Account prevalidation

Prevalidation enables specific users or the members of a specific group to access a Centrify-managed computer using their Active Directory credentials even if the following conditions would normally prevent them from logging on:

  • The computer is disconnected from the network and unable to contact Active Directory to authenticate their identity.
  • The user has not previously logged onto the computer.

Without prevalidation, only users who have previously logged on and had their password hashes stored in the local cache can be authenticated when the computer is disconnected from the network.

You can use the Account Prevalidation group policies to manage the users and groups who are authorized or denied access to disconnected computers.

Use the following group policies specify the users and groups that can be prevalidated:

Use the following group policies specify the users and groups that cannot be prevalidated:

Use the following group policies specify other prevalidation settings: