Re: Changing Windows domain password over Internet

From: Matt Wagenknecht (sopsmattw_at_gmail.com)
Date: 07/16/05

  • Next message: Sebastian Zdrojewski: "R: Changing Windows domain password over Internet"
    Date: Sat, 16 Jul 2005 07:51:52 -0600
    To: "Kern, Tom" <tkern@charmer.com>
    
    

    Are your clients using VPNs to connect back to the domain?

    <ASSUMPTION>
    I am assuming that you have traveling\remote users whose accounts are
    used for VPN authentication. They log into their computers with cached
    credentials and establish the VPN tunnel once they are logged in.
    </ASSUMPTION>

    Most VPN clients (Checkpoint, Cisco, MS PPTP) have a GINA mode. The
    GINA mode changes the initial login screen to allow the VPN tunnel to
    be established BEFORE the user logs in. This allows for a real time
    authentication with the domain and allows the user to be notified of
    password expiration while remote. The user can then change the
    password and continue normally with their tasks.

    Basically, the GINA mode provides the same login behavior that you
    would see if the user were connected to the "corporate" LAN (local to
    the domain).

    On 7/15/05, Kern, Tom <tkern@charmer.com> wrote:
    > I'm not sure about the issue with domain pw over a public net but to find out users whose password's are about to expire just use this-
    > dsquery user -stalepwd <numdaysSinceLastPwdChange>
    >
    > Note this will tell you not just which users whose passwords are about to expire but also users who must change their password at next logon.
    > This also does not take into account things like cached logons where the pwdLastSet attrib is not updated in AD.
    >
    > Good luck
    >
    > -----Original Message-----
    > From: sanjiv [mailto:ska262001@yahoo.co.in]
    > Sent: Friday, July 15, 2005 11:38 AM
    > To: focus-ms@securityfocus.com
    > Subject: Changing Windows domain password over Internet
    >
    >
    > Hi,
    > Anybody in this list can you help me in changing the
    > windows domain password over Internet.
    > I have studied a bit and quickly come over these .HTR
    > files - "
    > aexp.htr, aexp2.htr, aexp2b.htr, aexp3.htr, aexp4.htr,
    > aexp4b.htr, anot.htr, anot3.htr", I have used
    > aexp2b.htr file for changing password over Internet.
    >
    > My problem:
    > ------------
    > I am not able to change domain password for accounts
    > which have expired. I am able to change the password
    > over the local netwqork even after it has expired and
    > want to incorporate the same functionality over the
    > Internet.
    >
    > Questions2:
    > ----------
    > Also is there a script, which can query my Active
    > Directory for user accounts whose password is about to
    > expire in next 14 days?
    >
    > Thanks and Regards,
    > Sanjiv
    >
    >
    >
    >
    > ____________________________________________________
    > Start your day with Yahoo! - make it your home page
    > http://www.yahoo.com/r/hs
    >
    >
    > ---------------------------------------------------------------------------
    > ---------------------------------------------------------------------------
    >
    >
    > ---------------------------------------------------------------------------
    > ---------------------------------------------------------------------------
    >
    >

    -- 
    Matt Wagenknecht
    www.lhftools.com
    ---------------------------------------------------------------------------
    ---------------------------------------------------------------------------
    

  • Next message: Sebastian Zdrojewski: "R: Changing Windows domain password over Internet"

    Relevant Pages

    • RE: Changing Windows domain password over Internet
      ... Note this will tell you not just which users whose passwords are about to expire but also users who must change their password at next logon. ... Changing Windows domain password over Internet ... Directory for user accounts whose password is about to ...
      (Focus-Microsoft)
    • RE: Missing web services configuration pane
      ... Please contact the ISP to confirm what the exact connection type is. ... If it's a VPN type, you should have the VPN server side address. ... 825763 How to configure Internet access in Windows Small Business Server ... 241252 VPN Tunnels - PPTP Protocol Packet Description and Use ...
      (microsoft.public.windows.server.sbs)
    • RE: VPN Issue
      ... 317025 You Cannot Connect to the Internet After You Connect to a VPN Server ... | first done with a standard usb broadband modem on XP Professional. ...
      (microsoft.public.windows.server.sbs)
    • RE: VPN Error code 800 HELP!
      ... Can you visit Internet and OWA on SBS server? ... Just one PC get error code 800 connecting VPN connecting to SBS? ...
      (microsoft.public.windows.server.sbs)
    • Re: CAN WE LOGIN TO A WINDOWS 2003 ACTIVE DIRECTORY DOMAIN OVER TH
      ... I have only heard about VPN and never tried it. ... drive and access it through the internet after you established VPN connection? ... We can do VPN in windows xp to windows xp machine right and it does not have ... Logging onto a server is not nearly as serious as logging ...
      (microsoft.public.windows.server.active_directory)