Re: How does your company handle this issue?
From: Chriss3 (noSpamHere_at_chrisse.se)
Date: 05/17/04
- Next message: Aimme Lirette MSFT: "Re: What rights needed to allow to run ADMT"
- Previous message: Chriss3: "Re: NT domain upgrade to W2k"
- In reply to: Fred Yarbrough: "How does your company handle this issue?"
- Next in thread: Fred Yarbrough: "Re: How does your company handle this issue?"
- Reply: Fred Yarbrough: "Re: How does your company handle this issue?"
- Messages sorted by: [ date ] [ thread ]
Date: Mon, 17 May 2004 23:31:45 +0200
Hello Fred,
Dose the users logon to the computer used cached domain credentials or they
connect VPN during the logon. I think it will change the cached domain
credentials as well if you do it that way.
-- Regards Christoffer Andersson No email replies please - reply in the newsgroup ------------------------------------------------ http://www.chrisse.se - Active Directory Tips "Fred Yarbrough" <fcyarbrough@yahoo.com> skrev i meddelandet news:eWJmmUFPEHA.3020@tk2msftngp13.phx.gbl... > > BACKGROUND > We are migrating to a Windows 2003 AD domain with password changes required > every 90 days. In the past we did not require password changes and our > "road warriors" laptop's belonged to our domain. It used cached credentials > when they were not connected to our network. Things worked fine for the > most part. > > PROBLEM > Now that we are requiring password changes, our remote users (Windows 2000 > Pro and XP Pro) log into their laptop using the cached domain credentials > and then connect to our company via VPN and Dialup. On the connection > attempt, they are forced to change their password for their AD domain > account. They can successfully change their AD domain password but this > DOES NOT change their cached password that the system has. When they > disconnect from our network, and try to login to their laptops using the > cached domain password and they must enter their old password. Our > workaround has been for the user to connect to us and then do a CTRL ATL > DELETE and perform a change password from here. This resets both the cached > password and the domain password and works. We want to implement a policy > that passwords cannot be change for 2 days after they are set to keep people > from rolling their passwords to the old one. This solution is not > acceptable for us. > > We are considering making all of our laptops non-domain members. Users will > simply login to the local machine. They will still have to login to the > domain when they attempt to connect but they can choose whether to keep > their local and domain accounts synchronized or not. > > Thanks, > Fred > > >
- Next message: Aimme Lirette MSFT: "Re: What rights needed to allow to run ADMT"
- Previous message: Chriss3: "Re: NT domain upgrade to W2k"
- In reply to: Fred Yarbrough: "How does your company handle this issue?"
- Next in thread: Fred Yarbrough: "Re: How does your company handle this issue?"
- Reply: Fred Yarbrough: "Re: How does your company handle this issue?"
- Messages sorted by: [ date ] [ thread ]
Loading
