Support for Disconnect/Offline Desktop Access using Password

Devices with the Windows Authentication Client installed are able to login with a Password when the device is offline. Support of offline access does require the following configuration be completed by an Admin.

Configuration Steps for Offline Access:

1. Sync RI users with your AD Server.

2. Authenticate user at least once with any RI authentication method when client machine is connected with network and AD server is available. This process makes the Password Cache in Windows machine.

3. Disconnect your client machine from the internet, or switch off AD Server, or Both.

4. To start authentication enter username.

5. The user will encounter the tile for Password authentication method. Clicking on this tile will prompt them to enter their password.

6. After entering their RapidIdentity password, the user gains access to the desktop and is logged into the client machine.

Important notes regarding utilizing the Offline Access Feature

For Domain-join users:

To disable credential caching by using a GPO setting, enable the "Interactive logon: number of previous logons to cache (in case domain controller is not available)" setting. To utilize Offline Access we recommend the value for CachedLogonsCount in the Registry Key should be set to this value should be >0 and <=10. Cached logon information is controlled by the following Registry Editor (Regedit.exe)key:

• Location: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\

• Value name: CachedLogonsCount

• Data type: REG_SZ

• Expected values (turn on logon cache): 1 - 50

• Value to turn off logon cache: 0

• Default Value: 10

Any changes you make to this key require that you restart the computer for the changes to take effect. Windows provides a valid range of values for domain user password cache from 0 to 50. A value of 0 turns off logon caching and any value above 50 will only cache 50 logon attempts. By default, all versions of Windows remember 10 cached logons except Windows Server 2008. Refer Microsoft Documentation to know more about Cache logon count Registry Data:Cached domain logon information - Windows Server

Domain-join & Non-Domain/Local users

• WAC provides offline desktop access using only Password Authentication Method.

• To use the offline desktop access feature, it is necessary for the WAC user to log in to the client machine one time while they are networked.

• To perform offline desktop access in WAC, users must sync their AD and RI passwords every time they change their password.