/sigh/ Latops in a domain...

Archived from groups: microsoft.public.windowsxp.configuration_manage (More info?)

This old battle again...

We've got an AD (previously used only Netware for the PC's) with 1200 or so
users in it. About 100 of those are laptop users that are rarely in the
office.

In the past, the users would log on to their local machine, connect via
Contivity VPN, then authenticate to a Windows file share in a domain that
pretty much only servers were in by using their domain credentials. Their
passwords were set to never expire and were synched manually with their
Novell and local machine passwords.

Now we're adding them to AD. We've got a corporate SOX policy in place, so
each user is required to change their password afte x-number of days.
Problem is, these users don't connect to the network with their laptops
before their password expires. That works OK for the local machine, it'll
just cache it until they plug in again, but if they log on with their cached
password (after connecting to the VPN), they won't be able to connect to the
file share.

What's everyone else doing in situations like this? I've been trying to
find a way to have their dial-up client and their VPN client launch before
the logon to the box. That should fix this. It seems to me there is a
simpler way, and I'm just mucking it up and over thinking it.

Any thoughts are appreciated.

Thanks,
Gabe
5 answers Last reply
More about sigh latops domain
  1. Archived from groups: microsoft.public.windowsxp.configuration_manage (More info?)

    Hi Gabe,

    Thanks for posting here.

    From your post, my understanding of this issue is: The laptop users cannot
    access the file share via VPN due to their password expiration. If this is
    not correct, please feel free to let me know.

    This issue seems to be related to Active Directory, so I would suggest
    posting in the newsgroup below:

    microsoft.public.windows.server.active_directory

    This is a more appropriate forum for your question where you will get the
    most qualified pool of respondents and other partners in the newsgroups who
    can either share their knowledge or learn from your interaction with us.
    Thank you for your understanding.

    However, I think there may be a simply way to resolve this issue:

    You may add all laptop users to a Group in AD, and then apply a security
    policy similar with "Password never expires" on this Group.

    This is just an idea, for more detailed about this, please post in above
    newsgroup. I believe you will get perfect solution there.

    Have a nice day!

    Sincerely,
    Tom Che

    Microsoft Online Partner Support
    Get Secure! - www.microsoft.com/security
    =====================================================
    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.
    =====================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.

    --------------------
    >From: "Gabe Knuth" <gknuth@news.postalias>
    >Subject: /sigh/ Latops in a domain...
    >Date: Wed, 29 Jun 2005 16:05:52 -0500
    >Lines: 31
    >X-Priority: 3
    >X-MSMail-Priority: Normal
    >X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
    >X-RFC2646: Format=Flowed; Original
    >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
    >Message-ID: <ecg515OfFHA.3256@TK2MSFTNGP12.phx.gbl>
    >Newsgroups: microsoft.public.windowsxp.configuration_manage
    >NNTP-Posting-Host: 65.247.121.5
    >Path:
    TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP1
    2.phx.gbl
    >Xref: TK2MSFTNGXA01.phx.gbl
    microsoft.public.windowsxp.configuration_manage:12847
    >X-Tomcat-NG: microsoft.public.windowsxp.configuration_manage
    >
    >This old battle again...
    >
    >We've got an AD (previously used only Netware for the PC's) with 1200 or
    so
    >users in it. About 100 of those are laptop users that are rarely in the
    >office.
    >
    >In the past, the users would log on to their local machine, connect via
    >Contivity VPN, then authenticate to a Windows file share in a domain that
    >pretty much only servers were in by using their domain credentials. Their
    >passwords were set to never expire and were synched manually with their
    >Novell and local machine passwords.
    >
    >Now we're adding them to AD. We've got a corporate SOX policy in place,
    so
    >each user is required to change their password afte x-number of days.
    >Problem is, these users don't connect to the network with their laptops
    >before their password expires. That works OK for the local machine, it'll
    >just cache it until they plug in again, but if they log on with their
    cached
    >password (after connecting to the VPN), they won't be able to connect to
    the
    >file share.
    >
    >What's everyone else doing in situations like this? I've been trying to
    >find a way to have their dial-up client and their VPN client launch before
    >the logon to the box. That should fix this. It seems to me there is a
    >simpler way, and I'm just mucking it up and over thinking it.
    >
    >Any thoughts are appreciated.
    >
    >Thanks,
    >Gabe
    >
    >
    >
  2. Archived from groups: microsoft.public.windowsxp.configuration_manage (More info?)

    Thank you. The password never expires option violates our Sarbanes-Oxley
    policy. We might get an exception for it, but I'd like to exhaust all other
    options before reccommending that.

    Sorry for posting in the wrong group.

    One question, though - would this group be appropriate for finding a way to
    launch two applications before the logon screen appears? I have been able
    to launch one at a time by using startup scripts in local policies, but I
    can't launch two of them at the same time (one has to exit first, which I
    can't have since both the dialer and VPN client need to be running all the
    time).

    Thanks much,
    Gabe

    "Tom Che [MSFT]" <v-tomche@online.microsoft.com> wrote in message
    news:3yPcvzWfFHA.1336@TK2MSFTNGXA01.phx.gbl...
    > Hi Gabe,
    >
    > Thanks for posting here.
    >
    > From your post, my understanding of this issue is: The laptop users cannot
    > access the file share via VPN due to their password expiration. If this
    > is
    > not correct, please feel free to let me know.
    >
    > This issue seems to be related to Active Directory, so I would suggest
    > posting in the newsgroup below:
    >
    > microsoft.public.windows.server.active_directory
    >
    > This is a more appropriate forum for your question where you will get the
    > most qualified pool of respondents and other partners in the newsgroups
    > who
    > can either share their knowledge or learn from your interaction with us.
    > Thank you for your understanding.
    >
    > However, I think there may be a simply way to resolve this issue:
    >
    > You may add all laptop users to a Group in AD, and then apply a security
    > policy similar with "Password never expires" on this Group.
    >
    > This is just an idea, for more detailed about this, please post in above
    > newsgroup. I believe you will get perfect solution there.
    >
    > Have a nice day!
    >
    > Sincerely,
    > Tom Che
    >
    > Microsoft Online Partner Support
    > Get Secure! - www.microsoft.com/security
    > =====================================================
    > When responding to posts, please "Reply to Group" via your newsreader so
    > that others may learn and benefit from your issue.
    > =====================================================
    > This posting is provided "AS IS" with no warranties, and confers no
    > rights.
    >
    > --------------------
    >>From: "Gabe Knuth" <gknuth@news.postalias>
    >>Subject: /sigh/ Latops in a domain...
    >>Date: Wed, 29 Jun 2005 16:05:52 -0500
    >>Lines: 31
    >>X-Priority: 3
    >>X-MSMail-Priority: Normal
    >>X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
    >>X-RFC2646: Format=Flowed; Original
    >>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
    >>Message-ID: <ecg515OfFHA.3256@TK2MSFTNGP12.phx.gbl>
    >>Newsgroups: microsoft.public.windowsxp.configuration_manage
    >>NNTP-Posting-Host: 65.247.121.5
    >>Path:
    > TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP1
    > 2.phx.gbl
    >>Xref: TK2MSFTNGXA01.phx.gbl
    > microsoft.public.windowsxp.configuration_manage:12847
    >>X-Tomcat-NG: microsoft.public.windowsxp.configuration_manage
    >>
    >>This old battle again...
    >>
    >>We've got an AD (previously used only Netware for the PC's) with 1200 or
    > so
    >>users in it. About 100 of those are laptop users that are rarely in the
    >>office.
    >>
    >>In the past, the users would log on to their local machine, connect via
    >>Contivity VPN, then authenticate to a Windows file share in a domain that
    >>pretty much only servers were in by using their domain credentials. Their
    >>passwords were set to never expire and were synched manually with their
    >>Novell and local machine passwords.
    >>
    >>Now we're adding them to AD. We've got a corporate SOX policy in place,
    > so
    >>each user is required to change their password afte x-number of days.
    >>Problem is, these users don't connect to the network with their laptops
    >>before their password expires. That works OK for the local machine, it'll
    >>just cache it until they plug in again, but if they log on with their
    > cached
    >>password (after connecting to the VPN), they won't be able to connect to
    > the
    >>file share.
    >>
    >>What's everyone else doing in situations like this? I've been trying to
    >>find a way to have their dial-up client and their VPN client launch before
    >>the logon to the box. That should fix this. It seems to me there is a
    >>simpler way, and I'm just mucking it up and over thinking it.
    >>
    >>Any thoughts are appreciated.
    >>
    >>Thanks,
    >>Gabe
    >>
    >>
    >>
    >
  3. Archived from groups: microsoft.public.windowsxp.configuration_manage (More info?)

    Hi Gabe,

    You are always welcome! Thanks for your update.

    If you want to launch two applications before the logon screen appears, I
    think you may edit a batch file containing the commands to run these two
    applications and make the batch file as Startup scripts.

    Here is an example of a batch file to run two applications:

    start C:\Progra~1\ABCDEF~1\a.exe
    start C:\Progra~1\ABCDEF~1\b.exe
    exit

    Note:
    1. Please replace a.exe and b.exe and their folders with your own
    applications and relevant folders.
    2. The program's folder name must be 8dot3 format, such as
    C:\Progra~1\ABCDEF~1

    However, I am not sure even though you can launch these two applications
    before logon, your old issue (cannot access file share) certainly can be
    fixed. Of course, it is valuable to have a try.

    For more information about batch files and scripting, the following
    Microsoft Web site may be your reference:

    Using batch files
    <http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en
    -us/batch.mspx>

    To assign computer startup scripts
    <http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en
    -us/gptext_assigncomputerstartupscripts.mspx>

    Windows Script Host
    <http://msdn.microsoft.com/library/en-us/script56/html/wsconwhatiswsh.asp>

    TechNet - Script Center
    http://www.microsoft.com/technet/scriptcenter/default.mspx

    Have a nice day!

    Sincerely,
    Tom Che

    Microsoft Online Partner Support
    Get Secure! - www.microsoft.com/security
    =====================================================
    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.
    =====================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.

    --------------------
    >From: "Gabe Knuth" <gknuth@news.postalias>
    >References: <ecg515OfFHA.3256@TK2MSFTNGP12.phx.gbl>
    <3yPcvzWfFHA.1336@TK2MSFTNGXA01.phx.gbl>
    >Subject: Re: /sigh/ Latops in a domain...
    >Date: Thu, 30 Jun 2005 09:00:53 -0500
    >Lines: 119
    >X-Priority: 3
    >X-MSMail-Priority: Normal
    >X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
    >X-RFC2646: Format=Flowed; Original
    >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
    >Message-ID: <#t9CCxXfFHA.3944@TK2MSFTNGP10.phx.gbl>
    >Newsgroups: microsoft.public.windowsxp.configuration_manage
    >NNTP-Posting-Host: 65.247.121.5
    >Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP10.phx.gbl
    >Xref: TK2MSFTNGXA01.phx.gbl
    microsoft.public.windowsxp.configuration_manage:12862
    >X-Tomcat-NG: microsoft.public.windowsxp.configuration_manage
    >
    >Thank you. The password never expires option violates our Sarbanes-Oxley
    >policy. We might get an exception for it, but I'd like to exhaust all
    other
    >options before reccommending that.
    >
    >Sorry for posting in the wrong group.
    >
    >One question, though - would this group be appropriate for finding a way
    to
    >launch two applications before the logon screen appears? I have been able
    >to launch one at a time by using startup scripts in local policies, but I
    >can't launch two of them at the same time (one has to exit first, which I
    >can't have since both the dialer and VPN client need to be running all the
    >time).
    >
    >Thanks much,
    >Gabe
    >
    >"Tom Che [MSFT]" <v-tomche@online.microsoft.com> wrote in message
    >news:3yPcvzWfFHA.1336@TK2MSFTNGXA01.phx.gbl...
    >> Hi Gabe,
    >>
    >> Thanks for posting here.
    >>
    >> From your post, my understanding of this issue is: The laptop users
    cannot
    >> access the file share via VPN due to their password expiration. If this
    >> is
    >> not correct, please feel free to let me know.
    >>
    >> This issue seems to be related to Active Directory, so I would suggest
    >> posting in the newsgroup below:
    >>
    >> microsoft.public.windows.server.active_directory
    >>
    >> This is a more appropriate forum for your question where you will get the
    >> most qualified pool of respondents and other partners in the newsgroups
    >> who
    >> can either share their knowledge or learn from your interaction with us.
    >> Thank you for your understanding.
    >>
    >> However, I think there may be a simply way to resolve this issue:
    >>
    >> You may add all laptop users to a Group in AD, and then apply a security
    >> policy similar with "Password never expires" on this Group.
    >>
    >> This is just an idea, for more detailed about this, please post in above
    >> newsgroup. I believe you will get perfect solution there.
    >>
    >> Have a nice day!
    >>
    >> Sincerely,
    >> Tom Che
    >>
    >> Microsoft Online Partner Support
    >> Get Secure! - www.microsoft.com/security
    >> =====================================================
    >> When responding to posts, please "Reply to Group" via your newsreader so
    >> that others may learn and benefit from your issue.
    >> =====================================================
    >> This posting is provided "AS IS" with no warranties, and confers no
    >> rights.
    >>
    >> --------------------
    >>>From: "Gabe Knuth" <gknuth@news.postalias>
    >>>Subject: /sigh/ Latops in a domain...
    >>>Date: Wed, 29 Jun 2005 16:05:52 -0500
    >>>Lines: 31
    >>>X-Priority: 3
    >>>X-MSMail-Priority: Normal
    >>>X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
    >>>X-RFC2646: Format=Flowed; Original
    >>>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
    >>>Message-ID: <ecg515OfFHA.3256@TK2MSFTNGP12.phx.gbl>
    >>>Newsgroups: microsoft.public.windowsxp.configuration_manage
    >>>NNTP-Posting-Host: 65.247.121.5
    >>>Path:
    >>
    TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP1
    >> 2.phx.gbl
    >>>Xref: TK2MSFTNGXA01.phx.gbl
    >> microsoft.public.windowsxp.configuration_manage:12847
    >>>X-Tomcat-NG: microsoft.public.windowsxp.configuration_manage
    >>>
    >>>This old battle again...
    >>>
    >>>We've got an AD (previously used only Netware for the PC's) with 1200 or
    >> so
    >>>users in it. About 100 of those are laptop users that are rarely in the
    >>>office.
    >>>
    >>>In the past, the users would log on to their local machine, connect via
    >>>Contivity VPN, then authenticate to a Windows file share in a domain that
    >>>pretty much only servers were in by using their domain credentials.
    Their
    >>>passwords were set to never expire and were synched manually with their
    >>>Novell and local machine passwords.
    >>>
    >>>Now we're adding them to AD. We've got a corporate SOX policy in place,
    >> so
    >>>each user is required to change their password afte x-number of days.
    >>>Problem is, these users don't connect to the network with their laptops
    >>>before their password expires. That works OK for the local machine,
    it'll
    >>>just cache it until they plug in again, but if they log on with their
    >> cached
    >>>password (after connecting to the VPN), they won't be able to connect to
    >> the
    >>>file share.
    >>>
    >>>What's everyone else doing in situations like this? I've been trying to
    >>>find a way to have their dial-up client and their VPN client launch
    before
    >>>the logon to the box. That should fix this. It seems to me there is a
    >>>simpler way, and I'm just mucking it up and over thinking it.
    >>>
    >>>Any thoughts are appreciated.
    >>>
    >>>Thanks,
    >>>Gabe
    >>>
    >>>
    >>>
    >>
    >
    >
    >
  4. Archived from groups: microsoft.public.windowsxp.configuration_manage (More info?)

    Awesome. I'll try that out.

    Thanks


    "Tom Che [MSFT]" <v-tomche@online.microsoft.com> wrote in message
    news:7bYX$tifFHA.1336@TK2MSFTNGXA01.phx.gbl...
    > Hi Gabe,
    >
    > You are always welcome! Thanks for your update.
    >
    > If you want to launch two applications before the logon screen appears, I
    > think you may edit a batch file containing the commands to run these two
    > applications and make the batch file as Startup scripts.
    >
    > Here is an example of a batch file to run two applications:
    >
    > start C:\Progra~1\ABCDEF~1\a.exe
    > start C:\Progra~1\ABCDEF~1\b.exe
    > exit
    >
    > Note:
    > 1. Please replace a.exe and b.exe and their folders with your own
    > applications and relevant folders.
    > 2. The program's folder name must be 8dot3 format, such as
    > C:\Progra~1\ABCDEF~1
    >
    > However, I am not sure even though you can launch these two applications
    > before logon, your old issue (cannot access file share) certainly can be
    > fixed. Of course, it is valuable to have a try.
    >
    > For more information about batch files and scripting, the following
    > Microsoft Web site may be your reference:
    >
    > Using batch files
    > <http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en
    > -us/batch.mspx>
    >
    > To assign computer startup scripts
    > <http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en
    > -us/gptext_assigncomputerstartupscripts.mspx>
    >
    > Windows Script Host
    > <http://msdn.microsoft.com/library/en-us/script56/html/wsconwhatiswsh.asp>
    >
    > TechNet - Script Center
    > http://www.microsoft.com/technet/scriptcenter/default.mspx
    >
    > Have a nice day!
    >
    > Sincerely,
    > Tom Che
    >
    > Microsoft Online Partner Support
    > Get Secure! - www.microsoft.com/security
    > =====================================================
    > When responding to posts, please "Reply to Group" via your newsreader so
    > that others may learn and benefit from your issue.
    > =====================================================
    > This posting is provided "AS IS" with no warranties, and confers no
    > rights.
    >
    > --------------------
    >>From: "Gabe Knuth" <gknuth@news.postalias>
    >>References: <ecg515OfFHA.3256@TK2MSFTNGP12.phx.gbl>
    > <3yPcvzWfFHA.1336@TK2MSFTNGXA01.phx.gbl>
    >>Subject: Re: /sigh/ Latops in a domain...
    >>Date: Thu, 30 Jun 2005 09:00:53 -0500
    >>Lines: 119
    >>X-Priority: 3
    >>X-MSMail-Priority: Normal
    >>X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
    >>X-RFC2646: Format=Flowed; Original
    >>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
    >>Message-ID: <#t9CCxXfFHA.3944@TK2MSFTNGP10.phx.gbl>
    >>Newsgroups: microsoft.public.windowsxp.configuration_manage
    >>NNTP-Posting-Host: 65.247.121.5
    >>Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP10.phx.gbl
    >>Xref: TK2MSFTNGXA01.phx.gbl
    > microsoft.public.windowsxp.configuration_manage:12862
    >>X-Tomcat-NG: microsoft.public.windowsxp.configuration_manage
    >>
    >>Thank you. The password never expires option violates our Sarbanes-Oxley
    >>policy. We might get an exception for it, but I'd like to exhaust all
    > other
    >>options before reccommending that.
    >>
    >>Sorry for posting in the wrong group.
    >>
    >>One question, though - would this group be appropriate for finding a way
    > to
    >>launch two applications before the logon screen appears? I have been able
    >>to launch one at a time by using startup scripts in local policies, but I
    >>can't launch two of them at the same time (one has to exit first, which I
    >>can't have since both the dialer and VPN client need to be running all the
    >>time).
    >>
    >>Thanks much,
    >>Gabe
    >>
    >>"Tom Che [MSFT]" <v-tomche@online.microsoft.com> wrote in message
    >>news:3yPcvzWfFHA.1336@TK2MSFTNGXA01.phx.gbl...
    >>> Hi Gabe,
    >>>
    >>> Thanks for posting here.
    >>>
    >>> From your post, my understanding of this issue is: The laptop users
    > cannot
    >>> access the file share via VPN due to their password expiration. If this
    >>> is
    >>> not correct, please feel free to let me know.
    >>>
    >>> This issue seems to be related to Active Directory, so I would suggest
    >>> posting in the newsgroup below:
    >>>
    >>> microsoft.public.windows.server.active_directory
    >>>
    >>> This is a more appropriate forum for your question where you will get
    >>> the
    >>> most qualified pool of respondents and other partners in the newsgroups
    >>> who
    >>> can either share their knowledge or learn from your interaction with us.
    >>> Thank you for your understanding.
    >>>
    >>> However, I think there may be a simply way to resolve this issue:
    >>>
    >>> You may add all laptop users to a Group in AD, and then apply a security
    >>> policy similar with "Password never expires" on this Group.
    >>>
    >>> This is just an idea, for more detailed about this, please post in above
    >>> newsgroup. I believe you will get perfect solution there.
    >>>
    >>> Have a nice day!
    >>>
    >>> Sincerely,
    >>> Tom Che
    >>>
    >>> Microsoft Online Partner Support
    >>> Get Secure! - www.microsoft.com/security
    >>> =====================================================
    >>> When responding to posts, please "Reply to Group" via your newsreader so
    >>> that others may learn and benefit from your issue.
    >>> =====================================================
    >>> This posting is provided "AS IS" with no warranties, and confers no
    >>> rights.
    >>>
    >>> --------------------
    >>>>From: "Gabe Knuth" <gknuth@news.postalias>
    >>>>Subject: /sigh/ Latops in a domain...
    >>>>Date: Wed, 29 Jun 2005 16:05:52 -0500
    >>>>Lines: 31
    >>>>X-Priority: 3
    >>>>X-MSMail-Priority: Normal
    >>>>X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
    >>>>X-RFC2646: Format=Flowed; Original
    >>>>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
    >>>>Message-ID: <ecg515OfFHA.3256@TK2MSFTNGP12.phx.gbl>
    >>>>Newsgroups: microsoft.public.windowsxp.configuration_manage
    >>>>NNTP-Posting-Host: 65.247.121.5
    >>>>Path:
    >>>
    > TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP1
    >>> 2.phx.gbl
    >>>>Xref: TK2MSFTNGXA01.phx.gbl
    >>> microsoft.public.windowsxp.configuration_manage:12847
    >>>>X-Tomcat-NG: microsoft.public.windowsxp.configuration_manage
    >>>>
    >>>>This old battle again...
    >>>>
    >>>>We've got an AD (previously used only Netware for the PC's) with 1200 or
    >>> so
    >>>>users in it. About 100 of those are laptop users that are rarely in the
    >>>>office.
    >>>>
    >>>>In the past, the users would log on to their local machine, connect via
    >>>>Contivity VPN, then authenticate to a Windows file share in a domain
    >>>>that
    >>>>pretty much only servers were in by using their domain credentials.
    > Their
    >>>>passwords were set to never expire and were synched manually with their
    >>>>Novell and local machine passwords.
    >>>>
    >>>>Now we're adding them to AD. We've got a corporate SOX policy in place,
    >>> so
    >>>>each user is required to change their password afte x-number of days.
    >>>>Problem is, these users don't connect to the network with their laptops
    >>>>before their password expires. That works OK for the local machine,
    > it'll
    >>>>just cache it until they plug in again, but if they log on with their
    >>> cached
    >>>>password (after connecting to the VPN), they won't be able to connect to
    >>> the
    >>>>file share.
    >>>>
    >>>>What's everyone else doing in situations like this? I've been trying to
    >>>>find a way to have their dial-up client and their VPN client launch
    > before
    >>>>the logon to the box. That should fix this. It seems to me there is a
    >>>>simpler way, and I'm just mucking it up and over thinking it.
    >>>>
    >>>>Any thoughts are appreciated.
    >>>>
    >>>>Thanks,
    >>>>Gabe
    >>>>
    >>>>
    >>>>
    >>>
    >>
    >>
    >>
    >
  5. Archived from groups: microsoft.public.windowsxp.configuration_manage (More info?)

    Hi Gabe,

    Thanks for your response.

    If you have any other questions or concerns, please do not hesitate to
    contact us. It is always our pleasure to be of assistance.

    Have a nice day!

    Sincerely,
    Tom Che

    Microsoft Online Partner Support
    Get Secure! - www.microsoft.com/security
    =====================================================
    When responding to posts, please "Reply to Group" via your newsreader so
    that others may learn and benefit from your issue.
    =====================================================
    This posting is provided "AS IS" with no warranties, and confers no rights.
    --------------------
    >From: "Gabe Knuth" <gknuth@news.postalias>
    >References: <ecg515OfFHA.3256@TK2MSFTNGP12.phx.gbl>
    <3yPcvzWfFHA.1336@TK2MSFTNGXA01.phx.gbl>
    <#t9CCxXfFHA.3944@TK2MSFTNGP10.phx.gbl>
    <7bYX$tifFHA.1336@TK2MSFTNGXA01.phx.gbl>
    >Subject: Re: /sigh/ Latops in a domain...
    >Date: Thu, 7 Jul 2005 11:40:55 -0500
    >Lines: 214
    >X-Priority: 3
    >X-MSMail-Priority: Normal
    >X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
    >X-RFC2646: Format=Flowed; Original
    >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
    >Message-ID: <uBGdILxgFHA.2644@TK2MSFTNGP09.phx.gbl>
    >Newsgroups: microsoft.public.windowsxp.configuration_manage
    >NNTP-Posting-Host: 65.247.121.5
    >Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP09.phx.gbl
    >Xref: TK2MSFTNGXA01.phx.gbl
    microsoft.public.windowsxp.configuration_manage:12970
    >X-Tomcat-NG: microsoft.public.windowsxp.configuration_manage
    >
    >Awesome. I'll try that out.
    >
    >Thanks
    >
    >
    >"Tom Che [MSFT]" <v-tomche@online.microsoft.com> wrote in message
    >news:7bYX$tifFHA.1336@TK2MSFTNGXA01.phx.gbl...
    >> Hi Gabe,
    >>
    >> You are always welcome! Thanks for your update.
    >>
    >> If you want to launch two applications before the logon screen appears, I
    >> think you may edit a batch file containing the commands to run these two
    >> applications and make the batch file as Startup scripts.
    >>
    >> Here is an example of a batch file to run two applications:
    >>
    >> start C:\Progra~1\ABCDEF~1\a.exe
    >> start C:\Progra~1\ABCDEF~1\b.exe
    >> exit
    >>
    >> Note:
    >> 1. Please replace a.exe and b.exe and their folders with your own
    >> applications and relevant folders.
    >> 2. The program's folder name must be 8dot3 format, such as
    >> C:\Progra~1\ABCDEF~1
    >>
    >> However, I am not sure even though you can launch these two applications
    >> before logon, your old issue (cannot access file share) certainly can be
    >> fixed. Of course, it is valuable to have a try.
    >>
    >> For more information about batch files and scripting, the following
    >> Microsoft Web site may be your reference:
    >>
    >> Using batch files
    >>
    <http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en
    >> -us/batch.mspx>
    >>
    >> To assign computer startup scripts
    >>
    <http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en
    >> -us/gptext_assigncomputerstartupscripts.mspx>
    >>
    >> Windows Script Host
    >>
    <http://msdn.microsoft.com/library/en-us/script56/html/wsconwhatiswsh.asp>
    >>
    >> TechNet - Script Center
    >> http://www.microsoft.com/technet/scriptcenter/default.mspx
    >>
    >> Have a nice day!
    >>
    >> Sincerely,
    >> Tom Che
    >>
    >> Microsoft Online Partner Support
    >> Get Secure! - www.microsoft.com/security
    >> =====================================================
    >> When responding to posts, please "Reply to Group" via your newsreader so
    >> that others may learn and benefit from your issue.
    >> =====================================================
    >> This posting is provided "AS IS" with no warranties, and confers no
    >> rights.
    >>
    >> --------------------
    >>>From: "Gabe Knuth" <gknuth@news.postalias>
    >>>References: <ecg515OfFHA.3256@TK2MSFTNGP12.phx.gbl>
    >> <3yPcvzWfFHA.1336@TK2MSFTNGXA01.phx.gbl>
    >>>Subject: Re: /sigh/ Latops in a domain...
    >>>Date: Thu, 30 Jun 2005 09:00:53 -0500
    >>>Lines: 119
    >>>X-Priority: 3
    >>>X-MSMail-Priority: Normal
    >>>X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
    >>>X-RFC2646: Format=Flowed; Original
    >>>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
    >>>Message-ID: <#t9CCxXfFHA.3944@TK2MSFTNGP10.phx.gbl>
    >>>Newsgroups: microsoft.public.windowsxp.configuration_manage
    >>>NNTP-Posting-Host: 65.247.121.5
    >>>Path: TK2MSFTNGXA01.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP10.phx.gbl
    >>>Xref: TK2MSFTNGXA01.phx.gbl
    >> microsoft.public.windowsxp.configuration_manage:12862
    >>>X-Tomcat-NG: microsoft.public.windowsxp.configuration_manage
    >>>
    >>>Thank you. The password never expires option violates our Sarbanes-Oxley
    >>>policy. We might get an exception for it, but I'd like to exhaust all
    >> other
    >>>options before reccommending that.
    >>>
    >>>Sorry for posting in the wrong group.
    >>>
    >>>One question, though - would this group be appropriate for finding a way
    >> to
    >>>launch two applications before the logon screen appears? I have been
    able
    >>>to launch one at a time by using startup scripts in local policies, but I
    >>>can't launch two of them at the same time (one has to exit first, which I
    >>>can't have since both the dialer and VPN client need to be running all
    the
    >>>time).
    >>>
    >>>Thanks much,
    >>>Gabe
    >>>
    >>>"Tom Che [MSFT]" <v-tomche@online.microsoft.com> wrote in message
    >>>news:3yPcvzWfFHA.1336@TK2MSFTNGXA01.phx.gbl...
    >>>> Hi Gabe,
    >>>>
    >>>> Thanks for posting here.
    >>>>
    >>>> From your post, my understanding of this issue is: The laptop users
    >> cannot
    >>>> access the file share via VPN due to their password expiration. If
    this
    >>>> is
    >>>> not correct, please feel free to let me know.
    >>>>
    >>>> This issue seems to be related to Active Directory, so I would suggest
    >>>> posting in the newsgroup below:
    >>>>
    >>>> microsoft.public.windows.server.active_directory
    >>>>
    >>>> This is a more appropriate forum for your question where you will get
    >>>> the
    >>>> most qualified pool of respondents and other partners in the newsgroups
    >>>> who
    >>>> can either share their knowledge or learn from your interaction with
    us.
    >>>> Thank you for your understanding.
    >>>>
    >>>> However, I think there may be a simply way to resolve this issue:
    >>>>
    >>>> You may add all laptop users to a Group in AD, and then apply a
    security
    >>>> policy similar with "Password never expires" on this Group.
    >>>>
    >>>> This is just an idea, for more detailed about this, please post in
    above
    >>>> newsgroup. I believe you will get perfect solution there.
    >>>>
    >>>> Have a nice day!
    >>>>
    >>>> Sincerely,
    >>>> Tom Che
    >>>>
    >>>> Microsoft Online Partner Support
    >>>> Get Secure! - www.microsoft.com/security
    >>>> =====================================================
    >>>> When responding to posts, please "Reply to Group" via your newsreader
    so
    >>>> that others may learn and benefit from your issue.
    >>>> =====================================================
    >>>> This posting is provided "AS IS" with no warranties, and confers no
    >>>> rights.
    >>>>
    >>>> --------------------
    >>>>>From: "Gabe Knuth" <gknuth@news.postalias>
    >>>>>Subject: /sigh/ Latops in a domain...
    >>>>>Date: Wed, 29 Jun 2005 16:05:52 -0500
    >>>>>Lines: 31
    >>>>>X-Priority: 3
    >>>>>X-MSMail-Priority: Normal
    >>>>>X-Newsreader: Microsoft Outlook Express 6.00.2900.2180
    >>>>>X-RFC2646: Format=Flowed; Original
    >>>>>X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
    >>>>>Message-ID: <ecg515OfFHA.3256@TK2MSFTNGP12.phx.gbl>
    >>>>>Newsgroups: microsoft.public.windowsxp.configuration_manage
    >>>>>NNTP-Posting-Host: 65.247.121.5
    >>>>>Path:
    >>>>
    >>
    TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl!TK2MSFTNGP08.phx.gbl!TK2MSFTNGP1
    >>>> 2.phx.gbl
    >>>>>Xref: TK2MSFTNGXA01.phx.gbl
    >>>> microsoft.public.windowsxp.configuration_manage:12847
    >>>>>X-Tomcat-NG: microsoft.public.windowsxp.configuration_manage
    >>>>>
    >>>>>This old battle again...
    >>>>>
    >>>>>We've got an AD (previously used only Netware for the PC's) with 1200
    or
    >>>> so
    >>>>>users in it. About 100 of those are laptop users that are rarely in
    the
    >>>>>office.
    >>>>>
    >>>>>In the past, the users would log on to their local machine, connect via
    >>>>>Contivity VPN, then authenticate to a Windows file share in a domain
    >>>>>that
    >>>>>pretty much only servers were in by using their domain credentials.
    >> Their
    >>>>>passwords were set to never expire and were synched manually with their
    >>>>>Novell and local machine passwords.
    >>>>>
    >>>>>Now we're adding them to AD. We've got a corporate SOX policy in
    place,
    >>>> so
    >>>>>each user is required to change their password afte x-number of days.
    >>>>>Problem is, these users don't connect to the network with their laptops
    >>>>>before their password expires. That works OK for the local machine,
    >> it'll
    >>>>>just cache it until they plug in again, but if they log on with their
    >>>> cached
    >>>>>password (after connecting to the VPN), they won't be able to connect
    to
    >>>> the
    >>>>>file share.
    >>>>>
    >>>>>What's everyone else doing in situations like this? I've been trying
    to
    >>>>>find a way to have their dial-up client and their VPN client launch
    >> before
    >>>>>the logon to the box. That should fix this. It seems to me there is a
    >>>>>simpler way, and I'm just mucking it up and over thinking it.
    >>>>>
    >>>>>Any thoughts are appreciated.
    >>>>>
    >>>>>Thanks,
    >>>>>Gabe
    >>>>>
    >>>>>
    >>>>>
    >>>>
    >>>
    >>>
    >>>
    >>
    >
    >
    >
Ask a new question

Read More

Configuration Domain Windows XP