If a computer running Windows is part of a domain, a user can still log on the computer if no domain controller is available. This is accomplished through a Windows feature called cached logons. In a nut shell, Windows caches the logon credentials and uses them in the event that a domain controller in unavailable to authenticate the log on request.

In some cases, administrators may want all log on requests authenticated by a domain controller, which means if a domain controller in not available, you cannot log on. One way to accomplish this is to change the number of cached logons that are allowed to zero. To accomplish this, complete the steps described below.

  1. Open the Registry Editor.
  2. Navigate to the following:
    HKEY_LOCAL_MACHINE Software Microsoft Windows NT CurrentVersion winlogon.
  3. Create a new DWORD value and name it CachedLogonsCount.
  4. Set the value to 0.
  5. Close the Registry Editor.