VPN users not prompted to change their domain passwords

Toggle sidebar Toggle sidebar
G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

I have several users that work remotely and connect to the office over a VPN.
All of their laptops have been joined to my AD domain. I've set GP to
display a password expiration warning 10 days before a users' password
expires.

The issue is that the expiration notice doesn't appear when users login over
the VPN. I have IAS authenticating users to my Win2K mixed-mode AD; and am
using MS-CHAP & MS-CHAP v2. IAS is setup with RADIUS - Standard to connect
to a Cisco PIX (6.3.2). My users are either 2000 or XP Pro and using the
std. microsoft VPN client and connect through with PPTP. What am I missing?
 
D

Dave

Distinguished
Jun 25, 2003
2,727
0
20,780
Archived from groups: microsoft.public.win2000.security (More info?)

"Patrick" <Patrick@discussions.microsoft.com> wrote in message
news:58E5E59C-2875-4250-A25D-963E54C3264E@microsoft.com...
> I have several users that work remotely and connect to the office over a
VPN.
> All of their laptops have been joined to my AD domain. I've set GP to
> display a password expiration warning 10 days before a users' password
> expires.
>
> The issue is that the expiration notice doesn't appear when users login
over
> the VPN. I have IAS authenticating users to my Win2K mixed-mode AD; and
am
> using MS-CHAP & MS-CHAP v2. IAS is setup with RADIUS - Standard to
connect
> to a Cisco PIX (6.3.2). My users are either 2000 or XP Pro and using the
> std. microsoft VPN client and connect through with PPTP. What am I
missing?
>

on our nortel vpn you can set it to logout the user when the vpn connects.
the user then has to log back in and gets password expiration notices at
that time because the vpn is connected to the domain already to validate the
user login.
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

If you configured the security policy after the computers have joined the
domain then possibly their computers have not refreshed the policy change
yet. If you look in Local Security Policy of those computers you can find
how the computers are configured for that setting. For W2K computers look
for effective setting. The gpresult support tool will show when the last
time computer configuration policy was applied. --- Steve


"Patrick" <Patrick@discussions.microsoft.com> wrote in message
news:58E5E59C-2875-4250-A25D-963E54C3264E@microsoft.com...
>I have several users that work remotely and connect to the office over a
>VPN.
> All of their laptops have been joined to my AD domain. I've set GP to
> display a password expiration warning 10 days before a users' password
> expires.
>
> The issue is that the expiration notice doesn't appear when users login
> over
> the VPN. I have IAS authenticating users to my Win2K mixed-mode AD; and
> am
> using MS-CHAP & MS-CHAP v2. IAS is setup with RADIUS - Standard to
> connect
> to a Cisco PIX (6.3.2). My users are either 2000 or XP Pro and using the
> std. microsoft VPN client and connect through with PPTP. What am I
> missing?
>
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom