Cached Credentials Password Change

[Guest]

I am setting up laptops for remote users that do not connect to the domain
for more than a year sometimes. I want to give the domain accounts so that
when they are in the office, they connect up the network just fine, or if I
would roll out a VPN I would not have to change their users and move their
profiles and stuff.

The issue I have is if they were to forget their password or want to change
it, is this possible with cached credentials, or is there some other way to
do this?

I have the thinkpad t60's with fingerprintreader, but then if the
fingerprint reader stopped working and they cannot remember their password, I
would be in trouble, unless there is some way for them to change their
password, or for me to remote in over the internet and reset it or something.

TIA

 

[Shenan Stanley]

I am setting up laptops for remote users that do not connect to the
domain for more than a year sometimes. I want to give the domain
accounts so that when they are in the office, they connect up the
network just fine, or if I would roll out a VPN I would not have to
change their users and move their profiles and stuff.

The issue I have is if they were to forget their password or want
to change it, is this possible with cached credentials, or is there
some other way to do this?

I have the thinkpad t60's with fingerprintreader, but then if the
fingerprint reader stopped working and they cannot remember their
password, I would be in trouble, unless there is some way for them
to change their password, or for me to remote in over the internet
and reset it or something.

Why not just give them a local account that is identical to their domain
account?
They are not gaining anything by logging into the machine with cached
credentials vs a local account with the same level of perms.

 

[Guest]

Well, I was thinking that if I want ot setup their domain account to match
their local account I would have to know their password, which I don't want
to do. I guess I can set something up and have them change the local account
password when they receive the laptop, and change their domain account when
they come into the office.

TIA

 

[Steven L Umbach]

AFAIK there is no way to reset forgotten cached credentials without being
able to logon to a network where the domain controller exists to be able to
logon with a reset password. Train them to keep their password written down
in a safe place possibly where it can also be accessed by a trusted user if
need be to give to them. As an emergency backup you could create a regular
user account on the computer with a password that you know that could be
given to them if all else fails.

Steve