15 PM

As long as you can require AND establish a VPN prior to a domain login on a laptop, then you should have no problem with turning off credential caching. Otherwise you may as well leave caching turned on if your laptop users expect to leave the office with the laptop.

[Edited on September 24, 2008 at 6:04 PM. Reason : transposed words]

9/24/2008 6:04:21 PM

right. Turning of credential cache would prevent a user from logging in with domain credentials when not on the network which would be a problem.

The issue I was having was a user had cached credentials. Shed log out with the cached ones, start the vpn, and go on working. She logged into a terminal server and had to change her password b/c it had expired. So now her local cached creds didn't match her current domain creds. And when her network drives tried to connect, they'd use the cached pw and lock out her domain account. For some reason having her lock the machine and then try to login while on the VPN didn't work. Gonna fix it later.

9/24/2008 6:06:44 PM

yeah, turn off cached credentials in group policy, and your problem is solved.

are we talking about two different things here?

9/24/2008 6:08:32 PM

if i turned off cached credentials they wouldn't be able to login while not on the network. Thats no good.

9/24/2008 6:09:12 PM

oh

i'd consider that a security risk, but oh well.

on all our company owned laptops, the vpn client uses GINA to appear on the login screen, you have to establish a vpn tunnel before you can log in. no cached credentials.

much more secure, and you can also guarantee that everyone's using the vpn whenever they use their laptop. it's a win-win.

9/24/2008 6:11:06 PM

unless they want to do work and dont have a network connection.

9/24/2008 6:11:45 PM

ah, that would indeed be a problem.

not really an issue for us, 3g sierra wireless cards ftw

9/24/2008 6:13:26 PM

vmware esx/server/gsx, other virtualization technologies
So you have a set of statically configured VM's and need to support multiple OS's on each VM. Rather than have separate vm's for each OS, set them all to "Other/Other 64bit" and if you have separate vmdk's for page/swap partitions, create 8gb (or bigger) vmdk's/lun's and partition them in half, formatting one half as ntfs and the other as swap. Now the VM's will support whatever OS you put in them without any reconfiguration needed.

I'm smoothcrim and I advocate pure homogenization/aggregation.

10/7/2008 11:37:23 AM