The default behavior in Windows when connecting to a domain is to cache the domain credentials locally so that they can be used to login even when the domain isn’t available. You can set this value to 0 in order to disable logons to the computer while not connected to the domain.

Note that this will only work for computers that are configured to login to a domain, not for Home editions.

Disable Cached Logons

Open up regedit.exe through the start menu search or run box, and then navigate down to the following key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

image5

On the right-hand pane you’ll see a key called cachedlogonscount, which you can change to 0 in order to disable logging in when not connected to the domain.

This should work on either Vista or XP.

Lowell Heddings Lowell Heddings
Lowell is the founder and CEO of How-To Geek. He’s been running the show since creating the site back in 2006. Over the last decade, Lowell has personally written more than 1000 articles which have been viewed by over 250 million people. Prior to starting How-To Geek, Lowell spent 15 years working in IT doing consulting, cybersecurity, database management, and programming work.
Read Full Bio »