Password resets for remote users

Our domain password policy enforces a change every 90 days.  Our password policy also states that we (IT) shouldn't even know the user's passwords -- we're a health care facility, so it's a HIPAA thing.

It's not a problem for most users, but we have a couple of users who are telecommuters -- they connect to the VPN and work via RDP.  When their password expires, they can't connect to the VPN anymore and therefore can't log to change it.  And from the experiments that I've done, connecting to a machine via RDP wouldn't work to change your password anyway, you have to be logging in locally to a domain machine.  We even tried using Webex and letting them take control to type a new password into the ADUC console, but Webex is apparently too secure for that because it won't allow them to type in the password fields -- they can type anywhere else, just not in those fields.

There must be a way to support this, as there are a lot of remote employees in the workforce today.  Any ideas on how we can do this and stay within our policy?
Who is Participating?
Nick RhodeConnect With a Mentor IT DirectorCommented:
Couple methods outlined here for cisco.  Was a post yesterday :).
What type of device is the VPN?
larry73Author Commented:
It's a Cisco ASA 5510.
larry73Author Commented:
Ah, I broke the cardinal rule -- always look first.  And here I thought our problems were unique.  ;)

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.