Password Changes remotely thru VPN

TheMSsForum.com: The Microsoft Software Forum

I have remote employees who connect to our network on a daily basis
using VPN. All the workstations that they use are members of our
domain. All users are domain users and authenicate against our DC's.
We currently have a password policy that requires users to change
their password every 90 days. I can always tell when that time frame
comes up because at least half of my remote users call stating that
they can't connect. Is it possible to prompt a user who is
authenicating to the domain to be prompted that their password is
going to expire or has expired. What is the best practice that others
use to control this in regards to remote users.

Thanks
Top

Re: Password Changes remotely thru VPN by S

S
Fri Feb 23 04:51:56 CST 2007

Most organizations require a call help desk. I'm dead serious. And it's a
shame. Costs a lot, availability not ideal. For that reason we implement
password self-reset solutions. Microsoft has one:

http://www.microsoft.com/technet/security/guidance/identitymanagement/idmanage/p2pass.mspx

Also there are products that claim they can issue email warning - I've found
one called "Password Reminder Pro" - but I have never tried those.

--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-


"Tim B." <tim@kenziebug.com> wrote in message
news:1172174825.817291.35790@q2g2000cwa.googlegroups.com...
>I have remote employees who connect to our network on a daily basis
> using VPN. All the workstations that they use are members of our
> domain. All users are domain users and authenicate against our DC's.
> We currently have a password policy that requires users to change
> their password every 90 days. I can always tell when that time frame
> comes up because at least half of my remote users call stating that
> they can't connect. Is it possible to prompt a user who is
> authenicating to the domain to be prompted that their password is
> going to expire or has expired. What is the best practice that others
> use to control this in regards to remote users.
>
> Thanks
>


Top

Re: Password Changes remotely thru VPN by jwgoerlich

jwgoerlich
Fri Feb 23 07:36:43 CST 2007

> Is it possible to prompt a user who is authenicating to the domain to
> be prompted that their password is going to expire or has expired.

Yes, via group policy, you can alert the users several days before
their password expires. You can find this under:

Computer Configuration\Windows Settings\Security Settings\Local
Policies\Security Options\
Interactive logon: Prompt user to change password before expiration

"Determines how far in advance (in days) users are warned that their
password is about to expire. With this advance warning, the user has
time to construct a password that is sufficiently strong."

Regards,

J Wolfgang Goerlich

Top

Re: Password Changes remotely thru VPN by Tim

Tim
Fri Feb 23 08:03:19 CST 2007

On Feb 23, 7:36 am, jwgoerl...@gmail.com wrote:
> > Is it possible to prompt a user who is authenicating to the domain to
> > be prompted that their password is going to expire or has expired.
>
> Yes, via group policy, you can alert the users several days before
> their password expires. You can find this under:
>
> Computer Configuration\Windows Settings\Security Settings\Local
> Policies\Security Options\
> Interactive logon: Prompt user to change password before expiration
>
> "Determines how far in advance (in days) users are warned that their
> password is about to expire. With this advance warning, the user has
> time to construct a password that is sufficiently strong."
>
> Regards,
>
> J Wolfgang Goerlich

Thanks for the response. I do currently have the notification of
password expiration set in a group policy. It works fine for uses who
are always connected to the domain. It does not alert users who are
connect via VPN.


Top

Re: Password Changes remotely thru VPN by jwgoerlich

jwgoerlich
Fri Feb 23 15:53:44 CST 2007

I do not have much experience with Microsoft's VPN, sad to say. Do
logon and logoff scripts run? If so, you could create a simple script
for your remote users.

Off the cuff, I am thinking of something like ...

--------------------------------------------------------------------------------

On Error Resume Next

alertOnDays = 7
domainName = "mcmcitrix.munder.com"

Set oNet = CreateObject("WScript.NetWork")
userName = oNet.UserName

Set oUser = GetObject("WinNT://" & domainName & "/" & userName &
",USER")

dateExpiration = "(blank)"
dateExpiration = Cstr(oUser.PasswordExpirationDate)

if dateExpiration = "(blank)" then Wscript.Quit

expireInDays = DateDiff("d",Now(),CDate(dateExpiration))
if expireInDays < alertOnDays then MsgBox "Please change your
password."

--------------------------------------------------------------------------------

The "on error resume" and the "(blank)" checking is to handle the
cases when the password does not expire. If this is the case and it
was not doing error checking, then the script would throw "The
directory property cannot be found in the cache."

Will this work, do you think?

J Wolfgang Goerlich



On Feb 23, 9:03 am, "Tim B." <t...@kenziebug.com> wrote:
> On Feb 23, 7:36 am, jwgoerl...@gmail.com wrote:
> Thanks for the response. I do currently have the notification of
> password expiration set in a group policy. It works fine for uses who
> are always connected to the domain. It does not alert users who are
> connect via VPN.- Hide quoted text -
>
> - Show quoted text -


Top

Re: Password Changes remotely thru VPN by jwgoerlich

jwgoerlich
Fri Feb 23 15:59:32 CST 2007

Change that to ...
> domainName = "YourDomain

Whoops, typing too fast.

J Wolfgang Goerlich

Top