Re: Remote users (VPN) are never prompted to chg PW

From: "Rich Raffenetti" <raffenetti@xxxxxxxxxxx>
Date: Fri, 27 Oct 2006 23:39:42 -0500

There are a lot of ways that users may authenticate to AD without getting a
warning about the expired password.

What we did is write an application that checks daily when passwords are
upcoming for expiration and sends them email to that effect. We send email
14 days, 7 days, and 1 day prior to expiration.

"Ulf B. Simon-Weidner [MVP]" <nospam2-ulf@xxxxxxxxxxxxxxxxxx> wrote in
message news:8B4D0835-DFF3-475A-A182-E6540D0EC282@xxxxxxxxxxxxxxxx

"CParrish" <CParrish@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:DF41320C-2337-45CA-BFE9-C97DD47AB0BB@xxxxxxxxxxxxxxxx

I have multiple remote users who are never prompted to chg thier PW when
the
90 day period is up. They wind up locking thier account and having to
call
the Helpdesk and have thier PW reset.

I am unable to find a good solution for these people, any
suggestions/solutions would be greatly appreciated.

Hello,

notifying the user is done by the client, when the user is logging onto
the domain. However since your users are appearently logging on using
cached credentials and afterwards dialing into your VPN.

One possiblity would instruct your users dialing into VPN before logging
into the domain. This is possible with many VPN-Solutions. MS-based VPN
allows you to set a checkbox during logon to dial up (also VPN) first,
Cisco VPN allows you to have the dialog poping up before logon when
pressing Crtl-Alt-Del.

Another way would be to provide a custom script which you may initialize
via your VPN-Client or which is running as a service or so, and check the
password expiration yourself.

--
Gruesse - Sincerely,

Ulf B. Simon-Weidner

Profile & Publications:
http://mvp.support.microsoft.com/profile=35E388DE-4885-4308-B489-F2F1214C811D
Weblog: http://msmvps.org/UlfBSimonWeidner
Website: http://www.windowsserverfaq.org

References:
- Re: Remote users (VPN) are never prompted to chg PW
  - From: Ulf B. Simon-Weidner [MVP]

Prev by Date: Re: Windows Server 2003 Enterprise PKI
Next by Date: Re: User GPO Not Applied
Previous by thread: Re: Remote users (VPN) are never prompted to chg PW
Next by thread: how to disable IE's URL box when client logon
Index(es):
- Date
- Thread

Relevant Pages

Re: Remote users (VPN) are never prompted to chg PW
... They wind up locking thier account and having to call ... However since your users are appearently logging on using cached credentials and afterwards dialing into your VPN. ... MS-based VPN allows you to set a checkbox during logon to dial up first, Cisco VPN allows you to have the dialog poping up before logon when pressing Crtl-Alt-Del. ...
(microsoft.public.windows.server.active_directory)
Force mapped drive not to connect at startup on Windows XP
... connected to a VPN. ... On logging in it attempts to logon or connect to ... the mapped drive and the login hangs for upto 60 additional seconds. ... Is it possible to force the mapped drive not to logon until i actually ...
(microsoft.public.windowsxp.network_web)
RE: Offline files, VPNs (PPTP) and Slow Link Detection
... To confirm, if a slow link is detected, then certian GPO policies will not ... at the CRTL+ALTLDEL screen via a dial up VPN? ... with Slow link detection", I can assume that if the folders such as "My ... Logon domain and VPN. ...
(microsoft.public.windows.server.sbs)
RE: VPN Problem with a domain account versus local computer account
... logon domain remotely. ... allow VPN client access, and there is a client computer that is configured ... Enable remote access on domain user accounts ...
(microsoft.public.windows.server.sbs)
RE: SBS Standard VPN Setup using L2TP
... I understand that the login script is not applied when users logon through ... Windows" dialog box and choose an appropriate connection to gain access to ... and then logon by using dial-up connection option after you create the VPN ... Did you configure a login script group policy in AD or configure a logon ...
(microsoft.public.windows.server.sbs)