Solved

How to prompt users to change password remotely when expired?

Posted on 2008-10-11
4
1,119 Views
Last Modified: 2009-12-16
My remote users are using Cisco VPN client to connect to the corporate network. We have a Microsoft GPO to force change Windows password (AD) every 90 days.

When the password is expired remote users can not use Outlook, access to network drives...

Is there anyway to let them know when the password is going to expire remotely? Or anyway they can change it remotely by themselves? At the moment they call us and we set a new password in AD.

Thanks,
Alejandro.
0
Comment
Question by:alexsaiz
4 Comments
 
LVL 27

Accepted Solution

by:
Jason Watkins earned 500 total points
ID: 22697739
0
 
LVL 16

Expert Comment

by:The_Kirschi
ID: 22702818
Hi,

do you know about the "Enable start before logon" option in VPN Client? I think that would solve this issue:

http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_user_guide_chapter09186a008015ce82.html#1301567

Daniel
0
 
LVL 7

Expert Comment

by:Mikealcl
ID: 22702861
IIRC there is no way to get a "prompt".  Its the same as if you leave an xp machine on the network and the users password expires.

Normally we told our remote users they had to disconnect/reconnect when this happens.  Then the cisco vpn client will prompt for a password change.  After the password change they then have to lock out/unlock there computer to update the local password hash, else there workstation will continue to use an incorrect one.

Vista has a feature that pops up and tells you when your password is going to expire ahead of time, from the systray.  I haven't had the chance to see if that is functional over VPN but that might be a good valid solution if your willing to use vista.


0
 

Expert Comment

by:wooden1
ID: 22779863
I hate suggesting using a 3rd party tool but there is a great tool "Password Reminder Pro" from www.sysopstools.com
It sends out reminders (you can customize what the reminder says) via email (15 days, 7 days 1 day) before a password expires l - pretty cheap cost - something like $300 per 100 users.  I have many clients who ask for something like this and it helps the service desk a lot!  
And no I don't work for them just found this product when having the same type of issue.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

Juniper VPN devices are a popular alternative to using Cisco products. Last year I needed to set up an international site-to-site VPN over the Internet, but the client had high security requirements -- FIPS 140. What and Why of FIPS 140 Federa…
Disabling the Directory Sync Service Account in Office 365 will stop directory synchronization from working.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now