How can I prevent Domain lockout when using VPN remotely

Archived from groups: microsoft.public.win2000.security (More info?)

I have two home machines that connect to the office via a VPN client over
DSL. My office has a Domain lockout policy enabled after three bad pw
attempts and enforces pw changes every 3 months. When I'm forced to change
pw's I get locked out of the office Domain when connecting from home since
I'm only able to logon to Win2K (locally) using my old pw before actually
connecting to the office (which already has my new pw).
Is there a place/way I can change the old pw locally to match my new pw
before connecting to the Network?

Thanks
5 answers Last reply
More about prevent domain lockout remotely
  1. Archived from groups: microsoft.public.win2000.security (More info?)

    Hit ctrl - alt - del and click change password.

    hth
    DDS W 2k MVP MCSE

    "nee" <nee@discussions.microsoft.com> wrote in message
    news:24C05551-39CA-402E-A669-CB99F53139EC@microsoft.com...
    >I have two home machines that connect to the office via a VPN client over
    > DSL. My office has a Domain lockout policy enabled after three bad pw
    > attempts and enforces pw changes every 3 months. When I'm forced to
    > change
    > pw's I get locked out of the office Domain when connecting from home since
    > I'm only able to logon to Win2K (locally) using my old pw before actually
    > connecting to the office (which already has my new pw).
    > Is there a place/way I can change the old pw locally to match my new pw
    > before connecting to the Network?
    >
    > Thanks
  2. Archived from groups: microsoft.public.win2000.security (More info?)

    Thanks for your info Danny. But my problem is a kind of catch-22 since I
    have two machines at home. So, I logon locally to machine #1 with original
    pw ("a") and connect via VPN to the office and do a ctrl+alt+del to change pw
    from "a" to "b". Then I logon locally to machine #2 with original pw ("a")
    and connect via VPN. But before I can do a ctrl+alt+del, I'm usually already
    locked out. The crux of the problem is not being able to change the pw
    locally (unless you know how) before actually connecting to the Office
    Network, so that they match and I don't get locked out.

    "Danny Sanders" wrote:

    > Hit ctrl - alt - del and click change password.
    >
    > hth
    > DDS W 2k MVP MCSE
    >
    > "nee" <nee@discussions.microsoft.com> wrote in message
    > news:24C05551-39CA-402E-A669-CB99F53139EC@microsoft.com...
    > >I have two home machines that connect to the office via a VPN client over
    > > DSL. My office has a Domain lockout policy enabled after three bad pw
    > > attempts and enforces pw changes every 3 months. When I'm forced to
    > > change
    > > pw's I get locked out of the office Domain when connecting from home since
    > > I'm only able to logon to Win2K (locally) using my old pw before actually
    > > connecting to the office (which already has my new pw).
    > > Is there a place/way I can change the old pw locally to match my new pw
    > > before connecting to the Network?
    > >
    > > Thanks
    >
    >
    >
  3. Archived from groups: microsoft.public.win2000.security (More info?)

    Log in to the computer, before you start the VPN right click on my computer
    and select manage. Open local users and groups. Expand users, right click on
    your username and select reset password. Re set the password to match the
    work password. Reboot log in with the new password and connect the VPN.

    hth
    DDS W 2k MVP MCSE

    "nee" <nee@discussions.microsoft.com> wrote in message
    news:89DC6167-F94E-4BC5-9271-3F51C3946C3E@microsoft.com...
    > Thanks for your info Danny. But my problem is a kind of catch-22 since I
    > have two machines at home. So, I logon locally to machine #1 with
    > original
    > pw ("a") and connect via VPN to the office and do a ctrl+alt+del to change
    > pw
    > from "a" to "b". Then I logon locally to machine #2 with original pw
    > ("a")
    > and connect via VPN. But before I can do a ctrl+alt+del, I'm usually
    > already
    > locked out. The crux of the problem is not being able to change the pw
    > locally (unless you know how) before actually connecting to the Office
    > Network, so that they match and I don't get locked out.
    >
    > "Danny Sanders" wrote:
    >
    >> Hit ctrl - alt - del and click change password.
    >>
    >> hth
    >> DDS W 2k MVP MCSE
    >>
    >> "nee" <nee@discussions.microsoft.com> wrote in message
    >> news:24C05551-39CA-402E-A669-CB99F53139EC@microsoft.com...
    >> >I have two home machines that connect to the office via a VPN client
    >> >over
    >> > DSL. My office has a Domain lockout policy enabled after three bad pw
    >> > attempts and enforces pw changes every 3 months. When I'm forced to
    >> > change
    >> > pw's I get locked out of the office Domain when connecting from home
    >> > since
    >> > I'm only able to logon to Win2K (locally) using my old pw before
    >> > actually
    >> > connecting to the office (which already has my new pw).
    >> > Is there a place/way I can change the old pw locally to match my new pw
    >> > before connecting to the Network?
    >> >
    >> > Thanks
    >>
    >>
    >>
  4. Archived from groups: microsoft.public.win2000.security (More info?)

    Is there a way to cause your VPN client to not automatically
    provide credentials, but to instead make you go through a
    prompt based authentication? In the MS VPN client this is
    a checkbox in the properties of the VPN connectiod.
    It seems that the issue is that you are changing the password
    while at work logged into the domain, and your work's VPN
    solution is authenticating based on Windows domain accounts.
    Hence, you can log into the home machine with the cached
    domain account, using old password, but this of course does
    not work with the VPN access (and also locks the domain
    account in the process). If you can get past that VPN login
    then you should have a chance that the cached login can be
    updated (maybe?) but this may be most simple by forcing
    with another password change after connecting. For that to
    happen however, the only way you can have a chance is if
    you can provide login info to the VPN server other than what
    your VPN client would automatically provide from your
    logon credentials.

    --
    Roger Abell
    Microsoft MVP (Windows Security)
    MCSE (W2k3,W2k,Nt4) MCDBA
    "nee" <nee@discussions.microsoft.com> wrote in message
    news:89DC6167-F94E-4BC5-9271-3F51C3946C3E@microsoft.com...
    > Thanks for your info Danny. But my problem is a kind of catch-22 since I
    > have two machines at home. So, I logon locally to machine #1 with
    original
    > pw ("a") and connect via VPN to the office and do a ctrl+alt+del to change
    pw
    > from "a" to "b". Then I logon locally to machine #2 with original pw
    ("a")
    > and connect via VPN. But before I can do a ctrl+alt+del, I'm usually
    already
    > locked out. The crux of the problem is not being able to change the pw
    > locally (unless you know how) before actually connecting to the Office
    > Network, so that they match and I don't get locked out.
    >
    > "Danny Sanders" wrote:
    >
    > > Hit ctrl - alt - del and click change password.
    > >
    > > hth
    > > DDS W 2k MVP MCSE
    > >
    > > "nee" <nee@discussions.microsoft.com> wrote in message
    > > news:24C05551-39CA-402E-A669-CB99F53139EC@microsoft.com...
    > > >I have two home machines that connect to the office via a VPN client
    over
    > > > DSL. My office has a Domain lockout policy enabled after three bad pw
    > > > attempts and enforces pw changes every 3 months. When I'm forced to
    > > > change
    > > > pw's I get locked out of the office Domain when connecting from home
    since
    > > > I'm only able to logon to Win2K (locally) using my old pw before
    actually
    > > > connecting to the office (which already has my new pw).
    > > > Is there a place/way I can change the old pw locally to match my new
    pw
    > > > before connecting to the Network?
    > > >
    > > > Thanks
    > >
    > >
    > >
  5. Archived from groups: microsoft.public.win2000.security (More info?)

    See my previous reply to see if that works about locking and unlocking the
    computer to refresh cached credentials. I also wanted to add that the domain
    lockout threshold of three is way to low. Microsoft recommends no less than
    ten as a threshold assuming weak passwords are not allowed. Account lockout
    policy can end up being a denial of service problem for legitimate users. If
    you have no control of this you may want to pass the message on. --- Steve


    "nee" <nee@discussions.microsoft.com> wrote in message
    news:24C05551-39CA-402E-A669-CB99F53139EC@microsoft.com...
    >I have two home machines that connect to the office via a VPN client over
    > DSL. My office has a Domain lockout policy enabled after three bad pw
    > attempts and enforces pw changes every 3 months. When I'm forced to
    > change
    > pw's I get locked out of the office Domain when connecting from home since
    > I'm only able to logon to Win2K (locally) using my old pw before actually
    > connecting to the office (which already has my new pw).
    > Is there a place/way I can change the old pw locally to match my new pw
    > before connecting to the Network?
    >
    > Thanks
Ask a new question

Read More

Domain VPN Office Windows