Password expiration notice for remote users

Hi,
A number of our users are remote, and others have both a desktop and a
laptop (for use at home, don't ask!), and the only people that don't
have this problem are the office workers using an always connected
desktop.

It seems this is a known issue, but nothing with a concrete solution,
so I was hoping someone can give me their experiences.
Our password expiration policy is 60 days, with a 5 day warning.
However, remote users do not get this warning or even the final
message that their password has expired. They logon to their Windows
XP laptop, and load up our VPN client and the only error message they
get is Microsoft Outlook asking them for their password (usually
outlook connects directly to their email account).
Then I get the phone call to say they can't logon to Outlook. Most
user's have been re-educated to think back to when they last changed
their password and will figure our they have to exit outlook and
manually reset their password. But it's still a hassle that shouldn't
be!

Those with home laptops but desktops for office work, have a similar
problem. They get notified at work what their new password is, but
when they go home have to use their old password, and before
connecting to the VPN client manually change the password on the
laptop to the same one their chose at work.

Is there any way around this issue, especially the remote users one.
In my understanding Windows should also contain information as to the
password expiry and pass this information to the active directory the
next time an authenticated user logs onto the domain through VPN. Or
is that too logical?

TIA

Chris

Chris.Coops wrote:
> A number of our users are remote, and others have both a desktop
> and a laptop (for use at home, don't ask!), and the only people
> that don't have this problem are the office workers using an always
> connected desktop.
>
> It seems this is a known issue, but nothing with a concrete
> solution, so I was hoping someone can give me their experiences.
> Our password expiration policy is 60 days, with a 5 day warning.
> However, remote users do not get this warning or even the final
> message that their password has expired. They logon to their Windows
> XP laptop, and load up our VPN client and the only error message
> they get is Microsoft Outlook asking them for their password
> (usually outlook connects directly to their email account).
> Then I get the phone call to say they can't logon to Outlook. Most
> user's have been re-educated to think back to when they last changed
> their password and will figure our they have to exit outlook and
> manually reset their password. But it's still a hassle that
> shouldn't be!
>
> Those with home laptops but desktops for office work, have a similar
> problem. They get notified at work what their new password is, but
> when they go home have to use their old password, and before
> connecting to the VPN client manually change the password on the
> laptop to the same one their chose at work.
>
> Is there any way around this issue, especially the remote users one.
> In my understanding Windows should also contain information as to
> the password expiry and pass this information to the active
> directory the next time an authenticated user logs onto the domain
> through VPN. Or is that too logical?

A script that runs via a scheduled task on a server and used to email your
users when their password is about to expire (you could choose when it
starts emailing them, how often, etc.) Then they could - depending on your
setup - change their password through the OWA interface.

As for the laptop itself - do they logon local or do they use a cached
logon? If the former - set the password expiration the same on the laptop
as it is in the domain. If the latter - not really much you can do I
think - I don't believe the cached password will expire as that would
cripple the laptop (could be wrong on that. heh)

--
Shenan Stanley
MS-MVP
--
How To Ask Questions The Smart Way
http://www.catb.org/~esr/faqs/smart-questions.html