Disable Logon to Windows Computers When Not Connected to a Domain

The default behavior in Windows when connecting to a domain is to cache the domain credentials locally so that they can be used to login even when the domain isn’t available. You can set this value to 0 in order to disable logons to the computer while not connected to the domain.

Note that this will only work for computers that are configured to login to a domain, not for Home editions.

Disable Cached Logons

Open up regedit.exe through the start menu search or run box, and then navigate down to the following key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

On the right-hand pane you’ll see a key called cachedlogonscount, which you can change to 0 in order to disable logging in when not connected to the domain.

This should work on either Vista or XP.

| More

This article was originally written on 01/12/08 Tagged with: System Administration, Windows Vista

Daily Email Updates

You can get our how-to articles in your inbox each day for free. Just enter your name and email below:

Name:
Email:

Similar Articles	Tinyhacker - Tiny Geek Hacks
Increase the Cached Logon Count for Windows Computers on a Domain Make Your Windows XP Logon Screen Look Like Windows Vista Disable Administrator Logon Warning in Windows Home Server Customize Your Windows Vista Logon Screen Enable "Ubuntu Style" Logons in Windows Vista	Jazz Up MMS on the iPhone using FunMail Free Falling Politicians, Your Choice Of The Aisle Find What You Are Looking for Fast using Windows Grep Gizmodo’s Comprehensive List Of Black Friday Bargains ESET Smart Security 4 – Good Security for Everyone Turn Your PC into a Streaming Music Server using Sockso
Latest Software Reviews	Super User Daily
PCmover Professional Spyware Doctor + Antivirus 2010 Cakewalk Guitar Tracks Pro USB BitDefender Total Security 2010	javac PATH and CLASSPATH help Windows 7 cleartype fuzziness Disable QuickTime updates What emergency software do you use?
Geek Arcade	Popular Forum Threads
Open Doors Boombot Demolition City Heavy Weapons	Reaching the network printer on XP *from* Win 7 Making a simple animation building new computer, please leave feedback PLEASE HELP MY HARDRIVE SHRANK!!!!

Comments (8)

1. January 22, 2008 5:47 am
   Peter

   I am getting the same error on my xp, its a used laptop from my former employer.

   I can’t get past the logon screen to change the registry, how can I fix this problem

   Thanks in advance

2. April 29, 2008 5:51 pm
   Josh

   Try flashing the registry from a USB stick. Thats dodgy though. It would be better to ask the previous jobs’ IT department to login, so the registry can be changed.

3. April 29, 2008 5:52 pm
   Josh

   Plus, you could try and boot into safe mode on start up. It has limited options, but you can change the registry.

4. August 10, 2008 8:46 am
   Dan

   how do i set up a domain for other computers to login to? can it be done on WHS or would I have to buy 2008 Server Standard?

5. October 30, 2008 8:57 am
   Mike

   Even if you can somehow get to the registry and enable credential caching, it won’t help much because your credentials aren’t currently cached. You’d need to enable caching, and then login successfully to the domain to cache them.

6. November 23, 2008 3:49 pm
   Whitney

   “Plus, you could try and boot into safe mode on start up. It has limited options, but you can change the registry. ”

   I have two old laptops given to me by my old job. I’m trying to access them to retrieve old documents and then wipe them clean for donation. However, I’m not able to access with my login because it says the domain is invalid for all available domains. How can I get past this? I’m assuming it’s through safe mode, but I’m not sure what steps to follow.

7. December 1, 2008 6:22 pm
   Mike

   Does a user need to be a ‘power user’ to login to their cached domain profile when removed from the network or is ‘user’ privileges enough?

8. December 8, 2008 1:58 am
   jd2066

   @Mike: I think that just normal user privileges are enough for a cached login.