Sounds like this is nothing more than the native credential token caching NT always had. So even if you lost domain connectivity for months, anyone who had previously logged into that machine could still log in (of course, because it hasn’t connected to the domain directory for credential updates).
Not sure why it’s seen as an RDP specific thing, I don’t see anything in the article clarifying this only affects RDP. It should affect the entire machine/any local logins (not local credentials, any logins that happened on the machine, so the domain credential token was cached).
Some clarification around how credentials are updated from Azure/MS would be helpful, and clarify if this is any more than the original NT token caching.
Thank you. It’s annoying that there isn’t a separate set of settings for RDP connections specifically, but as far as I can tell this is the standard caching feature controlled/mitigated by the same means as it always has been.
Ransomware Delivery Protocol at it again.
Sounds like this is nothing more than the native credential token caching NT always had. So even if you lost domain connectivity for months, anyone who had previously logged into that machine could still log in (of course, because it hasn’t connected to the domain directory for credential updates).
Not sure why it’s seen as an RDP specific thing, I don’t see anything in the article clarifying this only affects RDP. It should affect the entire machine/any local logins (not local credentials, any logins that happened on the machine, so the domain credential token was cached).
Some clarification around how credentials are updated from Azure/MS would be helpful, and clarify if this is any more than the original NT token caching.
Thank you. It’s annoying that there isn’t a separate set of settings for RDP connections specifically, but as far as I can tell this is the standard caching feature controlled/mitigated by the same means as it always has been.