Authenticating user

thenrich used Ask the Experts™
I have a remote user with a laptop that is joined to our domain but he cannot login into the laptop using his credentials as that laptop had never been logged into with his credentials. He was able to log in using a previous users credentials and then VPN into our network and add his user under user-accounts in control panel with no problems but when he logged out and back in with his credentials he still had no luck. How can I get him authenticated on our network remotely?
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Since he has never logged in to the computer he does not have any cached cradentials on the the laptop to authenticat against.

your only option is to establish a connection to your network for him to authenticate against. Some VPN clients have the option to connect prior to login, but you might have to get the laptop back inhouse to log him in.


he running VPN client

Is it a windows vpn and what os?

You have remote users who rarely, if ever, visit an office, and connect almost exclusively through a VPN. The VPN connection isn't a significant support headache except when you need network access during Windows logon. For example, when creating a local account profile or changing a user's domain password.
The following instructions show you how to achieve VPN connectivity during Windows logon using Microsofts, Ciscos and Checkpoints VPN clients and should work on either Windows 2000 or Windows XP:
Configure the machine's network identification
1. Login using a local account with administrative rights and make a VPN connection to the network.
2. Open the Network Connections window and click Advanced | Network Identification. From the Computer Name tab, click the Change button.
3. Enter the appropriate computer name and domain name.
4. Add any special user or group permissions specific to your organization.
5. Reboot the PC when prompted to do so.
Use one of the following instruction sets depending on your organization's VPN solution.
Using the Microsoft Dial-Up Networking/VPN Connection
6. At the initial Windows XP Logon screen select Logon Using Dial-Up Networking.
7. When prompted to select a connection method, click the drop-down list and select the corporate VPN connection.
8. Logon and include the domain name.
Using the Cisco VPN Client
6. Login locally to the workstation.
7. Start the Cisco VPN Client and select Options.
8. Select Enable start before logon. This allows the Cisco client to connect to the network before Windows logon takes place.
9. Reboot and wait until the Cisco login prompt appears to establish a VPN connection.
10. Logon to Windows with the user's AD domain credentials. Since a VPN connection has already been established a new domain account/profile will be created for the user.
11. Open the Cisco VPN Client and deselect Enable start before logon to return to the regular operational state.
Using the CheckPoint SecureClient
6. Click the SecureClient icon in the system tray.
7. Open the Passwords menu and select Enable SSO.
8. Reopen the Passwords menu and select Enable SDL. Note: To avoid logon error messages, disable SDL before you change the client's domain membership (remove it from a domain or join a different domain).
9. Select the Passwords menu and select Configure SSO. Enter your domain username and password, as well as your SecureClient username and password.
10. Close the SecureClient and reboot the machine.


This did it. There was an option to run prior to login

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial