cached login storage and changing passwords

G

Glenn M

We have a setup where by when off lan our remote users vpn in to the
company network by logging into their xp profesisonal laptops cached
and starting the vpn connection once logged on cached.

Our problems lies when users password expire. Should users still be
allowed to be log in cached even when their ad account expires?

If a user logs in cached and then connects via vpn when their password
has expired . is their a builtin mechanism that will ask them to
chnage their passwords . I have seen the pop up thats says you must
lock your workstation to re-establish credintials , but its occurance
seems very random and not something that can be relied on.

Thirdly is there a way i can tell the client to repeat kerberos
authenication process that i would have performed during interactive
logon when the users connects so that the chnage password box could be
is displayed. I appreciate their could be performed by getting the
user to log off whilst the vpn is up and then log in interactivley but
this is something i am keeping as a last resort.

any help would be most appreciated

Glenn
 
T

Tim Springston [MS]

Hi Glenn-

Since your users are creating their user environment/session when a domain
controller is not available the account is not checked for status as a
normal logon would do. The user account status is only checked for status
at the interactive logon when a domain controller is available.

Depending on your VPN strategy though you may be able to have a script run
at succesful connection via VPN. The Microsoft Script Center has a sample
script (link and scipt itself below) that does that. You could change it to
a disconnect as an if/else as a suggestion.

http://www.microsoft.com/technet/community/scriptcenter/user/scrug15.mspx

**************
Set objUser = GetObject _
("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com")

If objUser.AccountDisabled = FALSE Then
WScript.echo "The account is enabled."
Else
WScript.echo "The account is disabled."
End If
*******************

Microsoft Script Center
http://www.microsoft.com/technet/scriptcenter/default.mspx

Additional assistance regarding scripting can be found at the
microsoft.public.windows.server.scripting newsgroup. Please repost if we in
this newsgorup can assist.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

password expired on AD cannot login using cached pw on laptop 1
How does your company handle this issue? 3
Cached login credentials 2
synchronizing domain user Local cached credentials with domain (VP 4
Changing the cached credentials password without domain access 1
Sync Local Cached Domain Password with new Domain Password 0
laptop cached password and AD expired password 0
How To Change Windows 2000 Cached Account Password 1

Top