Mobile Users and Domain Password Management

From: Mike H. (
Date: 02/08/05

Date: 8 Feb 2005 14:38:30 -0800

We are planning on having mobile computers where the user will be
constantly traveling. We would like to avoid VPN (to unreliable) and
Dial up (to Slow) and will have the users access our network via Citrix
Secure Gateway (CSG). The problem is that the mobile computer is a
member of the domain and it never directly communicates with any domain
controller. How can one manage user passwords? Obviously using CSG we
can have the user change passwords on the domain, but this password
change will never replicate to the locally cached domain information
requiring the user to either remember 2 passwords or change the
passwords twice. Has anyone encountered this problem - if so how did
you solve it? Smart Cards? SecurID? If you do initialize two factor
authentication do you need to do this for all users in the domain?

Thanks in Advance,
Mike H.