The default behavior in Windows when connecting to a domain is to cache the domain credentials locally so that they can be used to login even when the domain isn’t available. You can set this value to 0 in order to disable logons to the computer while not connected to the domain.

Note that this will only work for computers that are configured to login to a domain, not for Home editions.

Disable Cached Logons

Open up regedit.exe through the start menu search or run box, and then navigate down to the following key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon


On the right-hand pane you’ll see a key called cachedlogonscount, which you can change to 0 in order to disable logging in when not connected to the domain.

This should work on either Vista or XP.