I work from home via VPN. In the past when my domain password is close to expiring I simply connect to the VPN and do the regular change password routine and everything seems to work fine.
I recently got a new laptop for work and want to use it in addition to the existing one. I've not yet authenticated the new one to the domain because I don't know what will happen when it's time to change the password. It seems like if I change it on one computer, the second computer will still use the cached credentials since that's all it knows about. I assume if this is the case then I'll get lots of password prompting when connected to the VPN and that the only way to change the cached credentials on the second computer is to authenticate against the domain the next time I'm in the office (about once a month).
The computers are XP & Vista x64, using the Cisco VPN client & the NCP Secure Entry Client, respectively.
Am I able to change my domain password on 2 computers via the VPN?
It is possible. With the Cisco VPN client you can start the VPN before you log in with your windows credentials. This works on XP but I don't think it works on Vista with the Cisco VPN client.
This procedure should work. Log into your Vista machine. Connect with VPN. Change your password. Lock and unlock your Vista machine just to update the cached credentials.
On your XP machine, set the Cisco VPN client to startup before login. Boot your computer, launch the vpn client and connect with it, before logging into your windows account. Then you can log into your XP machine with your updated credentials because it will be able to authenticate you against a DC.
Not sure about the NCP Client but it will work with the Cisco VPN if you change your password on vista first.
Nope.
The only way your second laptop will ever know about your new PW is if you connect to the VPN.
Personally, unless you have a specific need to join your laptop to the domain, I wouldn't. If you are the domain admin then it doesn't make a ton of sense to join your laptop to the domain, especially if you are working from home most of the time.
I have no idea if this would work, but what if you logged into the second computer using the cached credentials, then VPN'ed into the office.
Then, try to connect to a protected resource, like a network share that you have access to. When the credentials on your computer don't match the domain credentials, it will prompt you for your domain username and password. Enter the new username/password.
I'm not sure if the computer would re-cache this new password or not.
SYNERGIX Object Manager for Active Directory ( ADOM ) does the trick. It is VPN client software agnostic and will notify the user of password expiration. The user is present with a simple to use form to change the password. And upon successful changing of the password, the domain credentials are synchronized with the cached credentials, making it seemless for the user to continue working.
Additionally, it will update the GPO as soon as VPN connection is established and also, run user login script which does run when logged in with cached credentials.
DD