Password expiration notice for remote users

  • Thread starter Thread starter Chris.Coops
  • Start date Start date
C

Chris.Coops

Hi,
A number of our users are remote, and others have both a desktop and a
laptop (for use at home, don't ask!), and the only people that don't
have this problem are the office workers using an always connected
desktop.

It seems this is a known issue, but nothing with a concrete solution,
so I was hoping someone can give me their experiences.
Our password expiration policy is 60 days, with a 5 day warning.
However, remote users do not get this warning or even the final
message that their password has expired. They logon to their Windows
XP laptop, and load up our VPN client and the only error message they
get is Microsoft Outlook asking them for their password (usually
outlook connects directly to their email account).
Then I get the phone call to say they can't logon to Outlook. Most
user's have been re-educated to think back to when they last changed
their password and will figure our they have to exit outlook and
manually reset their password. But it's still a hassle that shouldn't
be!

Those with home laptops but desktops for office work, have a similar
problem. They get notified at work what their new password is, but
when they go home have to use their old password, and before
connecting to the VPN client manually change the password on the
laptop to the same one their chose at work.

Is there any way around this issue, especially the remote users one.
In my understanding Windows should also contain information as to the
password expiry and pass this information to the active directory the
next time an authenticated user logs onto the domain through VPN. Or
is that too logical?

TIA

Chris
 
Chris.Coops said:
A number of our users are remote, and others have both a desktop
and a laptop (for use at home, don't ask!), and the only people
that don't have this problem are the office workers using an always
connected desktop.

It seems this is a known issue, but nothing with a concrete
solution, so I was hoping someone can give me their experiences.
Our password expiration policy is 60 days, with a 5 day warning.
However, remote users do not get this warning or even the final
message that their password has expired. They logon to their Windows
XP laptop, and load up our VPN client and the only error message
they get is Microsoft Outlook asking them for their password
(usually outlook connects directly to their email account).
Then I get the phone call to say they can't logon to Outlook. Most
user's have been re-educated to think back to when they last changed
their password and will figure our they have to exit outlook and
manually reset their password. But it's still a hassle that
shouldn't be!

Those with home laptops but desktops for office work, have a similar
problem. They get notified at work what their new password is, but
when they go home have to use their old password, and before
connecting to the VPN client manually change the password on the
laptop to the same one their chose at work.

Is there any way around this issue, especially the remote users one.
In my understanding Windows should also contain information as to
the password expiry and pass this information to the active
directory the next time an authenticated user logs onto the domain
through VPN. Or is that too logical?

A script that runs via a scheduled task on a server and used to email your
users when their password is about to expire (you could choose when it
starts emailing them, how often, etc.) Then they could - depending on your
setup - change their password through the OWA interface.

As for the laptop itself - do they logon local or do they use a cached
logon? If the former - set the password expiration the same on the laptop
as it is in the domain. If the latter - not really much you can do I
think - I don't believe the cached password will expire as that would
cripple the laptop (could be wrong on that. heh)
 
I found an affordable utility on the web, that will send out emails to users
when their password is x days from expiring.
It can also provide warnings at 3 different "x Days" form expiring.
regards,
Rick
(e-mail address removed)
 
Back
Top