Re: Remote computer

From: "Steven L Umbach" <n9rou@xxxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Fri, 30 Jun 2006 10:35:03 -0500

If your DC is not available over the VPN then you have not choice but to set
his password to never expires as access to a domain controller is mandatory
to change a password. In a normal scenario where a user access a VPN that
connects to the domain the user should be prompted to change his password
when it expires assuming that the VPN client can accommodate that which the
built in MS VPN client can also long as MSCHAPV2 is selected and Remote
Access Policies allows remote password changed. Then their is the problem
with the cached credentials after a domain password changed. To deal with
that a user should immediately lock their computer after changing their
domain password and unlock it using the new password. --- Steve

"Invisible" <void@xxxxxxxx> wrote in message
news:OHBPJyCnGHA.3784@xxxxxxxxxxxxxxxxxxxxxxx

This one should be fairly simple...

Let me try to explain this in few words. I'm setting up a laptop for a guy
working from home. He's going to use a VPN to connect in to part of our
network and access some terminal servers.

Long story short: At the moment of login, no DCs are reachable. (He hasn't
even dialled the Internet yet, never mind authenticated into the VPN!)

That's fine - the laptop will use the cached password for the domain
account. But... what happens when the user needs to CHANGE the password?

Of course, if you're on a terminal server, it's quite easy to change your
password. And then our DC will use the new password. But how the hell will
the laptop know about this? (This is compounded by the fact that our DC
isn't actually accessible over the VPN. Apparently that would require
additional hardware or something...)

I could just make the password never expire - but I'd really prefer not to
if there's a way.

Any suggestions?

Follow-Ups:
- Re: Remote computer
  - From: Invisible

References:
- Remote computer
  - From: Invisible

Prev by Date: Re: Can't Firewall/Remote
Next by Date: Re: Unable to change passwords - Windows 2003 Domain
Previous by thread: Remote computer
Next by thread: Re: Remote computer
Index(es):
- Date
- Thread

Relevant Pages

Re: /sigh/ Latops in a domain...
... The password never expires option violates our Sarbanes-Oxley ... my understanding of this issue is: The laptop users cannot ... > access the file share via VPN due to their password expiration. ... > policy similar with "Password never expires" on this Group. ...
(microsoft.public.windowsxp.configuration_manage)
Re: VPN and Password Policy
... I know of no official document and it seems to vary depending on VPN client. ... had success changing an expired password using the built in Windows 2000/XP VPN ... remind them to do such before their password expires. ...
(microsoft.public.win2000.security)
Remote computer
... He's going to use a VPN to connect in to part of our network and access some terminal servers. ... That's fine - the laptop will use the cached password for the domain account. ...
(microsoft.public.windowsxp.security_admin)
RE: Strange VPN Porblem
... I understand that one laptop can not access ... Please disable the XP firewall, and ensure there is no connection limit ... Please manually create a VPN connection via the following KB and then ... Try to access share folder via IP address (i.e. ...
(microsoft.public.windows.server.sbs)
RE: need to allow a VPN connection from inside SBS environment
... Thank you for posting to the SBS Newsgroup. ... domain to VPN to a remote office. ... You mentioned "laptop uses fiberlink and nortel software to create the ...
(microsoft.public.windows.server.sbs)