I understand that HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\CachedLogonsCount refers to the number of domain credentials used in logons that can be cached.
What I'd like to understand further is whether this is the set of contiguous logons (which could all be the same) or the set of contiguous unique logons (which would necessarily all be different).
It's been recommended for security purposes that we make the value "0" (zero). So, if I understand it right, there would be no cached domain credentials unless zero=1. Zero seems fine for a desktop computer in a stable and redundant environment - as there is going to be an operational DC.
But, for laptop computers that may leave the domain for a while, I envision that we'd need to set the value to something above zero. So, is "1" good enough or ..... ?
