How does your company handle this issue?

From: Fred Yarbrough (fcyarbrough_at_yahoo.com)
Date: 05/17/04

• Next message: Chriss3: "Re: reset computer account / Restore"
• Previous message: John M: "Re: NT domain upgrade to W2k"
• Next in thread: Chriss3: "Re: How does your company handle this issue?"
• Reply: Chriss3: "Re: How does your company handle this issue?"
• Messages sorted by: [ date ] [ thread ]

---

Date: Mon, 17 May 2004 16:23:06 -0500

BACKGROUND
We are migrating to a Windows 2003 AD domain with password changes required
every 90 days. In the past we did not require password changes and our
"road warriors" laptop's belonged to our domain. It used cached credentials
when they were not connected to our network. Things worked fine for the
most part.

PROBLEM
Now that we are requiring password changes, our remote users (Windows 2000
Pro and XP Pro) log into their laptop using the cached domain credentials
and then connect to our company via VPN and Dialup. On the connection
attempt, they are forced to change their password for their AD domain
account. They can successfully change their AD domain password but this
DOES NOT change their cached password that the system has. When they
disconnect from our network, and try to login to their laptops using the
cached domain password and they must enter their old password. Our
workaround has been for the user to connect to us and then do a CTRL ATL
DELETE and perform a change password from here. This resets both the cached
password and the domain password and works. We want to implement a policy
that passwords cannot be change for 2 days after they are set to keep people
from rolling their passwords to the old one. This solution is not
acceptable for us.

We are considering making all of our laptops non-domain members. Users will
simply login to the local machine. They will still have to login to the
domain when they attempt to connect but they can choose whether to keep
their local and domain accounts synchronized or not.

Thanks,
Fred

---

• Next message: Chriss3: "Re: reset computer account / Restore"
• Previous message: John M: "Re: NT domain upgrade to W2k"
• Next in thread: Chriss3: "Re: How does your company handle this issue?"
• Reply: Chriss3: "Re: How does your company handle this issue?"
• Messages sorted by: [ date ] [ thread ]

---

Relevant Pages Re: Websites require a login ... up until a few days ago, I did not have to log in to a web site ... as if I am not a user on the local machine. ... Just because you're logged into Windows ... That's why the server is requiring a login. ... (microsoft.public.dotnet.framework.aspnet) Re: Websites require a login ... the local machine. ... That's why the server is requiring a login. ... Because logging into Windows is different than logging into a web application. ... just to see if authorization is the problem. ... (microsoft.public.dotnet.framework.aspnet) Re: How do I force Domain login not Local machine ... When a user logs into the local machine via the local ... Windows will default the login to drop down box to the ... perhaps in a system shutdown script? ... (microsoft.public.win2000.registry) Smartcard offline login and XP laptops ... smartcards and offline login with Windows XP based client laptops? ... My organization currently issues XP based laptops attached to our corporate ... I'm in the midst of deploying a Windows 2008 based PKI environment to ... (microsoft.public.security) Re: Shutdown laptops through script on Lid close ... The script must be on the local machine as if the laptops lose their ... if there is any way to do this through windows XP on the local machine ... (microsoft.public.scripting.wsh)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(18)