We help IT Professionals succeed at work.

Remote Windows Workstations & Domain Password Expiration

deklinm
deklinm asked
on
I have a windows 2003 domain controller and numerous WIndows XP workstations that connect via VPN to my corporate network.  My windows domain password policy expires every 30 days.  All of my users that are on the same subnet as the domain controller are informed by the operating system that their password will be expiring and have an option to change it.  However, all of my remote users do not receive this option therefor they don't change their passwords.  How can I enable remote users to receive the alert that their password will be expiring in "X" days and allow them to change it when they are remote?
Comment
Watch Question

Setup a policy so that the IP scheme that the VPN users get from your server also get the notification.  Don't they have to log into the domain in order to authenticate to the VPN?  
Top Expert 2005
Commented:
Remote users can't be infomed using the normal methods that are used locally.  You'd have to create a script to send them email.
DonNetwork Administrator
Commented:

Author

Commented:
SO i can use a VBscript to notify users when their password is about to expire.  How do VPN users successfully change their ADUC passwords and how do I ensure that the ADUC password and the cached password on the laptop is sync'd up correctly?
DonNetwork Administrator

Commented:
"How do VPN users successfully change their ADUC passwords"
 
They should be able to hit CTRL+ALT+DEL and select change password
Top Expert 2005

Commented:
They can't.  Unless the VPN tunnel can be maintained when you log off then back on, you are still logged into the machine using cached credentials.  There are two ways to do this:

1)  Have the users come in and physically connect to the LAN to do it.
2)  When they are VPn'd in, use RDP to another workstation to reset it - however they still won't get it cached locally.

A third option is to use something like rDirectory to have a self-service password reset site.  Again, this doesn't solve the local caching issue.

It's been a problem for years, so you aren't alone.