1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Changing passwords for external user?

Discussion in 'Software' started by nugget, Oct 15, 2007.

  1. nugget
    Honorary Member

    nugget Junior toady

    7,796
    71
    224
    Here's a tricky one for you all. I have a user who was asked to change his password last week according to the password change policy of 14 days warning. Of course as users always do, he ignored it until it got down to 3 days time. Now, this guy knows that he will be on a business trip for the next 2 weeks and left for the USA this morning. He rings me from the airport and tells me that he tried to change his password this morning, and couldn't (not connected to the network).

    The long and short of it is that he is away for 2 weeks and his password expires in 3 days. Is there any way that he/I can change his password without giving him the password to the local admin account?

    We don't have vpn set up yet, there is no remote control setup (like VNC, Dameware utilities or Crossloop). Even if I could set up a remote assistance session I don't think I could change the password, could I?
     
    Certifications: A+ | Network+ | Security+ | MCP (270,271,272,290,620) | MCDST | MCTS:Vista
    WIP: MCSA, 70-622,680,685
  2. Boycie
    Honorary Member

    Boycie Senior Beer Tester

    6,281
    85
    174
    Nugg,

    I think you may be snookered on this mate.

    It might be worth asking this user to have a strong password and enable "user cannot change password" and "password does not expire"

    Depending on the set-up (and what he needs to use it for), the local admin password might not be much help.

    Si
     
    Certifications: MCSA 2003, MCDST, A+, N+, CTT+, MCT
  3. Fergal1982

    Fergal1982 Petabyte Poster

    4,196
    171
    211
    Is he connecting via VNC?

    If so, we came up with a way to change this over VNC - you reset his account on the network and, whilst he is connected in via VNC, have him lock the computer, and then unlock using the new password, this will set the laptop local password to the same as the network password.

    Alternatively you could always just reset his password on the domain to the same as currently on his laptop. This will reset the password countdown. And resetting the password through AD ignores the previous password limits.

    Of course, if he isnt accessing the network at all, then its not really a problem. Password expiry is usually done through the Domain GPO. Take a machine off the domain, and as far as its concerned, the password never expires.

    EDIT: Oops, didnt see the VNC part.
     
    Certifications: ITIL Foundation; MCTS: Visual Studio Team Foundation Server 2010, Administration
    WIP: None at present
  4. tripwire45
    Honorary Member

    tripwire45 Zettabyte Poster

    13,493
    179
    287
    In Active Directory? You can reset his password, sure. Is this character going to be trying to connect to the network via VPN while he's gone? If not, just let his password expire and when he comes back to the office, reset it. He'll have to change the password on his first login but that's standard.
     
    Certifications: A+ and Network+
  5. BosonMichael
    Highly Decorated Member Award

    BosonMichael Yottabyte Poster

    19,136
    462
    374
    Not a tricky problem at all! Unless he's your boss, or your boss's boss, he shoulda figured out he needed to change his password before taking a two-week trip. Life's rough when you fail to follow directions.
     
    Certifications: CISSP, MCSE+I, MCSE: Security, MCSE: Messaging, MCDST, MCDBA, MCTS, OCP, CCNP, CCDP, CCNA Security, CCNA Voice, CNE, SCSA, Security+, Linux+, Server+, Network+, A+
    WIP: Just about everything!
  6. BosonMichael
    Highly Decorated Member Award

    BosonMichael Yottabyte Poster

    19,136
    462
    374
    If he's logging on to his local computer with cached credentials (off the network), changing the password in AD won't do much good.
     
    Certifications: CISSP, MCSE+I, MCSE: Security, MCSE: Messaging, MCDST, MCDBA, MCTS, OCP, CCNP, CCDP, CCNA Security, CCNA Voice, CNE, SCSA, Security+, Linux+, Server+, Network+, A+
    WIP: Just about everything!
  7. Theprof

    Theprof Petabyte Poster Forum Leader

    4,570
    68
    196
    Is there any other local user accounts on that computer? if not, then have him login as the local admin, guide him through creating a regular user account. Then log off, having him log in with the regular user account so that it creates a profile. If he needs the files on his desktop then just login as the admin, copy the contents from the offline profile to the new user account, then have him log off and login with the new user account.

    This of course is the kind of extreme but it when you have no option and you are required to come up with a scheme to get it to work.
     
    Certifications: A+ | CCA | CCAA | Network+ | MCDST | MCSA | MCP (270, 271, 272, 290, 291) | MCTS (70-662, 70-663) | MCITP:EMA | VCA-DCV/Cloud/WM | VTSP | VCP5-DT | VCP5-DCV
    WIP: VCAP5-DCA/DCD | EMCCA
  8. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,191
    299
    319
    change the time on the laptop? Might get him a few more days.
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  9. Mr.Cheeks

    Mr.Cheeks 1st ever Gold Member! Gold Member

    5,369
    85
    190
    Sparky - dont they have to have admin rights to change the password?
     
  10. Sparky
    Highly Decorated Member Award

    Sparky Zettabyte Poster Moderator

    10,191
    299
    319
    If the user just has 'user' rights then yeah, you need admin rights to change the time on the laptop unless Group Policy is being used.
     
    Certifications: MSc MCSE MCSA:M MCSA:S MCITP:EA MCTS(x5) Security+ Network+ A+
    WIP: Exchange 2007\2010
  11. Mr.Cheeks

    Mr.Cheeks 1st ever Gold Member! Gold Member

    5,369
    85
    190
    yay! i am learning!
     
  12. nugget
    Honorary Member

    nugget Junior toady

    7,796
    71
    224
    If the guy was simply on holiday I'd let him hang and maybe he'd learn something but it's all business meetings.:dry



    I think you might be right mate. I might do this for a couple of users to stop these types of problems in the future.


    I might try this.

    Maybe I can get him to install crossloop as the local admin too if I have to give him the local admin password.
     
    Certifications: A+ | Network+ | Security+ | MCP (270,271,272,290,620) | MCDST | MCTS:Vista
    WIP: MCSA, 70-622,680,685

Share This Page

Loading...