Changing passwords for external user?

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Here's a tricky one for you all. I have a user who was asked to change his password last week according to the password change policy of 14 days warning. Of course as users always do, he ignored it until it got down to 3 days time. Now, this guy knows that he will be on a business trip for the next 2 weeks and left for the USA this morning. He rings me from the airport and tells me that he tried to change his password this morning, and couldn't (not connected to the network).

The long and short of it is that he is away for 2 weeks and his password expires in 3 days. Is there any way that he/I can change his password without giving him the password to the local admin account?

We don't have vpn set up yet, there is no remote control setup (like VNC, Dameware utilities or Crossloop). Even if I could set up a remote assistance session I don't think I could change the password, could I?

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Nugg,

I think you may be snookered on this mate.

It might be worth asking this user to have a strong password and enable "user cannot change password" and "password does not expire"

Depending on the set-up (and what he needs to use it for), the local admin password might not be much help.

Si

 

Is he connecting via VNC?

If so, we came up with a way to change this over VNC - you reset his account on the network and, whilst he is connected in via VNC, have him lock the computer, and then unlock using the new password, this will set the laptop local password to the same as the network password.

Alternatively you could always just reset his password on the domain to the same as currently on his laptop. This will reset the password countdown. And resetting the password through AD ignores the previous password limits.

Of course, if he isnt accessing the network at all, then its not really a problem. Password expiry is usually done through the Domain GPO. Take a machine off the domain, and as far as its concerned, the password never expires.

EDIT: Oops, didnt see the VNC part.

 

In Active Directory? You can reset his password, sure. Is this character going to be trying to connect to the network via VPN while he's gone? If not, just let his password expire and when he comes back to the office, reset it. He'll have to change the password on his first login but that's standard.

 

Not a tricky problem at all! Unless he's your boss, or your boss's boss, he shoulda figured out he needed to change his password before taking a two-week trip. Life's rough when you fail to follow directions.

 

If he's logging on to his local computer with cached credentials (off the network), changing the password in AD won't do much good.

 

Is there any other local user accounts on that computer? if not, then have him login as the local admin, guide him through creating a regular user account. Then log off, having him log in with the regular user account so that it creates a profile. If he needs the files on his desktop then just login as the admin, copy the contents from the offline profile to the new user account, then have him log off and login with the new user account.

This of course is the kind of extreme but it when you have no option and you are required to come up with a scheme to get it to work.

 

Sparky - dont they have to have admin rights to change the password?

 

yay! i am learning!

 

If the guy was simply on holiday I'd let him hang and maybe he'd learn something but it's all business meetings.

I think you might be right mate. I might do this for a couple of users to stop these types of problems in the future.

I might try this.

Maybe I can get him to install crossloop as the local admin too if I have to give him the local admin password.