Sign in with
Sign up | Sign in
Your question

How can I prevent Domain lockout when using VPN remotely

Last response: in Windows 2000/NT
Share
Anonymous
January 19, 2005 12:19:01 PM

Archived from groups: microsoft.public.win2000.security (More info?)

I have two home machines that connect to the office via a VPN client over
DSL. My office has a Domain lockout policy enabled after three bad pw
attempts and enforces pw changes every 3 months. When I'm forced to change
pw's I get locked out of the office Domain when connecting from home since
I'm only able to logon to Win2K (locally) using my old pw before actually
connecting to the office (which already has my new pw).
Is there a place/way I can change the old pw locally to match my new pw
before connecting to the Network?

Thanks
Anonymous
January 19, 2005 1:51:05 PM

Archived from groups: microsoft.public.win2000.security (More info?)

Hit ctrl - alt - del and click change password.

hth
DDS W 2k MVP MCSE

"nee" <nee@discussions.microsoft.com> wrote in message
news:24C05551-39CA-402E-A669-CB99F53139EC@microsoft.com...
>I have two home machines that connect to the office via a VPN client over
> DSL. My office has a Domain lockout policy enabled after three bad pw
> attempts and enforces pw changes every 3 months. When I'm forced to
> change
> pw's I get locked out of the office Domain when connecting from home since
> I'm only able to logon to Win2K (locally) using my old pw before actually
> connecting to the office (which already has my new pw).
> Is there a place/way I can change the old pw locally to match my new pw
> before connecting to the Network?
>
> Thanks
Anonymous
January 19, 2005 2:55:05 PM

Archived from groups: microsoft.public.win2000.security (More info?)

Thanks for your info Danny. But my problem is a kind of catch-22 since I
have two machines at home. So, I logon locally to machine #1 with original
pw ("a") and connect via VPN to the office and do a ctrl+alt+del to change pw
from "a" to "b". Then I logon locally to machine #2 with original pw ("a")
and connect via VPN. But before I can do a ctrl+alt+del, I'm usually already
locked out. The crux of the problem is not being able to change the pw
locally (unless you know how) before actually connecting to the Office
Network, so that they match and I don't get locked out.

"Danny Sanders" wrote:

> Hit ctrl - alt - del and click change password.
>
> hth
> DDS W 2k MVP MCSE
>
> "nee" <nee@discussions.microsoft.com> wrote in message
> news:24C05551-39CA-402E-A669-CB99F53139EC@microsoft.com...
> >I have two home machines that connect to the office via a VPN client over
> > DSL. My office has a Domain lockout policy enabled after three bad pw
> > attempts and enforces pw changes every 3 months. When I'm forced to
> > change
> > pw's I get locked out of the office Domain when connecting from home since
> > I'm only able to logon to Win2K (locally) using my old pw before actually
> > connecting to the office (which already has my new pw).
> > Is there a place/way I can change the old pw locally to match my new pw
> > before connecting to the Network?
> >
> > Thanks
>
>
>
Related resources
Anonymous
January 19, 2005 4:36:15 PM

Archived from groups: microsoft.public.win2000.security (More info?)

Log in to the computer, before you start the VPN right click on my computer
and select manage. Open local users and groups. Expand users, right click on
your username and select reset password. Re set the password to match the
work password. Reboot log in with the new password and connect the VPN.

hth
DDS W 2k MVP MCSE

"nee" <nee@discussions.microsoft.com> wrote in message
news:89DC6167-F94E-4BC5-9271-3F51C3946C3E@microsoft.com...
> Thanks for your info Danny. But my problem is a kind of catch-22 since I
> have two machines at home. So, I logon locally to machine #1 with
> original
> pw ("a") and connect via VPN to the office and do a ctrl+alt+del to change
> pw
> from "a" to "b". Then I logon locally to machine #2 with original pw
> ("a")
> and connect via VPN. But before I can do a ctrl+alt+del, I'm usually
> already
> locked out. The crux of the problem is not being able to change the pw
> locally (unless you know how) before actually connecting to the Office
> Network, so that they match and I don't get locked out.
>
> "Danny Sanders" wrote:
>
>> Hit ctrl - alt - del and click change password.
>>
>> hth
>> DDS W 2k MVP MCSE
>>
>> "nee" <nee@discussions.microsoft.com> wrote in message
>> news:24C05551-39CA-402E-A669-CB99F53139EC@microsoft.com...
>> >I have two home machines that connect to the office via a VPN client
>> >over
>> > DSL. My office has a Domain lockout policy enabled after three bad pw
>> > attempts and enforces pw changes every 3 months. When I'm forced to
>> > change
>> > pw's I get locked out of the office Domain when connecting from home
>> > since
>> > I'm only able to logon to Win2K (locally) using my old pw before
>> > actually
>> > connecting to the office (which already has my new pw).
>> > Is there a place/way I can change the old pw locally to match my new pw
>> > before connecting to the Network?
>> >
>> > Thanks
>>
>>
>>
Anonymous
January 20, 2005 2:30:40 AM

Archived from groups: microsoft.public.win2000.security (More info?)

Is there a way to cause your VPN client to not automatically
provide credentials, but to instead make you go through a
prompt based authentication? In the MS VPN client this is
a checkbox in the properties of the VPN connectiod.
It seems that the issue is that you are changing the password
while at work logged into the domain, and your work's VPN
solution is authenticating based on Windows domain accounts.
Hence, you can log into the home machine with the cached
domain account, using old password, but this of course does
not work with the VPN access (and also locks the domain
account in the process). If you can get past that VPN login
then you should have a chance that the cached login can be
updated (maybe?) but this may be most simple by forcing
with another password change after connecting. For that to
happen however, the only way you can have a chance is if
you can provide login info to the VPN server other than what
your VPN client would automatically provide from your
logon credentials.

--
Roger Abell
Microsoft MVP (Windows Security)
MCSE (W2k3,W2k,Nt4) MCDBA
"nee" <nee@discussions.microsoft.com> wrote in message
news:89DC6167-F94E-4BC5-9271-3F51C3946C3E@microsoft.com...
> Thanks for your info Danny. But my problem is a kind of catch-22 since I
> have two machines at home. So, I logon locally to machine #1 with
original
> pw ("a") and connect via VPN to the office and do a ctrl+alt+del to change
pw
> from "a" to "b". Then I logon locally to machine #2 with original pw
("a")
> and connect via VPN. But before I can do a ctrl+alt+del, I'm usually
already
> locked out. The crux of the problem is not being able to change the pw
> locally (unless you know how) before actually connecting to the Office
> Network, so that they match and I don't get locked out.
>
> "Danny Sanders" wrote:
>
> > Hit ctrl - alt - del and click change password.
> >
> > hth
> > DDS W 2k MVP MCSE
> >
> > "nee" <nee@discussions.microsoft.com> wrote in message
> > news:24C05551-39CA-402E-A669-CB99F53139EC@microsoft.com...
> > >I have two home machines that connect to the office via a VPN client
over
> > > DSL. My office has a Domain lockout policy enabled after three bad pw
> > > attempts and enforces pw changes every 3 months. When I'm forced to
> > > change
> > > pw's I get locked out of the office Domain when connecting from home
since
> > > I'm only able to logon to Win2K (locally) using my old pw before
actually
> > > connecting to the office (which already has my new pw).
> > > Is there a place/way I can change the old pw locally to match my new
pw
> > > before connecting to the Network?
> > >
> > > Thanks
> >
> >
> >
Anonymous
January 21, 2005 6:23:07 PM

Archived from groups: microsoft.public.win2000.security (More info?)

See my previous reply to see if that works about locking and unlocking the
computer to refresh cached credentials. I also wanted to add that the domain
lockout threshold of three is way to low. Microsoft recommends no less than
ten as a threshold assuming weak passwords are not allowed. Account lockout
policy can end up being a denial of service problem for legitimate users. If
you have no control of this you may want to pass the message on. --- Steve


"nee" <nee@discussions.microsoft.com> wrote in message
news:24C05551-39CA-402E-A669-CB99F53139EC@microsoft.com...
>I have two home machines that connect to the office via a VPN client over
> DSL. My office has a Domain lockout policy enabled after three bad pw
> attempts and enforces pw changes every 3 months. When I'm forced to
> change
> pw's I get locked out of the office Domain when connecting from home since
> I'm only able to logon to Win2K (locally) using my old pw before actually
> connecting to the office (which already has my new pw).
> Is there a place/way I can change the old pw locally to match my new pw
> before connecting to the Network?
>
> Thanks
!