Re: How does your company handle this issue?
From: Fred Yarbrough (fcyarbrough_at_yahoo.com)
Date: 05/18/04
- Next message: Simon Geary: "RE: Rename DC"
- Previous message: Alan: "Re: How can I format my master DC and make it master DC again?"
- In reply to: Chriss3: "Re: How does your company handle this issue?"
- Next in thread: Fred Yarbrough: "Re: How does your company handle this issue?"
- Reply: Fred Yarbrough: "Re: How does your company handle this issue?"
- Messages sorted by: [ date ] [ thread ]
Date: Tue, 18 May 2004 08:35:17 -0500
Christoffer,
Thanks for the reply. Our users normally just login to the laptops
using the domain cached credentials. They then establish a VPN connection
into our Cisco VPN concentrator. If their password has expired, the VPN
client prompts them to change their password. They can successfully change
the password but the laptop's password cache is not being updated. This
same thing happens with our dialup system. I am going to call Microsoft on
this issue. I will post the results back here.
Thanks,
Fred
"Chriss3" <noSpamHere@chrisse.se> wrote in message
news:OX4ZZZFPEHA.2976@TK2MSFTNGP10.phx.gbl...
> Hello Fred,
> Dose the users logon to the computer used cached domain credentials or
they
> connect VPN during the logon. I think it will change the cached domain
> credentials as well if you do it that way.
>
> --
> Regards
> Christoffer Andersson
>
> No email replies please - reply in the newsgroup
> ------------------------------------------------
> http://www.chrisse.se - Active Directory Tips
>
> "Fred Yarbrough" <fcyarbrough@yahoo.com> skrev i meddelandet
> news:eWJmmUFPEHA.3020@tk2msftngp13.phx.gbl...
> >
> > BACKGROUND
> > We are migrating to a Windows 2003 AD domain with password changes
> required
> > every 90 days. In the past we did not require password changes and our
> > "road warriors" laptop's belonged to our domain. It used cached
> credentials
> > when they were not connected to our network. Things worked fine for the
> > most part.
> >
> > PROBLEM
> > Now that we are requiring password changes, our remote users (Windows
2000
> > Pro and XP Pro) log into their laptop using the cached domain
credentials
> > and then connect to our company via VPN and Dialup. On the connection
> > attempt, they are forced to change their password for their AD domain
> > account. They can successfully change their AD domain password but this
> > DOES NOT change their cached password that the system has. When they
> > disconnect from our network, and try to login to their laptops using the
> > cached domain password and they must enter their old password. Our
> > workaround has been for the user to connect to us and then do a CTRL ATL
> > DELETE and perform a change password from here. This resets both the
> cached
> > password and the domain password and works. We want to implement a
policy
> > that passwords cannot be change for 2 days after they are set to keep
> people
> > from rolling their passwords to the old one. This solution is not
> > acceptable for us.
> >
> > We are considering making all of our laptops non-domain members. Users
> will
> > simply login to the local machine. They will still have to login to the
> > domain when they attempt to connect but they can choose whether to keep
> > their local and domain accounts synchronized or not.
> >
> > Thanks,
> > Fred
> >
> >
> >
>
>
- Next message: Simon Geary: "RE: Rename DC"
- Previous message: Alan: "Re: How can I format my master DC and make it master DC again?"
- In reply to: Chriss3: "Re: How does your company handle this issue?"
- Next in thread: Fred Yarbrough: "Re: How does your company handle this issue?"
- Reply: Fred Yarbrough: "Re: How does your company handle this issue?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
