General discussion

Locked

How can VPN users change domain password

By tbings ·
Our remote users access the company network using Cisco Concentrator/Cisco VPN client. To connect to the network they have to establish a VPN tunnel and authenticate with their Domain user name an password. They do not log on to the Domain.
How can remote users change their domain password?

We would like to tighten our password expiration policy, but if their pwd is expired the users will not be able to establish a tunnel.

Clients use WinXP, the domain is a Win 2003 environment.
Thanks so much in advance.

This conversation is currently closed to new comments.

11 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by zaferus In reply to How can VPN users change ...

We experience the same issue. A user once VPN'd can change their password by standard means (ctrl-alt-del change password). If they change it when they are NOT connected to the VPN the pass through authentication fails.

We saw 3 choices:
1. Educate the users how to change their passwords when VPN connected. We also looked at using a script that sent an E-mail to these users 5 days before expiration with the instructions in it again.
2. Use RSA keys for authentication protection.
3. Set their passwords to never expire.

We chose #1, it works ok we still get the odd help desk call with an "oopsie".

Collapse -

Script Emailed to the user

by rannaloro In reply to

I'm have the same issue, I would chose option #1 as well simply because I like the E-mail aspect of it. Can you advise me on the script that you would establish?

Collapse -

Option 4.

by rpachon In reply to

If they changed it when they are not connected to the VPN, this is what they can do:
1. Log on to the remote workstation using the cached credentials.
2. Initiate a VPN session using the updated credentials.
3. Lock the workstation using Ctrl-Alt-Del.
4. Unlock it using the updated credentials.
The local cached credentials should be updated.

Collapse -

by vcbitoon In reply to How can VPN users change ...

If a password expires. A dialog box will ask for a new password. Authenticated users are allowed to change the password for VPN users also. Once able to authenticate. As long as the account login is not lock. Lock Account cannot change password. An administrator account should unlock the lock account before a user can login and change his password.

Collapse -

VPN Password Expires

by rannaloro In reply to

I have similar issue,I have been testing I don't receive a dialog box that my password is expired, it just doesn't authenticate me.

Collapse -

VPN Password Reset solution

by sales In reply to VPN Password Expires

Check out OUrganizeIT by Synergix http://www.synergix.com. In addition to keeping computer objects organized, it also has a feature to keep the GPO up to date and prompts the VPN user to change the password 'x' days before it expires.

Basically, it bridges the gap between VPN connected users and LAN connected users....The net effect of OUrganizeIT is that it treats VPN connected devices and users just like LAN connected users; it updates the domain controller security logs and lastLogon attribute even for users who log in using cached credentials.

Collapse -

No more email for password expirations !

by dabradabra In reply to VPN Password Expires

No more spamming users with email notifications. Synergix Object Manager (www.synergix.com) is seemless and effective. Plus, GPO updates, user login scripts run even when using cached logins, as a remote user will typical use.

Collapse -

If a password expires. A dialog box will ask fo...

by nowakowsky In reply to

This is not always true with the Cisco 3000 vpn concentrators. You have to have the Group authentication set to RADIUS with Expiry for this to work. There are 4 other methods of Authentication that will not allow allow you to change expired accounts.

Collapse -

Password Expiration Notification

by dabradabra In reply to If a password expires. A ...

The idea behind Synergix ADCE ( www.synergix.com ) software is that it is VPN client software agnostic; it will work with legacy VPN client software and SSL VPN client from "any" vendor.

In addition to the Password Expiration Notification, it will also address the group policy refreshes, user logon script execution ( immediately after VPN connection is established ) , Kerberos ticket refreshes, DNS duplicate entry reconciliation and many other issues that surround a remote computer connecting to corporate network using VPN or WiFi connection ( basically, users logging in with cached credentials )

It will also help out with other products ( ex. disk encryption products ) that integrate their login with Active Directory

Collapse -

windows vpn connection.

by johnnyfreud786 In reply to How can VPN users change ...

Well, changing password is an easy job there is setting in the vpn connection and in account section you can change your password. But you should remember your old password to change it, without it you can???t log in. I am using windows vpn conncetion http://www.bestvpnconnection.com/vpn-windows-xp/ becusae it's easy to use no problems like changing your pssword and hacking.

Back to Desktop Forum
11 total posts (Page 1 of 2)   01 | 02   Next

Hardware Forums