RE: synchronizing domain user Local cached credentials with domain
- From: Stephane <Stephane@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 6 May 2008 12:44:33 -0700
Hi Victor.
I have the same issue and agree with you. Even if the CTLR-ALT-DEL is easy
enough, 50% of our users are still calling for support. I like your solution
(not the best, but better). Would you mind emailing me your script?
Thanks
"Victor B" wrote:
Thanks for the reply..
This is what a user needs to do at the moment but many users ignore the
windows taskbar bubble which would indicate that their password needs to be
syncronised. This becomes and issue where users are constantly travelling.
The solution I have put in place is to run a vbscript when the CISCO client
opens a connection. The script does the following:
1. Wait until DHCP IP address is supplied by VPN connection
2. Attempt to connect to domain Sysvol with users current credenitals
3. No Error, Script Ends. Error in connecting to SysVol--
3a. Force a Windows Popup with a personalised Message and
instruction
3b. Once the Popup is closed, Desktop will automtically lock
and force the user to use their new password to unlock their screen.
3c. Password Syncronisation completes, Script ends.
Not ideal but does provide a much clearer instruction to inform a user what
needs to happen and why.
Victor
"Jagdeep P" wrote:
1) Log into computer with old password
2) Connect to domain or vpn
3) Lock computer
4) unlock with new password which forces update with domain access.
"Victor B" wrote:
I am having problem finding a solution to an issue of capturing when a
locally cached credentials are out of sync with domain credentials. The user
is Windows 2003 using domain user account to access XP SP2 laptop when
offline.
Scenario is: We have mobile VPN users who connect to corporate network using
Cisco VPN client and when a password is set to expire and has to be renewed,
the user is prompted for a new password. User is then allowed access to the
corporate domain. The User now has a copy of their old password cached
locally and their network password has just been changed. Some time later a
small window bubble appears in the task bar, "Windows needs your current
credentials". For the technical savvy will lock their screen and logon on
using their new password.
The issue we are trying to address is finding a method to capture this
change (script the detection of the Window bubble, most users ignore or don't
understand what to do) and force the screen to lock or provide a a larger
popup window instructing the user how to sync their old locally cached
password with the new domain one. Ideally solution is automatically sync the
local password cache with the network one.
In short ideal solution would automatically synced locally cached
credentials with domain without locking the computer screen. The other
option is scripting a solution to capture when the credentials are out of
sync and creating a process to help clearly inform the user what to do, or
force the screen to lock so new password must be used.
Are their any tools or a way to script the syncronize local cached password
to the domaiin once the password has been changed, and capture / log when
these passwords are out of sync.
Any Help or point me in the right direction would be very helpful.
- Follow-Ups:
- Prev by Date: RE: uipopuphidden
- Next by Date: Re: Group Policy lock down
- Previous by thread: RE: uipopuphidden
- Next by thread: RE: synchronizing domain user Local cached credentials with domain
- Index(es):
Relevant Pages
|
