Password change vs. cached credentials with VPN

[Neil]

Hi!

Someone from the microsoft.public.win2000.security newsgroup suggested to
post my problem here. So here it is:

A Windows 2000 Professional workstation is a member of an NT4 domain, and on
it is installed a 3rd party VPN client software for remote connectivity. A
domain user account gets access to resources on the domain by logging on
locally using cached credentials, and then establishing a connection through
VPN.
When the password for the cached credential is the same as the one stored in
the domain SAM, things are fine.
BUT when the user say changes his/her password from another workstation,
where he/she is logged on to the domain, the problem arises: If the user
does not remember to update the cached credential on the first machine with
the new password, he/she will be denied access to the domain ressources, the
next time he/she connects through VPN.

Does anyone have any suggestions on how to solve this problem (relying on
the user to remember the password change is unfortunately NOT an option
?

best regards
Neil

 

[Bill Grant]

There are various ways to send the credentials. What you use depends on
what is most convenient. For instance you can use the "Run As" option, or
you can use the "user:" option in a net use command.

By default, W2k Pro will send the logon credentials, which only works if
the local logon and the domain logon match.