VPN users not prompted to change their domain passwords
Last response: in Windows 2000/NT
Archived from groups: microsoft.public.win2000.security (More info?)
I have several users that work remotely and connect to the office over a VPN.
All of their laptops have been joined to my AD domain. I've set GP to
display a password expiration warning 10 days before a users' password
expires.
The issue is that the expiration notice doesn't appear when users login over
the VPN. I have IAS authenticating users to my Win2K mixed-mode AD; and am
using MS-CHAP & MS-CHAP v2. IAS is setup with RADIUS - Standard to connect
to a Cisco PIX (6.3.2). My users are either 2000 or XP Pro and using the
std. microsoft VPN client and connect through with PPTP. What am I missing?
I have several users that work remotely and connect to the office over a VPN.
All of their laptops have been joined to my AD domain. I've set GP to
display a password expiration warning 10 days before a users' password
expires.
The issue is that the expiration notice doesn't appear when users login over
the VPN. I have IAS authenticating users to my Win2K mixed-mode AD; and am
using MS-CHAP & MS-CHAP v2. IAS is setup with RADIUS - Standard to connect
to a Cisco PIX (6.3.2). My users are either 2000 or XP Pro and using the
std. microsoft VPN client and connect through with PPTP. What am I missing?
More about : vpn users prompted change domain passwords
Archived from groups: microsoft.public.win2000.security (More info?)
"Patrick" <Patrick@discussions.microsoft.com> wrote in message
news:58E5E59C-2875-4250-A25D-963E54C3264E@microsoft.com...
> I have several users that work remotely and connect to the office over a
VPN.
> All of their laptops have been joined to my AD domain. I've set GP to
> display a password expiration warning 10 days before a users' password
> expires.
>
> The issue is that the expiration notice doesn't appear when users login
over
> the VPN. I have IAS authenticating users to my Win2K mixed-mode AD; and
am
> using MS-CHAP & MS-CHAP v2. IAS is setup with RADIUS - Standard to
connect
> to a Cisco PIX (6.3.2). My users are either 2000 or XP Pro and using the
> std. microsoft VPN client and connect through with PPTP. What am I
missing?
>
on our nortel vpn you can set it to logout the user when the vpn connects.
the user then has to log back in and gets password expiration notices at
that time because the vpn is connected to the domain already to validate the
user login.
"Patrick" <Patrick@discussions.microsoft.com> wrote in message
news:58E5E59C-2875-4250-A25D-963E54C3264E@microsoft.com...
> I have several users that work remotely and connect to the office over a
VPN.
> All of their laptops have been joined to my AD domain. I've set GP to
> display a password expiration warning 10 days before a users' password
> expires.
>
> The issue is that the expiration notice doesn't appear when users login
over
> the VPN. I have IAS authenticating users to my Win2K mixed-mode AD; and
am
> using MS-CHAP & MS-CHAP v2. IAS is setup with RADIUS - Standard to
connect
> to a Cisco PIX (6.3.2). My users are either 2000 or XP Pro and using the
> std. microsoft VPN client and connect through with PPTP. What am I
missing?
>
on our nortel vpn you can set it to logout the user when the vpn connects.
the user then has to log back in and gets password expiration notices at
that time because the vpn is connected to the domain already to validate the
user login.
Archived from groups: microsoft.public.win2000.security (More info?)
If you configured the security policy after the computers have joined the
domain then possibly their computers have not refreshed the policy change
yet. If you look in Local Security Policy of those computers you can find
how the computers are configured for that setting. For W2K computers look
for effective setting. The gpresult support tool will show when the last
time computer configuration policy was applied. --- Steve
"Patrick" <Patrick@discussions.microsoft.com> wrote in message
news:58E5E59C-2875-4250-A25D-963E54C3264E@microsoft.com...
>I have several users that work remotely and connect to the office over a
>VPN.
> All of their laptops have been joined to my AD domain. I've set GP to
> display a password expiration warning 10 days before a users' password
> expires.
>
> The issue is that the expiration notice doesn't appear when users login
> over
> the VPN. I have IAS authenticating users to my Win2K mixed-mode AD; and
> am
> using MS-CHAP & MS-CHAP v2. IAS is setup with RADIUS - Standard to
> connect
> to a Cisco PIX (6.3.2). My users are either 2000 or XP Pro and using the
> std. microsoft VPN client and connect through with PPTP. What am I
> missing?
>
If you configured the security policy after the computers have joined the
domain then possibly their computers have not refreshed the policy change
yet. If you look in Local Security Policy of those computers you can find
how the computers are configured for that setting. For W2K computers look
for effective setting. The gpresult support tool will show when the last
time computer configuration policy was applied. --- Steve
"Patrick" <Patrick@discussions.microsoft.com> wrote in message
news:58E5E59C-2875-4250-A25D-963E54C3264E@microsoft.com...
>I have several users that work remotely and connect to the office over a
>VPN.
> All of their laptops have been joined to my AD domain. I've set GP to
> display a password expiration warning 10 days before a users' password
> expires.
>
> The issue is that the expiration notice doesn't appear when users login
> over
> the VPN. I have IAS authenticating users to my Win2K mixed-mode AD; and
> am
> using MS-CHAP & MS-CHAP v2. IAS is setup with RADIUS - Standard to
> connect
> to a Cisco PIX (6.3.2). My users are either 2000 or XP Pro and using the
> std. microsoft VPN client and connect through with PPTP. What am I
> missing?
>
Related ressources:
- ForumHow can remote ( VPN ) WinXP users change their domain passw..
- ForumChanging Passwords on an NT4 Domain over a VPN Connection.
- ForumUsers prompted change domain passwords
- ForumChange password over VPN connection
- ForumHow can I prevent Domain lockout when using VPN remotely
- ForumUser get access denied error when prompted to change passw..
- ForumChanging password over VPN ??!??!
- ForumRemote users changing passwords
- ForumUsers can not change passwords locally at workstation
- ForumAD 2000, Blank passwords , and Group Policy
- ForumUser password change problem
- ForumDomain Security Policy password policy
- ForumVPN + AD + [Non Domain Members]
- ForumVPN connection to domain and password change
- ForumRemote users and password change
- ForumRemote desktop via vpn
- ForumParallel and com ports not appearing in device manager
- ForumSetting up new users
- ForumDomain user local rights
- ForumSecuring a 2k client in a NT4 Domain
- More resources
!
