Change password over VPN connection

Archived from groups: microsoft.public.win2000.security (More info?)

Using Microsoft VPN client connecting to a RRAS server how does a user change their password. Ctrl-Alt-Del would change the password on the local machine, but how does the user change their domain password?

I read in an older posting on a discussion board that

net user <username> <password> /domain

would work. Is this true?

I want to implement a password policy and I need to ensure that VPN users - who seldom or never log onto the LAN - can change their passwords if force to.

Thanks
1 answer Last reply
More about change password connection
  1. Archived from groups: microsoft.public.win2000.security (More info?)

    A user logging on with cached credentials can not change their password until they
    connect to the domain via vpn at which point they can use ctrl-alt-dlt and select the
    domain to change their password. After they change their password via the vpn they
    need to lock their computer with ctrl-alt-dlt and then unlock it entering their "new"
    domain password to update the cached credentials on their domain computer. My testing
    shows that a user logging on with cached credentials can not be locked out of logging
    onto their computer nor will the password ever expire to cached credential logon. If
    a user does have an expired password while logging on with cached credential, when
    they logon to the domain through a domain member vpn server, they will be told that
    their password has expired and will be prompted to create a new password to gain
    access to the domain via vpn logon. IMPORTANT - at that time they need to update
    their cached credentials as I described by locking/unlocking the computer right away
    or they will be denied access to domain resources and may lockout their account [per
    domain account policy] if account lockout policy is enabled. You may also want to
    configure an account lockout policy for remote access that is different from your
    domain policy for instance if you do not want administrator intervention you could
    configure a lockout policy with say ten bad attempts and a five minute lockout
    duration which would give a good margin of protection against brute force attacks and
    still allow reasonable access for remote access users. --- Steve

    http://www.winnetmag.com/WindowsSecurity/Article/ArticleID/39994/39994.html
    http://support.microsoft.com/default.aspx?scid=kb;en-us;310302

    "pdx" <pdx@discussions.microsoft.com> wrote in message
    news:413A21C9-FB90-43C8-9722-C941F135F77A@microsoft.com...
    > Using Microsoft VPN client connecting to a RRAS server how does a user change their
    password. Ctrl-Alt-Del would change the password on the local machine, but how does
    the user change their domain password?
    >
    > I read in an older posting on a discussion board that
    >
    > net user <username> <password> /domain
    >
    > would work. Is this true?
    >
    > I want to implement a password policy and I need to ensure that VPN users - who
    seldom or never log onto the LAN - can change their passwords if force to.
    >
    > Thanks
Ask a new question

Read More

Connection VPN Microsoft Windows