I cannot seem to find the answer to my question -
Scenario
An employee in a high profile position was recently terminated from my company. Typically we disable the account, but were asked just to change the password for this account. In error, security allowed this employee back on the property, where he/she was able to login to his/her computer from the lock screen using the previous password.
We have tested with other accounts and determined, even if the computer is connected to the network and communicating with the domain, a user is allowed to login in from a locked screen (1) time before the system recognizes the password has changed.
This allows access to the system along with files. If the user then locks the machine, the cached credentials will not work again.
Hence we are changing our off-boarding procedures, however I am wondering if this is configurable and if so where?
Thanks
Mike