How can I prevent Domain lockout when using VPN remotely

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I have two home machines that connect to the office via a VPN client over
DSL. My office has a Domain lockout policy enabled after three bad pw
attempts and enforces pw changes every 3 months. When I'm forced to change
pw's I get locked out of the office Domain when connecting from home since
I'm only able to logon to Win2K (locally) using my old pw before actually
connecting to the office (which already has my new pw).
Is there a place/way I can change the old pw locally to match my new pw
before connecting to the Network?

Thanks
 
Thanks for your info Danny. But my problem is a kind of catch-22 since I
have two machines at home. So, I logon locally to machine #1 with original
pw ("a") and connect via VPN to the office and do a ctrl+alt+del to change pw
from "a" to "b". Then I logon locally to machine #2 with original pw ("a")
and connect via VPN. But before I can do a ctrl+alt+del, I'm usually already
locked out. The crux of the problem is not being able to change the pw
locally (unless you know how) before actually connecting to the Office
Network, so that they match and I don't get locked out.
 
Log in to the computer, before you start the VPN right click on my computer
and select manage. Open local users and groups. Expand users, right click on
your username and select reset password. Re set the password to match the
work password. Reboot log in with the new password and connect the VPN.

hth
DDS W 2k MVP MCSE
 
Is there a way to cause your VPN client to not automatically
provide credentials, but to instead make you go through a
prompt based authentication? In the MS VPN client this is
a checkbox in the properties of the VPN connectiod.
It seems that the issue is that you are changing the password
while at work logged into the domain, and your work's VPN
solution is authenticating based on Windows domain accounts.
Hence, you can log into the home machine with the cached
domain account, using old password, but this of course does
not work with the VPN access (and also locks the domain
account in the process). If you can get past that VPN login
then you should have a chance that the cached login can be
updated (maybe?) but this may be most simple by forcing
with another password change after connecting. For that to
happen however, the only way you can have a chance is if
you can provide login info to the VPN server other than what
your VPN client would automatically provide from your
logon credentials.
 
See my previous reply to see if that works about locking and unlocking the
computer to refresh cached credentials. I also wanted to add that the domain
lockout threshold of three is way to low. Microsoft recommends no less than
ten as a threshold assuming weak passwords are not allowed. Account lockout
policy can end up being a denial of service problem for legitimate users. If
you have no control of this you may want to pass the message on. --- Steve
 
Back
Top