Right now, Server has one set of credentials and the local machine has another set of credentials. We also looked at using a script that sent an E-mail to these users 5 days before expiration with the instructions in it again. The problem comes for the handful of office users who are permanently remote. I have a windows 2008 domain. My eyes are bleeding because I'm in a very similar situation with users who work from home. Again, I am just throwing out some theory's and ideas. Then we got a call from their boss saying that they were unable to get their work done because they were locked out--to which we replied that the user didn't change their password in time--never had a problem since then.
All laptops using a checkpoint vpn client to connect to our internal network. Here is where the fun starts. My point is if there is a way to avoid this situation? I know that one consultant in particular will be back in the office tomorrow. When a user forgets their password they need to find an automatic wireless or Ethernet cable connected network to connect to. I suspect it's to do wit hlogging on with cached passwords.
Just make sure there is a local acct you can give away the pw to on every system. The other question here, is what to do for Group Policy forced change? I seems like something is wrong on the policys that block the password update. Check out these other great. I remember people posting powershell scripts that probably worked a lot better on here from time to time. Password Reset: Now comes the part where a user is irresponsible even though they received 10+ emails reminding them. I need to implement a policy lo let them change their password when it expires beacuse it is requiered. Utilizing the password expiration notification will email the end users at predetermined intervals to notify the end user of the impending password change.
You can go the email route to remind them or suggest they put a recurring appointment in their calendar to change their password every 40 days or so. I am in the healthcare industry and we have some users that are not technically part of my company but have user accounts in my domain. We had the same problem with it failing so the programmer wrote some script that would send them an email 2 weeks prior to remind them to change it. Once you have the required information to make a connection, you can jump into settings and get everything running. Having users log into a second machine, waiting, syncing, etc when the user should be able to do it a the console they are currently working on is where they should be able to change their password. I just dont understand why Microsoft's software doesnt allow some of the easiest things to make a user happy. Set their passwords to never expire.
Win7 works fine for wireless but it must be a previously saved and automatic network for it to work, no new connections. No idea what was different, but take caution. If this is an issue with Microsoft and it isnt something that can be done I am fine with that. In theory here is what I would like to see: Continue using the current infrastructure. However, that was obviously less than ideal. I've been for a while finding out what is the problem but I don´t know what is wrong. We use this for scenarios where users forget or are confused on what the last cached local password is.
Log on to the remote workstation using the cached credentials. They both also offer the potential for self service password resets. Thanks for your input, everyone. I hear what you say but what you report still suggests that the office server's password policy has been applied to your laptop. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended. Thank you for a great idea, but we have exchange but not all users are created with an email account.
The thursby product looks interesting as a long term solution but will require some vetting and evalutation before we could purchase and roll it out. Again, it all depends on your environment. I just don't want to foobar his laptop by having him do the wrong thing and locking him out of it when he is 5000 miles away. The end user then locks their computer and unlocks the computer but this time supplies the new password they have just set. It also proactively notify domain users regarding their password expiry; so that, users can change their password in advance.
Honestly that doesn't sound like a sound solution. The local cached credentials should be updated. I had a kind of wonky python script that would run everyday to check whose passwords were close to expiring and then email them these instructions. In my lab I tried with a windows 7 laptop and everything works fine beacuse I tried with pptp and l2tp with ipsec. Spiceworks does have the option of doing this, but that means you would need to give that server access to the outside world. I am using windows vpn conncetion becusae it's easy to use no problems like changing your pssword and hacking. This has worked on the majority of clients I've needed to use it on, however, I've had it not work once.