How-To Geek

Disable Logon to Windows Computers When Not Connected to a Domain

The default behavior in Windows when connecting to a domain is to cache the domain credentials locally so that they can be used to login even when the domain isn’t available. You can set this value to 0 in order to disable logons to the computer while not connected to the domain.

Note that this will only work for computers that are configured to login to a domain, not for Home editions.

Disable Cached Logons

Open up regedit.exe through the start menu search or run box, and then navigate down to the following key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon


On the right-hand pane you’ll see a key called cachedlogonscount, which you can change to 0 in order to disable logging in when not connected to the domain.

This should work on either Vista or XP.

Lowell Heddings, better known online as the How-To Geek, spends all his free time bringing you fresh geekery on a daily basis. You can follow him on if you'd like.

  • Published 01/12/08

Comments (8)

  1. Peter

    I am getting the same error on my xp, its a used laptop from my former employer.

    I can’t get past the logon screen to change the registry, how can I fix this problem

    Thanks in advance

  2. Josh

    Try flashing the registry from a USB stick. Thats dodgy though. It would be better to ask the previous jobs’ IT department to login, so the registry can be changed.

  3. Josh

    Plus, you could try and boot into safe mode on start up. It has limited options, but you can change the registry.

  4. Dan

    how do i set up a domain for other computers to login to? can it be done on WHS or would I have to buy 2008 Server Standard?

  5. Mike

    Even if you can somehow get to the registry and enable credential caching, it won’t help much because your credentials aren’t currently cached. You’d need to enable caching, and then login successfully to the domain to cache them.

  6. Whitney

    “Plus, you could try and boot into safe mode on start up. It has limited options, but you can change the registry. ”

    I have two old laptops given to me by my old job. I’m trying to access them to retrieve old documents and then wipe them clean for donation. However, I’m not able to access with my login because it says the domain is invalid for all available domains. How can I get past this? I’m assuming it’s through safe mode, but I’m not sure what steps to follow.

  7. Mike

    Does a user need to be a ‘power user’ to login to their cached domain profile when removed from the network or is ‘user’ privileges enough?

  8. jd2066

    @Mike: I think that just normal user privileges are enough for a cached login.

More Articles You Might Like

Enter Your Email Here to Get Access for Free:

Go check your email!