Domains, user profiles and VPNs

I have several users that log into the network via a VPN appliance. One
of these users is almost never in the office and as such never logs into
the network directly (he has only been in the office once since his
laptop was set up.0 All access to network resources is done via the VPN
and in general, he has no problem accessing network resources. However,
we noticed a problem recently. Despite manually expiring his password
and forcing him to change at next logon, he is never prompted to create
a new password. This is also preventing him from accessing new network
resources. In other words, he can only see what was there when he was
last physically in the office.

It is my understanding that, by default, clients cache the domain
account and password for local logon in the event a domain controller
cannot be contacted. Since he logs into his computer first and then
attaches to the network via the VPN, this cache is never updated at "login".

How can I force him to synchronize with the network, update his cached
credentials and allow him to gain access to the network resource?

Thanks!

++C++

He needs to check the checkbox at the Ctl-Alt-Del Prompt that say "Login
with Dialup connection" and then choose the VPN Connection when prompted.
Otherwise he is only logging into the locally Cached Account and never into
the Domain itself,...since he is already "logged in" by the time the machine
can even see the DC he is ever prompted to change the password. That is my
"guess" anyway,..I have never run into that myself.

--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/IS...cessRules.html

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/t...dance/2004.asp