Re: Computer Password Change

How about 2000 / XP clients which only VPN onto the network to access
e-mail, files, or department applications (some clients for very
short periods of time)? Will these clients update their computer
password in AD? Will the change occure the moment the VPN connection
is established or when they begin accessing AD resources (assuming
password age requirements have been met)? These clients are already
logged on to their desktop, using cached domain credentials, and VPN
only when network resources are needed.

I'm using DSQUERY followed by DSRM to remove computers with passwords
90 days stale. A VPN user claimed to connect daily, yet reports of
the clients 'PWDLASTSET' attribute have shown this client's computer
password had not reset in over 700days?!?!

Could a Windows XP system fail to update it's password over a VPN or
did the system always miss an interval, causing failure to the
password change?

> Tim

> Joe Richards [MVP]wrote:
"]Clients control their own password changes. By default it is every
30 days for
> Windows 2000 or better clients, every 7 days for Windows NT.
Machines can be
> configured to change passwords on different time frames, the domain
controllers
> do not expire computer accounts.
>
> Computers DO NOT ever have to change their password and they will
function
> properly.
>
> Versus scripting you may want to check out this tool
>
> http://www.joeware.net/win/free/tools/oldcmp.htm
>
> It has been immensely popular. If you get Windows IT Pro magazine it
has been
> mentioned in several articles including some articles on setting up
a process to
> automatically run it every day or week or month and emailing the
DHTML reports
> to someone.
>
>
> --
> Joe Richards Microsoft MVP Windows Server Directory Services
> www.joeware.net
>
>
> Donnie Byerley wrote:
> Is there any Microsoft documentation that discusses when and how a
computer
> changes it's password. I'm not interested in forcing a change with
NLTEST.
> Rather, I want to know what triggers the computer to change it's
password and
> how often it does it by default. My scripts that query pwdLastSet
appear to
> be returning passwords that haven't changed for a year. I'm using
this
> information to identify and delete inactive computers. Any help
would be
> appreciated.
>
> Donnie Byerley
> [/quote:90b01766be]

.

Relevant Pages

  • Re: Cant locate resources by name... I have to use their IPs
    ... Make sure the ISA firewall assigns VPN clients a WINS server address. ... > When I VPN into our network from home, I can't find computers, servers, ...
    (microsoft.public.isa.vpn)
  • RE: VPN MTU Question
    ... Our VPN clients get disconnected frequently and I am hoping this ... > Based on my research, Microsoft Windows Server 2003, Microsoft Windows ... This is the default setting for VPN clients and for VPN ... Do I need to modify all the clients as well as the servers? ...
    (microsoft.public.win2000.ras_routing)
  • RE: Security and VPN
    ... VPN is that they are extending their network out to the VPN endpoint. ... Now that home desktop is on your network. ... also clients that will force a virus scan of the workstation and force ...
    (Pen-Test)
  • GPO: User to change TCP/IP settings:
    ... Server: Windows 2003 Standard ... Clients: Windows 2000 SP4 ... GPOs set. ... Administrative Templates -> Network -> Network Connections) there are a ...
    (microsoft.public.win2000.active_directory)
  • printing across network using multifunction printer psc1315
    ... Printing to the HP PSC1315 across a network having windows xp, ... Printing with linux client to linux server and windows xp to windows xp ... With the win98 clients, this was all that was required. ...
    (comp.os.linux.networking)