No announcement yet.

Domains, user profiles and VPNs

  • Filter
  • Time
  • Show
Clear All
new posts

  • Domains, user profiles and VPNs

    Not sure if this is the right place to post this - if so please redirec me.

    I have several users that log into the network via a VPN appliance. One of these users is almost never in the office and as such never logs into the network directly (he has only been in the office once since his laptop was set up.0 All access to network resources is done via the VPN and in general, he has no problem accessing network resources. However, we noticed a problem recently. Despite manually expiring his password and forcing him to change at next logon, he is never prompted to create a new password. This is also preventing him from accessing new network resources. In other words, he can only see what was there when he was last physically in the office. The other users come to the office so they do not experience this issue.

    It is my understanding that, by default, clients cache the domain
    account and password for local logon in the event a domain controller
    cannot be contacted. Since he logs into his computer first and then attaches to the network via the VPN, this cache is never updated at "login".

    How can I force him to synchronize with the network, update his cached credentials and allow him to gain access to the network resource?


    Other info:
    1 domain controller
    Password policy setup in default domain policy
    VPN Appliance: Symantec 360
    VPN Client: Symantec Client VPN


  • #2
    Re: Domains, user profiles and VPNs

    Hi Mate,

    Ignore me if this is a daft suggestion but, have you tried flagging his password to never expires?

    I know it shouldn't be the done thing but, if it's only one user and you make sure his password is strong enough it should be ok.

    Only other thing I can think of is getting him to use OWA (if you have MS Exchange). This will prompt for password change when it's due to expire.

    Hope this gives you something to go on.




    • #3
      Re: Domains, user profiles and VPNs

      He should log off his laptop, then log on again while checking the 'log on using dailup connection' box, and selecting the VPN connection. This forces a true logon. I don't think you can force him to do this, but you can try talking to this guy