Sign in with
Sign up | Sign in
Your question

/sigh/ Latops in a domain...

Last response: in Windows XP
Share
Anonymous
June 29, 2005 8:05:52 PM

Archived from groups: microsoft.public.windowsxp.configuration_manage (More info?)

This old battle again...

We've got an AD (previously used only Netware for the PC's) with 1200 or so
users in it. About 100 of those are laptop users that are rarely in the
office.

In the past, the users would log on to their local machine, connect via
Contivity VPN, then authenticate to a Windows file share in a domain that
pretty much only servers were in by using their domain credentials. Their
passwords were set to never expire and were synched manually with their
Novell and local machine passwords.

Now we're adding them to AD. We've got a corporate SOX policy in place, so
each user is required to change their password afte x-number of days.
Problem is, these users don't connect to the network with their laptops
before their password expires. That works OK for the local machine, it'll
just cache it until they plug in again, but if they log on with their cached
password (after connecting to the VPN), they won't be able to connect to the
file share.

What's everyone else doing in situations like this? I've been trying to
find a way to have their dial-up client and their VPN client launch before
the logon to the box. That should fix this. It seems to me there is a
simpler way, and I'm just mucking it up and over thinking it.

Any thoughts are appreciated.

Thanks,
Gabe

More about : sigh latops domain

Anonymous
June 30, 2005 4:12:05 PM

Archived from groups: microsoft.public.windowsxp.configuration_manage (More info?)

Hi Gabe,

Thanks for posting here.

From your post, my understanding of this issue is: The laptop users cannot
access the file share via VPN due to their password expiration. If this is
not correct, please feel free to let me know.

This issue seems to be related to Active Directory, so I would suggest
posting in the newsgroup below:

microsoft.public.windows.server.active_directory

This is a more appropriate forum for your question where you will get the
most qualified pool of respondents and other partners in the newsgroups who
can either share their knowledge or learn from your interaction with us.
Thank you for your understanding.

However, I think there may be a simply way to resolve this issue:

You may add all laptop users to a Group in AD, and then apply a security
policy similar with "Password never expires" on this Group.

This is just an idea, for more detailed about this, please post in above
newsgroup. I believe you will get perfect solution there.

Have a nice day!

Sincerely,
Tom Che

Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
>From: "Gabe Knuth" <gknuth@news.postalias>
>Subject: /sigh/ Latops in a domain...
>Date: Wed, 29 Jun 2005 16:05:52 -0500
>Lines: 31
>X-Priority: 3
>X-MSMail-Priority: Normal
>X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
>X-RFC2646: Format=Flowed; Original
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
>Message-ID: <ecg515OfFHA.3256@TK2MSFTNGP12.phx.gbl>
>Newsgroups: microsoft.public.windowsxp.configuration_manage
>NNTP-Posting-Host: 65.247.121.5
>Path:
TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP1
2.phx.gbl
>Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.windowsxp.configuration_manage:12847
>X-Tomcat-NG: microsoft.public.windowsxp.configuration_manage
>
>This old battle again...
>
>We've got an AD (previously used only Netware for the PC's) with 1200 or
so
>users in it. About 100 of those are laptop users that are rarely in the
>office.
>
>In the past, the users would log on to their local machine, connect via
>Contivity VPN, then authenticate to a Windows file share in a domain that
>pretty much only servers were in by using their domain credentials. Their
>passwords were set to never expire and were synched manually with their
>Novell and local machine passwords.
>
>Now we're adding them to AD. We've got a corporate SOX policy in place,
so
>each user is required to change their password afte x-number of days.
>Problem is, these users don't connect to the network with their laptops
>before their password expires. That works OK for the local machine, it'll
>just cache it until they plug in again, but if they log on with their
cached
>password (after connecting to the VPN), they won't be able to connect to
the
>file share.
>
>What's everyone else doing in situations like this? I've been trying to
>find a way to have their dial-up client and their VPN client launch before
>the logon to the box. That should fix this. It seems to me there is a
>simpler way, and I'm just mucking it up and over thinking it.
>
>Any thoughts are appreciated.
>
>Thanks,
>Gabe
>
>
>
Anonymous
June 30, 2005 4:12:06 PM

Archived from groups: microsoft.public.windowsxp.configuration_manage (More info?)

Thank you. The password never expires option violates our Sarbanes-Oxley
policy. We might get an exception for it, but I'd like to exhaust all other
options before reccommending that.

Sorry for posting in the wrong group.

One question, though - would this group be appropriate for finding a way to
launch two applications before the logon screen appears? I have been able
to launch one at a time by using startup scripts in local policies, but I
can't launch two of them at the same time (one has to exit first, which I
can't have since both the dialer and VPN client need to be running all the
time).

Thanks much,
Gabe

"Tom Che [MSFT]" <v-tomche@online.microsoft.com> wrote in message
news:3yPcvzWfFHA.1336@TK2MSFTNGXA01.phx.gbl...
> Hi Gabe,
>
> Thanks for posting here.
>
> From your post, my understanding of this issue is: The laptop users cannot
> access the file share via VPN due to their password expiration. If this
> is
> not correct, please feel free to let me know.
>
> This issue seems to be related to Active Directory, so I would suggest
> posting in the newsgroup below:
>
> microsoft.public.windows.server.active_directory
>
> This is a more appropriate forum for your question where you will get the
> most qualified pool of respondents and other partners in the newsgroups
> who
> can either share their knowledge or learn from your interaction with us.
> Thank you for your understanding.
>
> However, I think there may be a simply way to resolve this issue:
>
> You may add all laptop users to a Group in AD, and then apply a security
> policy similar with "Password never expires" on this Group.
>
> This is just an idea, for more detailed about this, please post in above
> newsgroup. I believe you will get perfect solution there.
>
> Have a nice day!
>
> Sincerely,
> Tom Che
>
> Microsoft Online Partner Support
> Get Secure! - www.microsoft.com/security
> =====================================================
> When responding to posts, please "Reply to Group" via your newsreader so
> that others may learn and benefit from your issue.
> =====================================================
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>
> --------------------
>>From: "Gabe Knuth" <gknuth@news.postalias>
>>Subject: /sigh/ Latops in a domain...
>>Date: Wed, 29 Jun 2005 16:05:52 -0500
>>Lines: 31
>>X-Priority: 3
>>X-MSMail-Priority: Normal
>>X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
>>X-RFC2646: Format=Flowed; Original
>>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
>>Message-ID: <ecg515OfFHA.3256@TK2MSFTNGP12.phx.gbl>
>>Newsgroups: microsoft.public.windowsxp.configuration_manage
>>NNTP-Posting-Host: 65.247.121.5
>>Path:
> TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP1
> 2.phx.gbl
>>Xref: TK2MSFTNGXA01.phx.gbl
> microsoft.public.windowsxp.configuration_manage:12847
>>X-Tomcat-NG: microsoft.public.windowsxp.configuration_manage
>>
>>This old battle again...
>>
>>We've got an AD (previously used only Netware for the PC's) with 1200 or
> so
>>users in it. About 100 of those are laptop users that are rarely in the
>>office.
>>
>>In the past, the users would log on to their local machine, connect via
>>Contivity VPN, then authenticate to a Windows file share in a domain that
>>pretty much only servers were in by using their domain credentials. Their
>>passwords were set to never expire and were synched manually with their
>>Novell and local machine passwords.
>>
>>Now we're adding them to AD. We've got a corporate SOX policy in place,
> so
>>each user is required to change their password afte x-number of days.
>>Problem is, these users don't connect to the network with their laptops
>>before their password expires. That works OK for the local machine, it'll
>>just cache it until they plug in again, but if they log on with their
> cached
>>password (after connecting to the VPN), they won't be able to connect to
> the
>>file share.
>>
>>What's everyone else doing in situations like this? I've been trying to
>>find a way to have their dial-up client and their VPN client launch before
>>the logon to the box. That should fix this. It seems to me there is a
>>simpler way, and I'm just mucking it up and over thinking it.
>>
>>Any thoughts are appreciated.
>>
>>Thanks,
>>Gabe
>>
>>
>>
>
Anonymous
July 1, 2005 2:56:10 PM

Archived from groups: microsoft.public.windowsxp.configuration_manage (More info?)

Hi Gabe,

You are always welcome! Thanks for your update.

If you want to launch two applications before the logon screen appears, I
think you may edit a batch file containing the commands to run these two
applications and make the batch file as Startup scripts.

Here is an example of a batch file to run two applications:

start C:\Progra~1\ABCDEF~1\a.exe
start C:\Progra~1\ABCDEF~1\b.exe
exit

Note:
1. Please replace a.exe and b.exe and their folders with your own
applications and relevant folders.
2. The program's folder name must be 8dot3 format, such as
C:\Progra~1\ABCDEF~1

However, I am not sure even though you can launch these two applications
before logon, your old issue (cannot access file share) certainly can be
fixed. Of course, it is valuable to have a try.

For more information about batch files and scripting, the following
Microsoft Web site may be your reference:

Using batch files
<http://www.microsoft.com/resources/documentation/window...
-us/batch.mspx>

To assign computer startup scripts
<http://www.microsoft.com/resources/documentation/window...
-us/gptext_assigncomputerstartupscripts.mspx>

Windows Script Host
<http://msdn.microsoft.com/library/en-us/script56/html/w...;

TechNet - Script Center
http://www.microsoft.com/technet/scriptcenter/default.m...

Have a nice day!

Sincerely,
Tom Che

Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

--------------------
>From: "Gabe Knuth" <gknuth@news.postalias>
>References: <ecg515OfFHA.3256@TK2MSFTNGP12.phx.gbl>
<3yPcvzWfFHA.1336@TK2MSFTNGXA01.phx.gbl>
>Subject: Re: /sigh/ Latops in a domain...
>Date: Thu, 30 Jun 2005 09:00:53 -0500
>Lines: 119
>X-Priority: 3
>X-MSMail-Priority: Normal
>X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
>X-RFC2646: Format=Flowed; Original
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
>Message-ID: <#t9CCxXfFHA.3944@TK2MSFTNGP10.phx.gbl>
>Newsgroups: microsoft.public.windowsxp.configuration_manage
>NNTP-Posting-Host: 65.247.121.5
>Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP10.phx.gbl
>Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.windowsxp.configuration_manage:12862
>X-Tomcat-NG: microsoft.public.windowsxp.configuration_manage
>
>Thank you. The password never expires option violates our Sarbanes-Oxley
>policy. We might get an exception for it, but I'd like to exhaust all
other
>options before reccommending that.
>
>Sorry for posting in the wrong group.
>
>One question, though - would this group be appropriate for finding a way
to
>launch two applications before the logon screen appears? I have been able
>to launch one at a time by using startup scripts in local policies, but I
>can't launch two of them at the same time (one has to exit first, which I
>can't have since both the dialer and VPN client need to be running all the
>time).
>
>Thanks much,
>Gabe
>
>"Tom Che [MSFT]" <v-tomche@online.microsoft.com> wrote in message
>news:3yPcvzWfFHA.1336@TK2MSFTNGXA01.phx.gbl...
>> Hi Gabe,
>>
>> Thanks for posting here.
>>
>> From your post, my understanding of this issue is: The laptop users
cannot
>> access the file share via VPN due to their password expiration. If this
>> is
>> not correct, please feel free to let me know.
>>
>> This issue seems to be related to Active Directory, so I would suggest
>> posting in the newsgroup below:
>>
>> microsoft.public.windows.server.active_directory
>>
>> This is a more appropriate forum for your question where you will get the
>> most qualified pool of respondents and other partners in the newsgroups
>> who
>> can either share their knowledge or learn from your interaction with us.
>> Thank you for your understanding.
>>
>> However, I think there may be a simply way to resolve this issue:
>>
>> You may add all laptop users to a Group in AD, and then apply a security
>> policy similar with "Password never expires" on this Group.
>>
>> This is just an idea, for more detailed about this, please post in above
>> newsgroup. I believe you will get perfect solution there.
>>
>> Have a nice day!
>>
>> Sincerely,
>> Tom Che
>>
>> Microsoft Online Partner Support
>> Get Secure! - www.microsoft.com/security
>> =====================================================
>> When responding to posts, please "Reply to Group" via your newsreader so
>> that others may learn and benefit from your issue.
>> =====================================================
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights.
>>
>> --------------------
>>>From: "Gabe Knuth" <gknuth@news.postalias>
>>>Subject: /sigh/ Latops in a domain...
>>>Date: Wed, 29 Jun 2005 16:05:52 -0500
>>>Lines: 31
>>>X-Priority: 3
>>>X-MSMail-Priority: Normal
>>>X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
>>>X-RFC2646: Format=Flowed; Original
>>>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
>>>Message-ID: <ecg515OfFHA.3256@TK2MSFTNGP12.phx.gbl>
>>>Newsgroups: microsoft.public.windowsxp.configuration_manage
>>>NNTP-Posting-Host: 65.247.121.5
>>>Path:
>>
TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP1
>> 2.phx.gbl
>>>Xref: TK2MSFTNGXA01.phx.gbl
>> microsoft.public.windowsxp.configuration_manage:12847
>>>X-Tomcat-NG: microsoft.public.windowsxp.configuration_manage
>>>
>>>This old battle again...
>>>
>>>We've got an AD (previously used only Netware for the PC's) with 1200 or
>> so
>>>users in it. About 100 of those are laptop users that are rarely in the
>>>office.
>>>
>>>In the past, the users would log on to their local machine, connect via
>>>Contivity VPN, then authenticate to a Windows file share in a domain that
>>>pretty much only servers were in by using their domain credentials.
Their
>>>passwords were set to never expire and were synched manually with their
>>>Novell and local machine passwords.
>>>
>>>Now we're adding them to AD. We've got a corporate SOX policy in place,
>> so
>>>each user is required to change their password afte x-number of days.
>>>Problem is, these users don't connect to the network with their laptops
>>>before their password expires. That works OK for the local machine,
it'll
>>>just cache it until they plug in again, but if they log on with their
>> cached
>>>password (after connecting to the VPN), they won't be able to connect to
>> the
>>>file share.
>>>
>>>What's everyone else doing in situations like this? I've been trying to
>>>find a way to have their dial-up client and their VPN client launch
before
>>>the logon to the box. That should fix this. It seems to me there is a
>>>simpler way, and I'm just mucking it up and over thinking it.
>>>
>>>Any thoughts are appreciated.
>>>
>>>Thanks,
>>>Gabe
>>>
>>>
>>>
>>
>
>
>
Anonymous
July 7, 2005 3:40:55 PM

Archived from groups: microsoft.public.windowsxp.configuration_manage (More info?)

Awesome. I'll try that out.

Thanks


"Tom Che [MSFT]" <v-tomche@online.microsoft.com> wrote in message
news:7bYX$tifFHA.1336@TK2MSFTNGXA01.phx.gbl...
> Hi Gabe,
>
> You are always welcome! Thanks for your update.
>
> If you want to launch two applications before the logon screen appears, I
> think you may edit a batch file containing the commands to run these two
> applications and make the batch file as Startup scripts.
>
> Here is an example of a batch file to run two applications:
>
> start C:\Progra~1\ABCDEF~1\a.exe
> start C:\Progra~1\ABCDEF~1\b.exe
> exit
>
> Note:
> 1. Please replace a.exe and b.exe and their folders with your own
> applications and relevant folders.
> 2. The program's folder name must be 8dot3 format, such as
> C:\Progra~1\ABCDEF~1
>
> However, I am not sure even though you can launch these two applications
> before logon, your old issue (cannot access file share) certainly can be
> fixed. Of course, it is valuable to have a try.
>
> For more information about batch files and scripting, the following
> Microsoft Web site may be your reference:
>
> Using batch files
> <http://www.microsoft.com/resources/documentation/window...
> -us/batch.mspx>
>
> To assign computer startup scripts
> <http://www.microsoft.com/resources/documentation/window...
> -us/gptext_assigncomputerstartupscripts.mspx>
>
> Windows Script Host
> <http://msdn.microsoft.com/library/en-us/script56/html/w...;
>
> TechNet - Script Center
> http://www.microsoft.com/technet/scriptcenter/default.m...
>
> Have a nice day!
>
> Sincerely,
> Tom Che
>
> Microsoft Online Partner Support
> Get Secure! - www.microsoft.com/security
> =====================================================
> When responding to posts, please "Reply to Group" via your newsreader so
> that others may learn and benefit from your issue.
> =====================================================
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>
> --------------------
>>From: "Gabe Knuth" <gknuth@news.postalias>
>>References: <ecg515OfFHA.3256@TK2MSFTNGP12.phx.gbl>
> <3yPcvzWfFHA.1336@TK2MSFTNGXA01.phx.gbl>
>>Subject: Re: /sigh/ Latops in a domain...
>>Date: Thu, 30 Jun 2005 09:00:53 -0500
>>Lines: 119
>>X-Priority: 3
>>X-MSMail-Priority: Normal
>>X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
>>X-RFC2646: Format=Flowed; Original
>>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
>>Message-ID: <#t9CCxXfFHA.3944@TK2MSFTNGP10.phx.gbl>
>>Newsgroups: microsoft.public.windowsxp.configuration_manage
>>NNTP-Posting-Host: 65.247.121.5
>>Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP10.phx.gbl
>>Xref: TK2MSFTNGXA01.phx.gbl
> microsoft.public.windowsxp.configuration_manage:12862
>>X-Tomcat-NG: microsoft.public.windowsxp.configuration_manage
>>
>>Thank you. The password never expires option violates our Sarbanes-Oxley
>>policy. We might get an exception for it, but I'd like to exhaust all
> other
>>options before reccommending that.
>>
>>Sorry for posting in the wrong group.
>>
>>One question, though - would this group be appropriate for finding a way
> to
>>launch two applications before the logon screen appears? I have been able
>>to launch one at a time by using startup scripts in local policies, but I
>>can't launch two of them at the same time (one has to exit first, which I
>>can't have since both the dialer and VPN client need to be running all the
>>time).
>>
>>Thanks much,
>>Gabe
>>
>>"Tom Che [MSFT]" <v-tomche@online.microsoft.com> wrote in message
>>news:3yPcvzWfFHA.1336@TK2MSFTNGXA01.phx.gbl...
>>> Hi Gabe,
>>>
>>> Thanks for posting here.
>>>
>>> From your post, my understanding of this issue is: The laptop users
> cannot
>>> access the file share via VPN due to their password expiration. If this
>>> is
>>> not correct, please feel free to let me know.
>>>
>>> This issue seems to be related to Active Directory, so I would suggest
>>> posting in the newsgroup below:
>>>
>>> microsoft.public.windows.server.active_directory
>>>
>>> This is a more appropriate forum for your question where you will get
>>> the
>>> most qualified pool of respondents and other partners in the newsgroups
>>> who
>>> can either share their knowledge or learn from your interaction with us.
>>> Thank you for your understanding.
>>>
>>> However, I think there may be a simply way to resolve this issue:
>>>
>>> You may add all laptop users to a Group in AD, and then apply a security
>>> policy similar with "Password never expires" on this Group.
>>>
>>> This is just an idea, for more detailed about this, please post in above
>>> newsgroup. I believe you will get perfect solution there.
>>>
>>> Have a nice day!
>>>
>>> Sincerely,
>>> Tom Che
>>>
>>> Microsoft Online Partner Support
>>> Get Secure! - www.microsoft.com/security
>>> =====================================================
>>> When responding to posts, please "Reply to Group" via your newsreader so
>>> that others may learn and benefit from your issue.
>>> =====================================================
>>> This posting is provided "AS IS" with no warranties, and confers no
>>> rights.
>>>
>>> --------------------
>>>>From: "Gabe Knuth" <gknuth@news.postalias>
>>>>Subject: /sigh/ Latops in a domain...
>>>>Date: Wed, 29 Jun 2005 16:05:52 -0500
>>>>Lines: 31
>>>>X-Priority: 3
>>>>X-MSMail-Priority: Normal
>>>>X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
>>>>X-RFC2646: Format=Flowed; Original
>>>>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
>>>>Message-ID: <ecg515OfFHA.3256@TK2MSFTNGP12.phx.gbl>
>>>>Newsgroups: microsoft.public.windowsxp.configuration_manage
>>>>NNTP-Posting-Host: 65.247.121.5
>>>>Path:
>>>
> TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP1
>>> 2.phx.gbl
>>>>Xref: TK2MSFTNGXA01.phx.gbl
>>> microsoft.public.windowsxp.configuration_manage:12847
>>>>X-Tomcat-NG: microsoft.public.windowsxp.configuration_manage
>>>>
>>>>This old battle again...
>>>>
>>>>We've got an AD (previously used only Netware for the PC's) with 1200 or
>>> so
>>>>users in it. About 100 of those are laptop users that are rarely in the
>>>>office.
>>>>
>>>>In the past, the users would log on to their local machine, connect via
>>>>Contivity VPN, then authenticate to a Windows file share in a domain
>>>>that
>>>>pretty much only servers were in by using their domain credentials.
> Their
>>>>passwords were set to never expire and were synched manually with their
>>>>Novell and local machine passwords.
>>>>
>>>>Now we're adding them to AD. We've got a corporate SOX policy in place,
>>> so
>>>>each user is required to change their password afte x-number of days.
>>>>Problem is, these users don't connect to the network with their laptops
>>>>before their password expires. That works OK for the local machine,
> it'll
>>>>just cache it until they plug in again, but if they log on with their
>>> cached
>>>>password (after connecting to the VPN), they won't be able to connect to
>>> the
>>>>file share.
>>>>
>>>>What's everyone else doing in situations like this? I've been trying to
>>>>find a way to have their dial-up client and their VPN client launch
> before
>>>>the logon to the box. That should fix this. It seems to me there is a
>>>>simpler way, and I'm just mucking it up and over thinking it.
>>>>
>>>>Any thoughts are appreciated.
>>>>
>>>>Thanks,
>>>>Gabe
>>>>
>>>>
>>>>
>>>
>>
>>
>>
>
Anonymous
July 8, 2005 10:52:33 AM

Archived from groups: microsoft.public.windowsxp.configuration_manage (More info?)

Hi Gabe,

Thanks for your response.

If you have any other questions or concerns, please do not hesitate to
contact us. It is always our pleasure to be of assistance.

Have a nice day!

Sincerely,
Tom Che

Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
>From: "Gabe Knuth" <gknuth@news.postalias>
>References: <ecg515OfFHA.3256@TK2MSFTNGP12.phx.gbl>
<3yPcvzWfFHA.1336@TK2MSFTNGXA01.phx.gbl>
<#t9CCxXfFHA.3944@TK2MSFTNGP10.phx.gbl>
<7bYX$tifFHA.1336@TK2MSFTNGXA01.phx.gbl>
>Subject: Re: /sigh/ Latops in a domain...
>Date: Thu, 7 Jul 2005 11:40:55 -0500
>Lines: 214
>X-Priority: 3
>X-MSMail-Priority: Normal
>X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
>X-RFC2646: Format=Flowed; Original
>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
>Message-ID: <uBGdILxgFHA.2644@TK2MSFTNGP09.phx.gbl>
>Newsgroups: microsoft.public.windowsxp.configuration_manage
>NNTP-Posting-Host: 65.247.121.5
>Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP09.phx.gbl
>Xref: TK2MSFTNGXA01.phx.gbl
microsoft.public.windowsxp.configuration_manage:12970
>X-Tomcat-NG: microsoft.public.windowsxp.configuration_manage
>
>Awesome. I'll try that out.
>
>Thanks
>
>
>"Tom Che [MSFT]" <v-tomche@online.microsoft.com> wrote in message
>news:7bYX$tifFHA.1336@TK2MSFTNGXA01.phx.gbl...
>> Hi Gabe,
>>
>> You are always welcome! Thanks for your update.
>>
>> If you want to launch two applications before the logon screen appears, I
>> think you may edit a batch file containing the commands to run these two
>> applications and make the batch file as Startup scripts.
>>
>> Here is an example of a batch file to run two applications:
>>
>> start C:\Progra~1\ABCDEF~1\a.exe
>> start C:\Progra~1\ABCDEF~1\b.exe
>> exit
>>
>> Note:
>> 1. Please replace a.exe and b.exe and their folders with your own
>> applications and relevant folders.
>> 2. The program's folder name must be 8dot3 format, such as
>> C:\Progra~1\ABCDEF~1
>>
>> However, I am not sure even though you can launch these two applications
>> before logon, your old issue (cannot access file share) certainly can be
>> fixed. Of course, it is valuable to have a try.
>>
>> For more information about batch files and scripting, the following
>> Microsoft Web site may be your reference:
>>
>> Using batch files
>>
<http://www.microsoft.com/resources/documentation/window...
>> -us/batch.mspx>
>>
>> To assign computer startup scripts
>>
<http://www.microsoft.com/resources/documentation/window...
>> -us/gptext_assigncomputerstartupscripts.mspx>
>>
>> Windows Script Host
>>
<http://msdn.microsoft.com/library/en-us/script56/html/w...;
>>
>> TechNet - Script Center
>> http://www.microsoft.com/technet/scriptcenter/default.m...
>>
>> Have a nice day!
>>
>> Sincerely,
>> Tom Che
>>
>> Microsoft Online Partner Support
>> Get Secure! - www.microsoft.com/security
>> =====================================================
>> When responding to posts, please "Reply to Group" via your newsreader so
>> that others may learn and benefit from your issue.
>> =====================================================
>> This posting is provided "AS IS" with no warranties, and confers no
>> rights.
>>
>> --------------------
>>>From: "Gabe Knuth" <gknuth@news.postalias>
>>>References: <ecg515OfFHA.3256@TK2MSFTNGP12.phx.gbl>
>> <3yPcvzWfFHA.1336@TK2MSFTNGXA01.phx.gbl>
>>>Subject: Re: /sigh/ Latops in a domain...
>>>Date: Thu, 30 Jun 2005 09:00:53 -0500
>>>Lines: 119
>>>X-Priority: 3
>>>X-MSMail-Priority: Normal
>>>X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
>>>X-RFC2646: Format=Flowed; Original
>>>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
>>>Message-ID: <#t9CCxXfFHA.3944@TK2MSFTNGP10.phx.gbl>
>>>Newsgroups: microsoft.public.windowsxp.configuration_manage
>>>NNTP-Posting-Host: 65.247.121.5
>>>Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP10.phx.gbl
>>>Xref: TK2MSFTNGXA01.phx.gbl
>> microsoft.public.windowsxp.configuration_manage:12862
>>>X-Tomcat-NG: microsoft.public.windowsxp.configuration_manage
>>>
>>>Thank you. The password never expires option violates our Sarbanes-Oxley
>>>policy. We might get an exception for it, but I'd like to exhaust all
>> other
>>>options before reccommending that.
>>>
>>>Sorry for posting in the wrong group.
>>>
>>>One question, though - would this group be appropriate for finding a way
>> to
>>>launch two applications before the logon screen appears? I have been
able
>>>to launch one at a time by using startup scripts in local policies, but I
>>>can't launch two of them at the same time (one has to exit first, which I
>>>can't have since both the dialer and VPN client need to be running all
the
>>>time).
>>>
>>>Thanks much,
>>>Gabe
>>>
>>>"Tom Che [MSFT]" <v-tomche@online.microsoft.com> wrote in message
>>>news:3yPcvzWfFHA.1336@TK2MSFTNGXA01.phx.gbl...
>>>> Hi Gabe,
>>>>
>>>> Thanks for posting here.
>>>>
>>>> From your post, my understanding of this issue is: The laptop users
>> cannot
>>>> access the file share via VPN due to their password expiration. If
this
>>>> is
>>>> not correct, please feel free to let me know.
>>>>
>>>> This issue seems to be related to Active Directory, so I would suggest
>>>> posting in the newsgroup below:
>>>>
>>>> microsoft.public.windows.server.active_directory
>>>>
>>>> This is a more appropriate forum for your question where you will get
>>>> the
>>>> most qualified pool of respondents and other partners in the newsgroups
>>>> who
>>>> can either share their knowledge or learn from your interaction with
us.
>>>> Thank you for your understanding.
>>>>
>>>> However, I think there may be a simply way to resolve this issue:
>>>>
>>>> You may add all laptop users to a Group in AD, and then apply a
security
>>>> policy similar with "Password never expires" on this Group.
>>>>
>>>> This is just an idea, for more detailed about this, please post in
above
>>>> newsgroup. I believe you will get perfect solution there.
>>>>
>>>> Have a nice day!
>>>>
>>>> Sincerely,
>>>> Tom Che
>>>>
>>>> Microsoft Online Partner Support
>>>> Get Secure! - www.microsoft.com/security
>>>> =====================================================
>>>> When responding to posts, please "Reply to Group" via your newsreader
so
>>>> that others may learn and benefit from your issue.
>>>> =====================================================
>>>> This posting is provided "AS IS" with no warranties, and confers no
>>>> rights.
>>>>
>>>> --------------------
>>>>>From: "Gabe Knuth" <gknuth@news.postalias>
>>>>>Subject: /sigh/ Latops in a domain...
>>>>>Date: Wed, 29 Jun 2005 16:05:52 -0500
>>>>>Lines: 31
>>>>>X-Priority: 3
>>>>>X-MSMail-Priority: Normal
>>>>>X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
>>>>>X-RFC2646: Format=Flowed; Original
>>>>>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
>>>>>Message-ID: <ecg515OfFHA.3256@TK2MSFTNGP12.phx.gbl>
>>>>>Newsgroups: microsoft.public.windowsxp.configuration_manage
>>>>>NNTP-Posting-Host: 65.247.121.5
>>>>>Path:
>>>>
>>
TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP1
>>>> 2.phx.gbl
>>>>>Xref: TK2MSFTNGXA01.phx.gbl
>>>> microsoft.public.windowsxp.configuration_manage:12847
>>>>>X-Tomcat-NG: microsoft.public.windowsxp.configuration_manage
>>>>>
>>>>>This old battle again...
>>>>>
>>>>>We've got an AD (previously used only Netware for the PC's) with 1200
or
>>>> so
>>>>>users in it. About 100 of those are laptop users that are rarely in
the
>>>>>office.
>>>>>
>>>>>In the past, the users would log on to their local machine, connect via
>>>>>Contivity VPN, then authenticate to a Windows file share in a domain
>>>>>that
>>>>>pretty much only servers were in by using their domain credentials.
>> Their
>>>>>passwords were set to never expire and were synched manually with their
>>>>>Novell and local machine passwords.
>>>>>
>>>>>Now we're adding them to AD. We've got a corporate SOX policy in
place,
>>>> so
>>>>>each user is required to change their password afte x-number of days.
>>>>>Problem is, these users don't connect to the network with their laptops
>>>>>before their password expires. That works OK for the local machine,
>> it'll
>>>>>just cache it until they plug in again, but if they log on with their
>>>> cached
>>>>>password (after connecting to the VPN), they won't be able to connect
to
>>>> the
>>>>>file share.
>>>>>
>>>>>What's everyone else doing in situations like this? I've been trying
to
>>>>>find a way to have their dial-up client and their VPN client launch
>> before
>>>>>the logon to the box. That should fix this. It seems to me there is a
>>>>>simpler way, and I'm just mucking it up and over thinking it.
>>>>>
>>>>>Any thoughts are appreciated.
>>>>>
>>>>>Thanks,
>>>>>Gabe
>>>>>
>>>>>
>>>>>
>>>>
>>>
>>>
>>>
>>
>
>
>
!