SOLVED

Long time disconnected from server

%3CLINGO-SUB%20id%3D%22lingo-sub-1345656%22%20slang%3D%22en-US%22%3ELong%20time%20disconnected%20from%20server%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1345656%22%20slang%3D%22en-US%22%3E%3CP%3EHi%2C%3C%2FP%3E%3CP%3ESome%20of%20my%20customers%20(small%20companies%202-6%20users)%20have%20taken%20home%20their%20normally%20connected%20domain%20computers.%26nbsp%3B%20Is%20there%20a%20maximum%20time%20that%20I%20need%20to%20be%20concerned%20about%20if%20these%20workstations%20remain%20off%20the%20network%20where%20the%20user%20will%20no%20longer%20be%20able%20to%20login%20to%20their%20normal%20user%20account%20under%20Windows%2010%3F%26nbsp%3B%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%20%26nbsp%3BAdditional%20notes%20are%20that%20the%20users%20have%20access%20to%20their%20Microsoft%20365%20Exchange%20online%20accounts%20from%20their%20home%20internet%20service.%26nbsp%3B%20Also%2C%20they%20have%20taken%20home%20a%20number%20of%20files%20that%20keeps%20them%20working%20even%20though%20disconnected%20from%20the%20server.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1345718%22%20slang%3D%22en-US%22%3ERE%3A%20Long%20time%20disconnected%20from%20server%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1345718%22%20slang%3D%22en-US%22%3EIt's%20contingent%20on%20AD%20policy%20setting%20the%20number%20of%20days%20a%20machine%20can%20go%20without%20authenticating%20back%20to%20the%20domain.%20If%20these%20users%20are%20authenticating%20to%20VPN%20back%20to%20the%20local%20network%2C%20they%20should%20be%20fine.%20If%20not%2C%20you'll%20run%20into%20issues.%20Just%20my%20two%20cents.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1345798%22%20slang%3D%22en-US%22%3ERE%3A%20Long%20time%20disconnected%20from%20server%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1345798%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F640602%22%20target%3D%22_blank%22%3E%40whinton666%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks.%26nbsp%3B%20No%20VPN.%26nbsp%3B%20I%20never%20set%20a%20specific%20policy.%26nbsp%3B%20Do%20you%20know%20what%20the%20default%20number%20of%20days%20is%3F%26nbsp%3B%20Also%2C%20when%20you%20say%20there%20will%20be%20%22issues%22%2C%20what%20will%20happen%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1345817%22%20slang%3D%22en-US%22%3ERE%3A%20Long%20time%20disconnected%20from%20server%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1345817%22%20slang%3D%22en-US%22%3ESee%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fcore-infrastructure-and-security%2Fsecure-channel-expired-machine-account-password-concerns%2Fba-p%2F1333535%22%20target%3D%22_blank%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fcore-infrastructure-and-security%2Fsecure-channel-expired-machine-account-password-concerns%2Fba-p%2F1333535%3C%2FA%3E%20for%20additional%20discussion%20around%20this.%20Also%2C%20if%20you%20have%20any%20scheduled%20scripts%20that%20delete%20devices%20that%20haven't%20contacted%20AD%20recently%20(typically%20keyed%20off%20of%20the%20last%20machine%20account%20password%20change)%20you%20might%20want%20to%20turn%20those%20off%20for%20a%20while.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1345827%22%20slang%3D%22en-US%22%3ERE%3A%20Long%20time%20disconnected%20from%20server%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1345827%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F21544%22%20target%3D%22_blank%22%3E%40Michael%20Niehaus%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThanks!%26nbsp%3B%20I'll%20check%20the%20article.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIra%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Occasional Contributor

Hi,

Some of my customers (small companies 2-6 users) have taken home their normally connected domain computers.  Is there a maximum time that I need to be concerned about if these workstations remain off the network where the user will no longer be able to login to their normal user account under Windows 10?  

   Additional notes are that the users have access to their Microsoft 365 Exchange online accounts from their home internet service.  Also, they have taken home a number of files that keeps them working even though disconnected from the server.

4 Replies
Highlighted
It's contingent on AD policy setting the number of days a machine can go without authenticating back to the domain. If these users are authenticating to VPN back to the local network, they should be fine. If not, you'll run into issues. Just my two cents.
Highlighted

@whinton666 

 

Thanks.  No VPN.  I never set a specific policy.  Do you know what the default number of days is?  Also, when you say there will be "issues", what will happen?

Highlighted
Best Response confirmed by Heather Poulsen (Community Manager)
Solution
See https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/secure-channel-expired-machi... for additional discussion around this. Also, if you have any scheduled scripts that delete devices that haven't contacted AD recently (typically keyed off of the last machine account password change) you might want to turn those off for a while.
Highlighted

@Michael Niehaus 

Thanks!  I'll check the article.

 

Ira