Hi folks, He have a user who is using his laptop from home, normally he can login LOCALLY onto the domain from his laptop. (Because he has cached credentials locally on the laptop) His password expired today, and now he can't logon locally to the domain. I'm thinking that because our GPO which is enforced on his domain account which says that password expires in so many days, now his password has expired, the account is totally locked locally and because we cant hook him up to our network, he can't simply plug in an Ethernet cable and then be connected to our DC at the login screen so that when he tries to login, it tells him to change his password because the GPO on the DC will enforce it. I'm now thinking that the best course of action would either phone up the user and get him to set up a VPN by logging into the default administrator account then on the VPN connection get him to sign in with his domain account, therefore enforcing him to change his password. (I have unlocked his account in Active Directory and changed the password) But the problem I can see with that it still wont changed the cached credentials locally in the Registry. A Google search of finding how to solve this problem (Expired cached credentials when not connected to the Domain Controller) hasnt turned up anything of any use. (Looked at Microsoft Support, small article oh whats happening, but not how to solve it ty MS!) Obviously the simple solution would be to plug his laptop into the network here and it would all be solved Any ideas guys?