Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 29 subscribers
  • Views 813 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG Windows Ad/Domain password expired

Simplified Sam

Hello,

what option does a User who is completly working from remote, to change his AD/Windows Password?
(the credentials should be write back to the machine, so all Apps like outlook and next login has the new password.)

Or do Admins now days set the password to not expire, since it's safe?

The only option i could think of is open firewall ports from vpn to the domain controller, but that sounds dangerous to me.



This thread was automatically locked due to age.
Parents
  • 0

    Are they using remote desktop, or just file and app access. Is the desktop itself authenticating against AD? 

    If the Desktop's sign in is against active directory, or they are using remote desktop, you can have them CTRL ALT DEL/CTRL ALT END (If remote desktop) and change the password from there. 

    This is what we do at our company, and personnel have reminders in their phone to change their password every _ days.

  • 0 in reply to Nathan McKay

    We got both, we have users who just connect to get their mails.

    But also users, who connect and use RDP, usally these users does not have domain joined pc at home.
    Our technicans are always outside our country, and we have policy which let their password expire.

    Currently there are no firewall ports open, and yes i know you can do that trick over rdp, but the machine will not get the credentials back. (And sometimes after expiration you can log into vpn.)

Reply
  • 0 in reply to Nathan McKay

    We got both, we have users who just connect to get their mails.

    But also users, who connect and use RDP, usally these users does not have domain joined pc at home.
    Our technicans are always outside our country, and we have policy which let their password expire.

    Currently there are no firewall ports open, and yes i know you can do that trick over rdp, but the machine will not get the credentials back. (And sometimes after expiration you can log into vpn.)

Children
  • 0 in reply to Simplified Sam

    We also have script running in background which reminds the people to change their password (14 days before, evry day once), but you know the people they ignore it :) And then they are blocked out if the password expires, cant log in anymore and stuff like that. As Administrator this is something should be automated at least.

Unfiltered HTML