larry73
asked on
Password resets for remote users
Our domain password policy enforces a change every 90 days. Our password policy also states that we (IT) shouldn't even know the user's passwords -- we're a health care facility, so it's a HIPAA thing.
It's not a problem for most users, but we have a couple of users who are telecommuters -- they connect to the VPN and work via RDP. When their password expires, they can't connect to the VPN anymore and therefore can't log to change it. And from the experiments that I've done, connecting to a machine via RDP wouldn't work to change your password anyway, you have to be logging in locally to a domain machine. We even tried using Webex and letting them take control to type a new password into the ADUC console, but Webex is apparently too secure for that because it won't allow them to type in the password fields -- they can type anywhere else, just not in those fields.
There must be a way to support this, as there are a lot of remote employees in the workforce today. Any ideas on how we can do this and stay within our policy?
It's not a problem for most users, but we have a couple of users who are telecommuters -- they connect to the VPN and work via RDP. When their password expires, they can't connect to the VPN anymore and therefore can't log to change it. And from the experiments that I've done, connecting to a machine via RDP wouldn't work to change your password anyway, you have to be logging in locally to a domain machine. We even tried using Webex and letting them take control to type a new password into the ADUC console, but Webex is apparently too secure for that because it won't allow them to type in the password fields -- they can type anywhere else, just not in those fields.
There must be a way to support this, as there are a lot of remote employees in the workforce today. Any ideas on how we can do this and stay within our policy?
What type of device is the VPN?
ASKER
It's a Cisco ASA 5510.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Ah, I broke the cardinal rule -- always look first. And here I thought our problems were unique. ;)
Thanks!
Larry
Thanks!
Larry