Solved

How to prompt users to change password remotely when expired?

Posted on 2008-10-11
4
1,123 Views
Last Modified: 2009-12-16
My remote users are using Cisco VPN client to connect to the corporate network. We have a Microsoft GPO to force change Windows password (AD) every 90 days.

When the password is expired remote users can not use Outlook, access to network drives...

Is there anyway to let them know when the password is going to expire remotely? Or anyway they can change it remotely by themselves? At the moment they call us and we set a new password in AD.

Thanks,
Alejandro.
0
Comment
Question by:alexsaiz
4 Comments
 
LVL 27

Accepted Solution

by:
Jason Watkins earned 500 total points
ID: 22697739
0
 
LVL 16

Expert Comment

by:The_Kirschi
ID: 22702818
Hi,

do you know about the "Enable start before logon" option in VPN Client? I think that would solve this issue:

http://www.cisco.com/en/US/products/sw/secursw/ps2308/products_user_guide_chapter09186a008015ce82.html#1301567

Daniel
0
 
LVL 7

Expert Comment

by:Mikealcl
ID: 22702861
IIRC there is no way to get a "prompt".  Its the same as if you leave an xp machine on the network and the users password expires.

Normally we told our remote users they had to disconnect/reconnect when this happens.  Then the cisco vpn client will prompt for a password change.  After the password change they then have to lock out/unlock there computer to update the local password hash, else there workstation will continue to use an incorrect one.

Vista has a feature that pops up and tells you when your password is going to expire ahead of time, from the systray.  I haven't had the chance to see if that is functional over VPN but that might be a good valid solution if your willing to use vista.


0
 

Expert Comment

by:wooden1
ID: 22779863
I hate suggesting using a 3rd party tool but there is a great tool "Password Reminder Pro" from www.sysopstools.com 
It sends out reminders (you can customize what the reminder says) via email (15 days, 7 days 1 day) before a password expires l - pretty cheap cost - something like $300 per 100 users.  I have many clients who ask for something like this and it helps the service desk a lot!  
And no I don't work for them just found this product when having the same type of issue.
0

Featured Post

Free eBook: Backup on AWS

Everything you need to know about backup and disaster recovery with AWS, for FREE!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article outlines the process to identify and resolve account lockout in an Active Directory environment.
This article demonstrates probably the easiest way to configure domain-wide tier isolation within Active Directory. If you do not know tier isolation read https://technet.microsoft.com/en-us/windows-server-docs/security/securing-privileged-access/s…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question