Link to home
Start Free TrialLog in
Avatar of deklinm
deklinmFlag for United States of America

asked on

Remote Windows Workstations & Domain Password Expiration

I have a windows 2003 domain controller and numerous WIndows XP workstations that connect via VPN to my corporate network.  My windows domain password policy expires every 30 days.  All of my users that are on the same subnet as the domain controller are informed by the operating system that their password will be expiring and have an option to change it.  However, all of my remote users do not receive this option therefor they don't change their passwords.  How can I enable remote users to receive the alert that their password will be expiring in "X" days and allow them to change it when they are remote?
ASKER CERTIFIED SOLUTION
Avatar of techsupport2010
techsupport2010
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Avatar of Netman66
Netman66
Flag of Canada image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Avatar of Don
Don
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of deklinm
deklinm
Flag of United States of America image

ASKER

SO i can use a VBscript to notify users when their password is about to expire.  How do VPN users successfully change their ADUC passwords and how do I ensure that the ADUC password and the cached password on the laptop is sync'd up correctly?
Avatar of Don
Don
Flag of United States of America image
"How do VPN users successfully change their ADUC passwords"
 
They should be able to hit CTRL+ALT+DEL and select change password
Avatar of Netman66
Netman66
Flag of Canada image
They can't.  Unless the VPN tunnel can be maintained when you log off then back on, you are still logged into the machine using cached credentials.  There are two ways to do this:

1)  Have the users come in and physically connect to the LAN to do it.
2)  When they are VPn'd in, use RDP to another workstation to reset it - however they still won't get it cached locally.

A third option is to use something like rDirectory to have a self-service password reset site.  Again, this doesn't solve the local caching issue.

It's been a problem for years, so you aren't alone.