Re: /sigh/ Latops in a domain...

Thank you. The password never expires option violates our Sarbanes-Oxley
policy. We might get an exception for it, but I'd like to exhaust all other
options before reccommending that.

Sorry for posting in the wrong group.

One question, though - would this group be appropriate for finding a way to
launch two applications before the logon screen appears? I have been able
to launch one at a time by using startup scripts in local policies, but I
can't launch two of them at the same time (one has to exit first, which I
can't have since both the dialer and VPN client need to be running all the
time).

Thanks much,
Gabe

"Tom Che [MSFT]" <v-tomche@xxxxxxxxxxxxxxxxxxxx> wrote in message
news:3yPcvzWfFHA.1336@xxxxxxxxxxxxxxxxxxxxxxxx
> Hi Gabe,
>
> Thanks for posting here.
>
> From your post, my understanding of this issue is: The laptop users cannot
> access the file share via VPN due to their password expiration. If this
> is
> not correct, please feel free to let me know.
>
> This issue seems to be related to Active Directory, so I would suggest
> posting in the newsgroup below:
>
> microsoft.public.windows.server.active_directory
>
> This is a more appropriate forum for your question where you will get the
> most qualified pool of respondents and other partners in the newsgroups
> who
> can either share their knowledge or learn from your interaction with us.
> Thank you for your understanding.
>
> However, I think there may be a simply way to resolve this issue:
>
> You may add all laptop users to a Group in AD, and then apply a security
> policy similar with "Password never expires" on this Group.
>
> This is just an idea, for more detailed about this, please post in above
> newsgroup. I believe you will get perfect solution there.
>
> Have a nice day!
>
> Sincerely,
> Tom Che
>
> Microsoft Online Partner Support
> Get Secure! - www.microsoft.com/security
> =====================================================
> When responding to posts, please "Reply to Group" via your newsreader so
> that others may learn and benefit from your issue.
> =====================================================
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>
> --------------------
>>From: "Gabe Knuth" <gknuth@xxxxxxxxxxxxxx>
>>Subject: /sigh/ Latops in a domain...
>>Date: Wed, 29 Jun 2005 16:05:52 -0500
>>Lines: 31
>>X-Priority: 3
>>X-MSMail-Priority: Normal
>>X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
>>X-RFC2646: Format=Flowed; Original
>>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
>>Message-ID: <ecg515OfFHA.3256@xxxxxxxxxxxxxxxxxxxx>
>>Newsgroups: microsoft.public.windowsxp.configuration_manage
>>NNTP-Posting-Host: 65.247.121.5
>>Path:
> TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP1
> 2.phx.gbl
>>Xref: TK2MSFTNGXA01.phx.gbl
> microsoft.public.windowsxp.configuration_manage:12847
>>X-Tomcat-NG: microsoft.public.windowsxp.configuration_manage
>>
>>This old battle again...
>>
>>We've got an AD (previously used only Netware for the PC's) with 1200 or
> so
>>users in it. About 100 of those are laptop users that are rarely in the
>>office.
>>
>>In the past, the users would log on to their local machine, connect via
>>Contivity VPN, then authenticate to a Windows file share in a domain that
>>pretty much only servers were in by using their domain credentials. Their
>>passwords were set to never expire and were synched manually with their
>>Novell and local machine passwords.
>>
>>Now we're adding them to AD. We've got a corporate SOX policy in place,
> so
>>each user is required to change their password afte x-number of days.
>>Problem is, these users don't connect to the network with their laptops
>>before their password expires. That works OK for the local machine, it'll
>>just cache it until they plug in again, but if they log on with their
> cached
>>password (after connecting to the VPN), they won't be able to connect to
> the
>>file share.
>>
>>What's everyone else doing in situations like this? I've been trying to
>>find a way to have their dial-up client and their VPN client launch before
>>the logon to the box. That should fix this. It seems to me there is a
>>simpler way, and I'm just mucking it up and over thinking it.
>>
>>Any thoughts are appreciated.
>>
>>Thanks,
>>Gabe
>>
>>
>>
>


.

Relevant Pages

  • Re: Password Policy
    ... You minimum password age is badly high. ... Steve Riley wrote an excellent article on why password complexity is not so ... allowed to change their password before it expires. ... You can circumvant a bit the password policy by having 'password never ...
    (microsoft.public.windows.group_policy)
  • Re: Password expires for no apparent reason
    ... do not know if the policy was set and then cahnged to 'not defined'. ... the minimum password age is there to prevent users from blowing ... As Harj said Account lockouts could potentially be a problem as perhaps ... Password expires for no apparent reason ...
    (microsoft.public.windows.server.active_directory)
  • Re: Password never expires-cant force user to change password
    ... I'm just not a very good script writer and am not very confident. ... > password policy other than the fact that instead of thinking that UserA has ... > 90 days until their password expires, after you run the script UserA's ... >> expiration dates are staggered by department. ...
    (microsoft.public.windows.server.active_directory)
  • Re: password policy by organizational unit
    ... and created accounts and set thepolicyin the OU to 10 characters. ... other 2 options are to purchase a 3rd party tool and keep one domain ... users have the strict policy of minimum length and change every 40 ... to password never expires, and the rest change according to the group ...
    (microsoft.public.windows.group_policy)
  • Re: VPN and Password Policy
    ... I know of no official document and it seems to vary depending on VPN client. ... had success changing an expired password using the built in Windows 2000/XP VPN ... remind them to do such before their password expires. ...
    (microsoft.public.win2000.security)