Is it possible to store cached login credentials on a terminal server, allowing users to login if the domain controller is unreachable?
If it is possible, can you set a time limit? E.g. DC authentication will be needed after X days.
Terminal Server: Windows Server 2008 R2 Std
Windows already stores "password verifiers," more commonly known as "cached credentials," of users when they log on to the machine. By default it will store something like 10 of them, meaning that the eleventh user to log on will overwrite the cached credentials of the 1st person who logged on, and so forth. This number is easily changed with either Group Policy or Local Policy. (0 - 50.)
http://technet.microsoft.com/en-us/library/jj852209.aspx
Cached credentials in Windows are actually more like "password verifiers" or "authenticators," because they are actually a "hash of a hash," not the user's actual password itself or even a direct hash of it. You cannot pass these "cached credentials" to another service in a Pass-The-Hash type scenario... although it's naïve to think that there is no risk at all in storing these credential verifiers.
No that is not something Windows does, natively. I suppose though, if you were dedicated enough you could write an application or script that would clear cached credentials that were over a certain number of days old.