Re: Remote User Needs to Change PWD without connecting to domain
From: Bruce Sanderson (Bruce.Sanderson@junk.junk)
Date: 05/09/02
- Next message: Asheesh Laroia: "Re: I can't get into my administrator account"
- Previous message: Lohkee: "Connecting internal network to the Internet"
- In reply to: Dan DeStefano, MCSA, MCP, A+, Net+: "Re: Remote User Needs to Change PWD without connecting to domain"
- Next in thread: Hemsell: "Re: Remote User Needs to Change PWD without connecting to domain"
- Reply: Hemsell: "Re: Remote User Needs to Change PWD without connecting to domain"
- Reply: Craig S: "Re: Remote User Needs to Change PWD without connecting to domain"
- Reply: Dan DeStefano, MCSA, MCP, A+, Net+: "Re: Remote User Needs to Change PWD without connecting to domain"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Bruce Sanderson" <Bruce.Sanderson@junk.junk> Date: Wed, 8 May 2002 18:55:52 -0700
I think you are misinterpreting the "10 logon" settings. See the quote below from the
gpedit Help for "Number of previous logons to cache..." (Computer Configuration, Windows
Settings, Security Settings, Local Policy, Security Options).
"Logon information for domain accounts can be cached locally so that, in the event a
domain controller cannot be contacted on subsequent logons, a user can still log on. This
setting determines the number of unique users for which logon information is cached
locally."
The number (which defaults to 10) is the number of user account credentials that are
cached, not the number of times that a single user can logon with cached credentials. You
can test this yourself by setting this number to a low value (e.g. 1), then logging on
without a network connection a few times.
Has the password actually "expired" and does the user actually have a problem? The reason
for asking is that I seem to recall that the password expiration policy is not "enforced"
when cached credentials are used to logon locally. The next time the computer can
communicate with the Domain, the user will be prompted to change their password.
A possible solution to your dilema is to allow the user to connect via dial up (RAS).
This may be useful until you can get the VPN solution working. If the user's password has
expired, you, as an AD administrator, can set their password to a new value. Then, when
the user logs on using Dial Up Networking, they can specify the new password and the
cached credentials on the laptop will be updated.
-- Bruce Sanderson MVP bruce.sanderson@gems6.gov.bc.ca It is perfectly useless to know the right answer to the wrong question. "Dan DeStefano, MCSA, MCP, A+, Net+" <ddestefano@winmarcompanies.com> wrote in message news:ehvR#Nt9BHA.2512@tkmsftngp05... > you can try to enable the option "password never expires" for her user > account (note: this should only be temporary as this presents a security > risk, especially for a remote user). however, this may not work if the > password has already expired but you can give it a try. i have one question: > if she cannot connect to the domain then how has she been logging on to her > machine? cached credentials? if so, her password changing is not going to be > her only problem because, by default, cached credentials will only last for > 10 logons. > > Dan DeStefano > > "Craig S" <none@none.com> wrote in message > news:YkfC8.310$xq4.5764@twister.rdc-kc.rr.com... > > I have one single user that used to be on the local domain with the > standard > > password expiration policy (changed every 45 days) but then moved 2,000 > > miles away and took the laptop with her. I don't have any VPN/RAS setup > yet > > (and wont for a few weeks) Now her password is expiring, and she has been > > unable to change it because it reports "Unable to change password because > > domain <domainname> is unavailable" > > > > Is there any way to change her password from her PC without connecting to > my > > domain? I really don't have any way setup for her to get in to the > domain, > > but she needs to keep working using her existing account/profile. > > > > Help!? > > > > > >
- Next message: Asheesh Laroia: "Re: I can't get into my administrator account"
- Previous message: Lohkee: "Connecting internal network to the Internet"
- In reply to: Dan DeStefano, MCSA, MCP, A+, Net+: "Re: Remote User Needs to Change PWD without connecting to domain"
- Next in thread: Hemsell: "Re: Remote User Needs to Change PWD without connecting to domain"
- Reply: Hemsell: "Re: Remote User Needs to Change PWD without connecting to domain"
- Reply: Craig S: "Re: Remote User Needs to Change PWD without connecting to domain"
- Reply: Dan DeStefano, MCSA, MCP, A+, Net+: "Re: Remote User Needs to Change PWD without connecting to domain"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
