Main Forum Index

Forum Home

Post Reply

Email Forum Admins

Log In

Search Forums

Read Messages

Send a Message

Edit Your Settings

Forum Rules


By:  Sycraft (Administrators; 20638)
Posted on: 04-15-2019 23:06.
Client: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36
IP: Logged 
Message views: 29 (Score: 0 Protected)  

Strange that it doesn't update shit when it contacts the DC. I mean by default Windows does something similar in that a certain number of logins, 25 I think by default, have their hashes cached so they can login even if they system can't contact the DC. We use that all the time for laptops. However it always tries to contact the DC, and if that succeeds auths against it rather than local and updates local data.

Same deal with smart card login. By default so long as the local system has the root and all intermediaries in its local certificate store, you can auth with a smart card even when not on the network. If it is on the network, it checks with the CAs and OSCP. It is just an automatic thing. If it can reach the CAs, it does an online check,if not it uses what is stored locally.