Re: Password change and cached credentials

From: Ron Bernier (mynameishidden_at_toyou.com)
Date: 02/04/04 

Date: Wed, 4 Feb 2004 16:04:18 -0500

Neil --

There is only one way for the remote workstation to access a domain
resource, and that's with a correct username and password for a domain
account ... The only way to do that is to ensure the user uses the correct
password on the cached credentials machine ... If relying on the user to
remember the password change is not an option, then you cannot accomplish
what you are looking to do ... Their cached password, unless they change it
to their domain password, will always deny them access ...

The only thing you may look into doing is writing some code or script to ask
them everytime they login whether or not the password they've just logged in
with is the same as their domain password, and if not, then have your script
or code run the password change utility ...

"Neil" <bughaw@hotmail.com> wrote in message
news:O2l4ZVz6DHA.2540@TK2MSFTNGP11.phx.gbl...
> Hi!
>
> I have a question / problem that has probably been posted before. But
> nevertheless it still is an issue to me:
>
> A Windows 2000 Professional workstation is a member of an NT4 domain, and
on
> it is installed a 3rd party VPN client software for remote connectivity. A
> domain user account gets access to resources on the domain by logging on
> locally using cached credentials, and then establishing a connection
through
> VPN.
> When the password for the cached credential is the same as the one stored
in
> the domain SAM, things are fine.
> BUT when the user say changes his/her password from another workstation,
> where he/she is logged on to the domain, the problem arises: If the user
> does not remember to update the cached credential on the first machine
with
> the new password, he/she will be denied access to the domain ressources,
the
> next time he/she connects through VPN.
>
> Does anyone have any suggestions on how to solve this problem (relying on
> the user to remember the password change is unfortunately NOT an option
:-)
> ?
>
> best regards
> Neil
>
>
>

Relevant Pages

  • Re: RDC Access for just one VPN Client
    ... >> I suppose one thing that he could do is disable cached credentials on the ... >> laptops which would make his scenario less likely. ... > If you mean the cached account for logging into the laptop itself,..I did ...
    (microsoft.public.isa)
  • RE: cannot log on to user account following password change
    ... please paste them in the newsgroup. ... cannot log on to user account following password change ...
    (microsoft.public.windows.server.sbs)
  • Re: Add domain user to client computer.
    ... They should be able to use cached credentials when out of the office/away ... from the network. ... then it will not allow a domain logon. ... you do not have a domain user account, ...
    (microsoft.public.windows.server.sbs)
  • Re: Outlook Messages are not leaving exchange for one user
    ... I removed the cached credentials on the machine. ... In Outlook is shows the message in the sent box, but no one ever gets it. ... Using a OWA on the same machine with his account works fine, ... Event Source: AutoEnrollment ...
    (microsoft.public.windows.server.sbs)
  • Re: access granted after lock out
    ... Interactive logon: Number of previous logons to cache ... You cannot log on to a computer that is using cached credentials after you change your password by using a domain controller ... her account was locked out on all three. ...
    (microsoft.public.windows.server.active_directory)
Loading