Cached passwords are credentials used by Windows systems in the event the system cannot contact a Domain Controller. In that event, the system will compare any credential supplied, with a cached version of the same. This feature is predominantly designed for mobile devices when they cannot access Active Directory Domain Controllers.

Using Microsoft’s recommended best practices, IS&T has disabled all cached passwords on Windows Servers associated with Active Directory. This policy, which is outlined in our Information Security Management Guidelines, reduces the likelihood of someone acquiring access to Windows Servers illegally, and significantly reduces the risk of compromise or abuse.

Related Microsoft resources: