Alright, this is a little convoluted, so stay with me.

I've got an application that will be run on a tablet pc running XP Tablet. My company has a domain that all manages our user accounts. If I log on to a tablet while I am connected to the network, it caches my credentials so I can later log on without being connected.

I need, effectively, to cache ALL of the user credentials on this tablet, not just the users who have logged on before. No, a wireless network is not an option. Is there a group policy setting that does this for me automatically?

Thanks

3/18/2010 2:06:44 PM

you can't do this. it doesn't cache your credentials when you log on. it creates a local user repository for your network account.

you would need to login as EACH individual. and it's going to take an assload of disk space if you have several hundred active directory users.

Why not tell us what you are actually trying to do?

3/18/2010 3:05:15 PM

I can't figure out why you'd want to do this. Are they all going to be in some remote location and all need to login individually on that tablet?

3/18/2010 3:18:16 PM

i'm telling you exactly what we need, lol. yes, it is a "remote" location, no we can't run wires (not at $2 million a foot, due to the hazards involved), and wireless is out of the question. And the difficulty in getting back to a location where there is a network is large.

sounds like I'm just going to have to see if we can create a common domain account and have them use that for logon access. sux.

3/18/2010 4:47:21 PM

Consumer satellite internet services are on the same order of cost as residential cable internet. It sounds like this situation is most easily solved by having some internet connectivity.

3/18/2010 6:48:14 PM

if this was allowed, it'd be horribly insecure. you're basically wanting to carry a replica of your AD schema around with you on an easily stolen device.

also, that locally stored hash expires eventually.

why do the users need to log on with their domain credentials if they don't have network access (and, thus, cannot access network resources) in the first place? local user accounts seem like the best solution here.

3/18/2010 7:15:32 PM

"remote" is in quotes. Also, satellite is laughably out of the question, unless it can be penetrate through 12 feet of concrete at a minimum.
Theft of the device is not even close to a concern, lol.

I wanted to log on with the domain credentials for ease of updating passwords, really. I'm gonna have over 100 potential users of an application that was going to make use of windows accounts for authentication purposes. A shared password is not preferable, given the eventual pressure we will be under to get away from shared passwords.

This machine does occasionally connect to the LAN. It will probably spend most of its time connected, actually. it's just that we take the device out for potentially a day at a time, and there is no guarantee that the person who took it out will be the only one using the application.

The end goal is to have a SQL Server Express instance use Windows Integration for authentication of the roaming database. BUT, sounds like mixed mode is gonna have to do, and we'll just have a common account. I can still force Windows Integration for uploading data back to the main database, which will accomplish enough of the security concern.

3/18/2010 7:35:49 PM

the "net account" command will let you add users to the local account cache i think. There may be something a little more robust in WMI that could do it for you.

3/18/2010 7:41:07 PM

why not just put a thumb reader on the tablet? your thumb print is hard to replicate and doesn't have to be remembered or changed.

[Edited on March 18, 2010 at 9:04 PM. Reason : ?]

3/18/2010 9:04:42 PM

^^^ You can't place hardware anywhere with a view to the sky? How does ventilation work?

3/18/2010 10:07:32 PM

^^ that's a 100+ thumbprints on multiple machines. and these users aren't exactly computer savvy. I'd never get them all enrolled...

^ no, not at all. it's all inside.

3/18/2010 10:30:30 PM

^^^^you're thinking of "net accounts" which only lets you modify/see things like maximum password age

Quote :

"I can still force Windows Integration for uploading data back to the main database, which will accomplish enough of the security concern."

this sounds like the most efficient solution to me.

[Edited on March 19, 2010 at 5:54 AM. Reason : or maybe the tablets have smartcard readers? ]

3/19/2010 5:51:26 AM