Cached Credentials out of sync with Domain

From: Greg Thompson (gthompso_at_estee.com)
Date: 08/16/04 

Date: Mon, 16 Aug 2004 08:20:15 -0700

ELC has a VPN that uses SecureID Tokens to auth into our
network/domain for remote users coming in via
DUN/Broadband. The remote users login to a cached version
of our domain upon bootup. The issue is that users, upon
connecting to our VPN are on our network, however the
cached credentials aren't updated unless they do a CTRL-
ALT-DEL and log in again. We obtained a fix for "thick
client" programs that pass along credentials on behalf of
the domain, ie.. Outlook. So, here is the scenario.. a
user logs in via cached credentials, pipes into our
domain, goes into Outlook, Outlook prompts them that, for
instance, they need to change there password, they do so,
and Outlook now has the ability to update the cached
credentials on the machine so they're not out of sync.
However, other "thin client" applications that use our
domain name/passwords do NOT have this same ability.
 
We're looking to figure out how to, when the VPN
connects, auto-sync the domain with the cached
credentials. It has to be possible, but we just can't
figure out how. I was thinking along the lines of
checking the Set LogonServer variable, and if/when it
differs from the computer name, run some sort of command
to network sync the credentials to the domain or vice
versa, as to how though, I can't figure it out. I was
thinking something with the mapi logon function, but
again, I'm not sure how to make it auth or if it's even
possible.

Any assistance with this would be greatly appreciated,
3rd party apps, etc. Thank you in advance.

Relevant Pages

  • Re: Network NeighbourHood problem
    ... log in directly into the domain, without the need of VPN) An Microsoft ... remote users do not appear in network neighbourhood on the server.. ... We have yet to set the backup to occur on the remote users computers ...
    (microsoft.public.windows.server.sbs)
  • Re: problems connecting to Network Shares over VPN
    ... However, when the same user access the VPN, he uses cached credentials to access the remote computer. ... How to Setup Windows, Network, VPN & Remote Access on ... the Server or the Router. ...
    (microsoft.public.windows.server.networking)
  • Any workaround for adding workstations to domain over VPN?
    ... I've tried using the wizard that SBS sets up on ... remote users who are VPN'd to the network using Microsoft VPN, ... Anyone come up with a way to trick it into working using Microsoft VPN? ...
    (microsoft.public.backoffice.smallbiz)
  • How to add computer accounts remotely?
    ... I've tried using the wizard that SBS sets up on ... remote users who are VPN'd to the network using Microsoft VPN, ... Anyone come up with a way to trick it into working using Microsoft VPN? ...
    (microsoft.public.windows.server.sbs)
  • Re: SBS 2003 R2 limited to 5 VPN connections although I have a 30
    ... If you introduce a VPN appliance that ends up having yet ANOTHER password you are reducing the effectiveness and use by end users as they have to remember more information, creating the risk that they will use weak ones, or be forced to write more complex ones down. ... We routinely find during audits users writing down VPN gateway credentials and LEAVING them in the laptop bag, ... Worse, during staffing changes it is typical for IT to forget about the appliance, leaving an entry point into the network unmodified and unprotected. ... Actually, this is an example of a weakness in how RWW may function in its default configuration as well, since it becomes at attack vector in itself as you have no way to prove the identity of the incoming user to the portal. ...
    (microsoft.public.windows.server.sbs)