Cached profile problem

[Guest]

I have a windows 2000 domain with Windows 2000 Pro and Windows XP laptops in the field without connectivity except through a SafeNet VPN tunnel that's manually connected. I have an issue where one of my users changed their password through a Citrix logon page, which changed her domain account password, but didn't change her locally cached profile. After she connected across the VPN, her machine was supplying the old password to access network resources such as shares, exchange, intranet, etc. and locked her account on the domain. She then shut down the machine since she couldn't get to the resources, and when the machine came back up, she can't logon using her old password, which should be the one associated in her locally cached profile, nor can she logon with her new password which should be associated with domain account in AD.

Is there a way to get her profile to synch when logged in as the local Administrator account on the laptop? I know if the laptop had connectivity to the DC's when it booted up, the profiles would synch and she could logon with the new password, but since it's across a manually connected VPN and she can't get to her desktop, it becomes problematic to get them to synch the normal way.

Any suggestions?

Thanks
Scot

 

[Steven L Umbach]

You might want to post in the win2000.ras_routing newsgroup also. This issue seems to
come up from time to time and I have never heard about a resolution with third party
vpn clients. The built in vpn client gives the option to specify the domain at logon
to the vpn which may work as far as changing passwords. You might also want to
contact the publisher of your vpn client for possible solutions. I suppose you could
disable the ability of remote users to change their password and set their account
for password never expires in the meantime. Not the best solution from a security
perspective, but better than a user being locked out and if you are using lt2p which
requires machine certificates, that will greatly increase the security for remote
access since vpn logons will only be allowed from computers with trusted certificates
if remote acess policy and/or firewall allows only l2tp. --- Steve

I have a windows 2000 domain with Windows 2000 Pro and Windows XP laptops in the

field without connectivity except through a SafeNet VPN tunnel that's manually
connected. I have an issue where one of my users changed their password through a
Citrix logon page, which changed her domain account password, but didn't change her
locally cached profile. After she connected across the VPN, her machine was supplying
the old password to access network resources such as shares, exchange, intranet, etc.
and locked her account on the domain. She then shut down the machine since she
couldn't get to the resources, and when the machine came back up, she can't logon
using her old password, which should be the one associated in her locally cached
profile, nor can she logon with her new password which should be associated with
domain account in AD.

Is there a way to get her profile to synch when logged in as the local

Administrator account on the laptop? I know if the laptop had connectivity to the
DC's when it booted up, the profiles would synch and she could logon with the new
password, but since it's across a manually connected VPN and she can't get to her
desktop, it becomes problematic to get them to synch the normal way.