Sign in with
Sign up | Sign in
Your question

Change password over VPN connection

Last response: in Windows 2000/NT
Share
Anonymous
June 17, 2004 7:07:01 PM

Archived from groups: microsoft.public.win2000.security (More info?)

Using Microsoft VPN client connecting to a RRAS server how does a user change their password. Ctrl-Alt-Del would change the password on the local machine, but how does the user change their domain password?

I read in an older posting on a discussion board that

net user <username> <password> /domain

would work. Is this true?

I want to implement a password policy and I need to ensure that VPN users - who seldom or never log onto the LAN - can change their passwords if force to.

Thanks
Anonymous
June 19, 2004 8:56:23 AM

Archived from groups: microsoft.public.win2000.security (More info?)

A user logging on with cached credentials can not change their password until they
connect to the domain via vpn at which point they can use ctrl-alt-dlt and select the
domain to change their password. After they change their password via the vpn they
need to lock their computer with ctrl-alt-dlt and then unlock it entering their "new"
domain password to update the cached credentials on their domain computer. My testing
shows that a user logging on with cached credentials can not be locked out of logging
onto their computer nor will the password ever expire to cached credential logon. If
a user does have an expired password while logging on with cached credential, when
they logon to the domain through a domain member vpn server, they will be told that
their password has expired and will be prompted to create a new password to gain
access to the domain via vpn logon. IMPORTANT - at that time they need to update
their cached credentials as I described by locking/unlocking the computer right away
or they will be denied access to domain resources and may lockout their account [per
domain account policy] if account lockout policy is enabled. You may also want to
configure an account lockout policy for remote access that is different from your
domain policy for instance if you do not want administrator intervention you could
configure a lockout policy with say ten bad attempts and a five minute lockout
duration which would give a good margin of protection against brute force attacks and
still allow reasonable access for remote access users. --- Steve

http://www.winnetmag.com/WindowsSecurity/Article/Articl...
http://support.microsoft.com/default.aspx?scid=kb;en-us;310302

"pdx" <pdx@discussions.microsoft.com> wrote in message
news:413A21C9-FB90-43C8-9722-C941F135F77A@microsoft.com...
> Using Microsoft VPN client connecting to a RRAS server how does a user change their
password. Ctrl-Alt-Del would change the password on the local machine, but how does
the user change their domain password?
>
> I read in an older posting on a discussion board that
>
> net user <username> <password> /domain
>
> would work. Is this true?
>
> I want to implement a password policy and I need to ensure that VPN users - who
seldom or never log onto the LAN - can change their passwords if force to.
>
> Thanks
!