I
Invisible
This one should be fairly simple...
Let me try to explain this in few words. I'm setting up a laptop for a
guy working from home. He's going to use a VPN to connect in to part of
our network and access some terminal servers.
Long story short: At the moment of login, no DCs are reachable. (He
hasn't even dialled the Internet yet, never mind authenticated into the
VPN!)
That's fine - the laptop will use the cached password for the domain
account. But... what happens when the user needs to CHANGE the password?
Of course, if you're on a terminal server, it's quite easy to change
your password. And then our DC will use the new password. But how the
hell will the laptop know about this? (This is compounded by the fact
that our DC isn't actually accessible over the VPN. Apparently that
would require additional hardware or something...)
I could just make the password never expire - but I'd really prefer not
to if there's a way.
Any suggestions?
Let me try to explain this in few words. I'm setting up a laptop for a
guy working from home. He's going to use a VPN to connect in to part of
our network and access some terminal servers.
Long story short: At the moment of login, no DCs are reachable. (He
hasn't even dialled the Internet yet, never mind authenticated into the
VPN!)
That's fine - the laptop will use the cached password for the domain
account. But... what happens when the user needs to CHANGE the password?
Of course, if you're on a terminal server, it's quite easy to change
your password. And then our DC will use the new password. But how the
hell will the laptop know about this? (This is compounded by the fact
that our DC isn't actually accessible over the VPN. Apparently that
would require additional hardware or something...)
I could just make the password never expire - but I'd really prefer not
to if there's a way.
Any suggestions?