Domains, user profiles and VPNs

Discussion in 'Windows Networking' started by Chris, Sep 19, 2005.

  1. Chris

    Chris Guest

    I have several users that log into the network via a VPN appliance. One
    of these users is almost never in the office and as such never logs into
    the network directly (he has only been in the office once since his
    laptop was set up.0 All access to network resources is done via the VPN
    and in general, he has no problem accessing network resources. However,
    we noticed a problem recently. Despite manually expiring his password
    and forcing him to change at next logon, he is never prompted to create
    a new password. This is also preventing him from accessing new network
    resources. In other words, he can only see what was there when he was
    last physically in the office.

    It is my understanding that, by default, clients cache the domain
    account and password for local logon in the event a domain controller
    cannot be contacted. Since he logs into his computer first and then
    attaches to the network via the VPN, this cache is never updated at "login".

    How can I force him to synchronize with the network, update his cached
    credentials and allow him to gain access to the network resource?

    Thanks!

    ++C++
     
    Chris, Sep 19, 2005
    #1
    1. Advertisements

  2. He needs to check the checkbox at the Ctl-Alt-Del Prompt that say "Login
    with Dialup connection" and then choose the VPN Connection when prompted.
    Otherwise he is only logging into the locally Cached Account and never into
    the Domain itself,...since he is already "logged in" by the time the machine
    can even see the DC he is ever prompted to change the password. That is my
    "guess" anyway,..I have never run into that myself.

    --
    Phillip Windell [MCP, MVP, CCNA]
    www.wandtv.com
    -----------------------------------------------------
    Understanding the ISA 2004 Access Rule Processing
    http://www.isaserver.org/articles/ISA2004_AccessRules.html

    Microsoft Internet Security & Acceleration Server: Guidance
    http://www.microsoft.com/isaserver/techinfo/Guidance/2004.asp
     
    Phillip Windell, Sep 19, 2005
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.