|
|
Question : Problem: How to sync changed domain password for VPN laptop users?
|
|
Here's the scenario: we force password change for domain users, they change it at work, then when they get home, they log on their laptops (which are part of the domain) using old password, connect to the the network using safenet VPN (watchguard firewall) (they have to use a new password then). The old cached password never "syncs" with the DC for some reason, so they're forced to use an old password on their laptops till they bring it in and plug it in locally, only then it syncs up with the DC.
any hints would be appreciated.
|
Answer : Problem: How to sync changed domain password for VPN laptop users?
|
|
Since the new domain logon information is only cached on the laptop at logon time when the user can access the DC, this behaviour would be expected. When your VPN users login at home, they haven't initiated the VPN at this time, therefore the DC is unavailable and they login using the current cached credentials on the laptop. Windows wouldn't automatically go away and update its local cached login information automatically once a connection to the DC is established by VPN, unfortunately.
The best way of course to get around this is have users login to the network when its plugged straight in with a direct link to the DC. Otherwise, you may be able to get something to work using the "Logon using dial-up connection" option and initiate VPN that way.
|
|
|
|