Announcement

Collapse
No announcement yet.

Password changes while user is not in the office

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Password changes while user is not in the office

    If I set our password policy to change say every 30 days, and when the 30 days comes up one desktop user is not in for say a week and a notebook user is away offline for say three weeks at this time, how will the password policy be handled?

    Will the notebook user be prompted on the 30th day to change his password eventhough he is not actively connected to the LAN?
    |
    +-- JDMils
    |
    +-- Regional Systems Engineer, DotNet programmer & Jack of all trades
    |

  • #2
    Re: Password changes while user is not in the office

    This causes HUGE problems - and it's one that M$ didn't think of when they arranged AD. VPN connections to the AD have mitigated problems somewhat; but if a user is away at a location and cannot connect to the VPN...

    He will either:

    not get prompted to change his password. When he gets back he will immediately get forced to change his password.

    OR

    get prompted to change his password. IF he does so and then attempts to connect to a network resource he will lock out his user account because the network will not be aware of the change. This will necessitate a return to a core site because even if they unlock his account, it may not get back to the user's machine that this has happened.

    Basically it's a minefield; and what we do is put all laptop users in their own OU and set them to "Password never Expires" via policy.


    Tom
    For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

    Anything you say will be misquoted and used against you

    Comment


    • #3
      Re: Password changes while user is not in the office

      If a user is loging from the cache (the laptop is not connected to the network or the AD is not reachable) the user is NOT prompted to change his /her password.
      It will happening first time when the logon request is validated by a DC (online logon).
      Regards,
      Csaba Papp
      MCSA+messaging, MCSE, CCNA
      ...............................
      Remember to give credit where credit is due and leave reputation points where appropriate
      .................................

      Comment


      • #4
        Re: Password changes while user is not in the office

        Originally posted by netxt View Post
        If a user is loging from the cache (the laptop is not connected to the network or the AD is not reachable) the user is NOT prompted to change his /her password.
        It will happening first time when the logon request is validated by a DC (online logon).
        Right. But some VPN's do not have the capability of delivering the "You need to change your password" message. Also, when Outlook is the only way of authenticating to a DC, it will NOT prompt you to change your password, it will simply fail to authenticate if the password has expired.

        It's a minefield I tell you.


        Tom
        For my own and your protection, I do not provide support by private message under any circumstances. All such messages will be deleted and ignored.

        Anything you say will be misquoted and used against you

        Comment

        Working...
        X