Announcement

Collapse
No announcement yet.

How do you deal with remote RPC/HTTPS clients on non domain PCs?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • How do you deal with remote RPC/HTTPS clients on non domain PCs?

    I have several users at one office who use RPC over HTTPS to connect to their exchange mailbox (Outlook 2007/2010 and Exchange 2007 SP2). The PCs that they are using are not joined to the domain. Mostly because many of the PCs are home computers and not running a joinable OS. Plus, they rarely come into the office and as a result their computer accounts would expire. Many of them aren't yet on an updated version of Windows that can pull policy down after a user has logged on and connected with a VPN. Oh, and asking some of them to use a VPN might be a bit much. Errr... let's just leave it at that.

    The problem is that their passwords expire but the only visible symptom is that they can no longer log into Outlook. No specific warning message is presented. I just get a call "I can't get into Outlook!" and then look at the calendar. Yep, it's been about three months since the last call. I've tried to get people to log into OWA once in a while to change their password, but that's not working out so well.

    Questions:
    • Does anyone here have a similar set of users? (This is a lot like a hosted Exchange environment, in that regard. Anyone here work or worked in a hosted Exchange environment?)
    • How do you handle passwords with these types of users?


    At the moment, I'm setting up all AD account passwords for these remote users to never expire. I'm going to at least create a script that filters accounts based on the PasswordLastSet date and then fires off a message if it's getting close to the expiry date. Three cheers for send-mailmessage.
    Wesley David
    LinkedIn | Careers 2.0
    -------------------------------
    Microsoft Certifications: MCSE 2003 | MCSA:Messaging 2003 | MCITP:EA, SA, EST | MCTS: a'plenty | MCDST
    Vendor Neutral Certifications: CWNA
    Blog: www.TheNubbyAdmin.com || Twitter: @Nonapeptide || GTalk, Reader and Google+: [email protected] || Skype: Wesley.Nonapeptide
    Goofy kitten avatar photo from Troy Snow: flickr.com/photos/troysnow/

  • #2
    Re: How do you deal with remote RPC/HTTPS clients on non domain PCs?

    Sadly I have a few users who are in the same boat, and have done the same thing (except I have not been bothered to set reminders, one advantage to being in the SMB game). Having 2-3 users whos passwords never expire, but accounts are locked right down (they never come into the office, so why do they need local access, or this premission...) is not a big problem for us.

    As for a Fix, there are lots, but sadly all of them require you to update something be it the client OS, or the protcal used to connect, or the users themselfs (upgrade them (training)).

    One solution is to change the users to logging in via RDP/RWW to a Terminal server or a spare computer, this will then let the users change there own password, and have it updated on the server, they will then just need to give outlook the new password. We have this on one site that has some international workers, lets them log onto a spare computer in the office that sits there for that reason.

    If you do find a nice solution, please post it up, as its been one of those things that I do, but hate having to do dodgy patch fixes like that.

    Wofen
    Good to be back....

    Comment


    • #3
      Re: How do you deal with remote RPC/HTTPS clients on non domain PCs?

      Originally posted by Wofen View Post
      (except I have not been bothered to set reminders, one advantage to being in the SMB game).
      This is an excedingly small business as well, but for some reason I really disliked making passwords not expire.


      Originally posted by Wofen View Post
      Having 2-3 users whos passwords never expire, but accounts are locked right down (they never come into the office, so why do they need local access, or this premission...) is not a big problem for us.
      That's a good point. I could just remove much of their access to the network and be done with it. However, I'm not entirely sure they won't ever use office resources and I don't want to get called back as frequently as I am right now. I'm trying to work myself out of a job there while I start my own services business. Plus, I want to get people in the habit of changing passwords.

      Originally posted by Wofen View Post
      One solution is to change the users to logging in via RDP/RWW to a Terminal server or a spare computer, this will then let the users change there own password, and have it updated on the server, they will then just need to give outlook the new password. We have this on one site that has some international workers, lets them log onto a spare computer in the office that sits there for that reason.
      Wow, nice and simple. I always try to make a seamless solution that is as transparent as possible, and I forget that things like that make for unnecessary amounts of work while simpler methods work just as well.

      Originally posted by Wofen View Post
      If you do find a nice solution, please post it up, as its been one of those things that I do, but hate having to do dodgy patch fixes like that.
      I'm already blogging about it as I work on the solution so it should be on my website when/if I get it sorted out.
      Wesley David
      LinkedIn | Careers 2.0
      -------------------------------
      Microsoft Certifications: MCSE 2003 | MCSA:Messaging 2003 | MCITP:EA, SA, EST | MCTS: a'plenty | MCDST
      Vendor Neutral Certifications: CWNA
      Blog: www.TheNubbyAdmin.com || Twitter: @Nonapeptide || GTalk, Reader and Google+: [email protected] || Skype: Wesley.Nonapeptide
      Goofy kitten avatar photo from Troy Snow: flickr.com/photos/troysnow/

      Comment


      • #4
        Re: How do you deal with remote RPC/HTTPS clients on non domain PCs?

        I might get dinged for this, but...

        We have remote users from around the globe who connect to our TS farm as well as to our Exchange server via RPC over HTTPS. Rather than deal with the constant "How do I change my password", I got an error message about my password", "I can't get into my email", etc., etc. we set all user accounts to never expire the password. If the user wants to change their password they need to call us to do it.

        Comment


        • #5
          Re: How do you deal with remote RPC/HTTPS clients on non domain PCs?

          Originally posted by joeqwerty View Post
          I might get dinged for this, but...

          We have remote users from around the globe who connect to our TS farm as well as to our Exchange server via RPC over HTTPS. Rather than deal with the constant "How do I change my password", I got an error message about my password", "I can't get into my email", etc., etc. we set all user accounts to never expire the password. If the user wants to change their password they need to call us to do it.
          Sounds simple enough. Sometimes it's the simplest solution that works the best.
          Wesley David
          LinkedIn | Careers 2.0
          -------------------------------
          Microsoft Certifications: MCSE 2003 | MCSA:Messaging 2003 | MCITP:EA, SA, EST | MCTS: a'plenty | MCDST
          Vendor Neutral Certifications: CWNA
          Blog: www.TheNubbyAdmin.com || Twitter: @Nonapeptide || GTalk, Reader and Google+: [email protected] || Skype: Wesley.Nonapeptide
          Goofy kitten avatar photo from Troy Snow: flickr.com/photos/troysnow/

          Comment

          Working...
          X