Re: Changing Windows domain password over Internet
From: Matt Wagenknecht (sopsmattw_at_gmail.com)
Date: 07/16/05
- Previous message: Sarbjit Singh Gill: "Should webservers, eg. IIS 6 have anti--virus installed on them?"
- In reply to: Kern, Tom: "RE: Changing Windows domain password over Internet"
- Next in thread: Sarbjit Singh Gill: "Should webservers, eg. IIS 6 have anti--virus installed on them?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 16 Jul 2005 07:51:52 -0600 To: "Kern, Tom" <tkern@charmer.com>
Are your clients using VPNs to connect back to the domain?
<ASSUMPTION>
I am assuming that you have traveling\remote users whose accounts are
used for VPN authentication. They log into their computers with cached
credentials and establish the VPN tunnel once they are logged in.
</ASSUMPTION>
Most VPN clients (Checkpoint, Cisco, MS PPTP) have a GINA mode. The
GINA mode changes the initial login screen to allow the VPN tunnel to
be established BEFORE the user logs in. This allows for a real time
authentication with the domain and allows the user to be notified of
password expiration while remote. The user can then change the
password and continue normally with their tasks.
Basically, the GINA mode provides the same login behavior that you
would see if the user were connected to the "corporate" LAN (local to
the domain).
On 7/15/05, Kern, Tom <tkern@charmer.com> wrote:
> I'm not sure about the issue with domain pw over a public net but to find out users whose password's are about to expire just use this-
> dsquery user -stalepwd <numdaysSinceLastPwdChange>
>
> Note this will tell you not just which users whose passwords are about to expire but also users who must change their password at next logon.
> This also does not take into account things like cached logons where the pwdLastSet attrib is not updated in AD.
>
> Good luck
>
> -----Original Message-----
> From: sanjiv [mailto:ska262001@yahoo.co.in]
> Sent: Friday, July 15, 2005 11:38 AM
> To: focus-ms@securityfocus.com
> Subject: Changing Windows domain password over Internet
>
>
> Hi,
> Anybody in this list can you help me in changing the
> windows domain password over Internet.
> I have studied a bit and quickly come over these .HTR
> files - "
> aexp.htr, aexp2.htr, aexp2b.htr, aexp3.htr, aexp4.htr,
> aexp4b.htr, anot.htr, anot3.htr", I have used
> aexp2b.htr file for changing password over Internet.
>
> My problem:
> ------------
> I am not able to change domain password for accounts
> which have expired. I am able to change the password
> over the local netwqork even after it has expired and
> want to incorporate the same functionality over the
> Internet.
>
> Questions2:
> ----------
> Also is there a script, which can query my Active
> Directory for user accounts whose password is about to
> expire in next 14 days?
>
> Thanks and Regards,
> Sanjiv
>
>
>
>
> ____________________________________________________
> Start your day with Yahoo! - make it your home page
> http://www.yahoo.com/r/hs
>
>
> ---------------------------------------------------------------------------
> ---------------------------------------------------------------------------
>
>
> ---------------------------------------------------------------------------
> ---------------------------------------------------------------------------
>
>
-- Matt Wagenknecht www.lhftools.com --------------------------------------------------------------------------- ---------------------------------------------------------------------------
- Previous message: Sarbjit Singh Gill: "Should webservers, eg. IIS 6 have anti--virus installed on them?"
- In reply to: Kern, Tom: "RE: Changing Windows domain password over Internet"
- Next in thread: Sarbjit Singh Gill: "Should webservers, eg. IIS 6 have anti--virus installed on them?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
