This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos XG Windows Ad/Domain password expired

Hello,

what option does a User who is completly working from remote, to change his AD/Windows Password?
(the credentials should be write back to the machine, so all Apps like outlook and next login has the new password.)

Or do Admins now days set the password to not expire, since it's safe?

The only option i could think of is open firewall ports from vpn to the domain controller, but that sounds dangerous to me.

This thread was automatically locked due to age.

Top Replies

Nathan McKay over 2 years ago +1

Are they using remote desktop, or just file and app access. Is the desktop itself authenticating against AD? If the Desktop's sign in is against active directory, or they are using remote desktop, you…

Parents

0 LuCar Toni over 2 years ago

I would challenge this concept by looking into modern technologies.

Microsoft addressed this question by using Azure AD with the Microsoft Client. No need to interact with a on prem AD (which makes the entire conversation obsolete).

Then you can top this design with other technologies like intunes or other software deployments.

In the end could you replace VPN by approaches like ZTNA, which goes integrated in such technologies above. The end state will be: Users can work from home like they work in the company - Zero changes and zero VPN.

__________________________________________________________________________________________________________________
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 LuCar Toni over 2 years ago

I would challenge this concept by looking into modern technologies.

Microsoft addressed this question by using Azure AD with the Microsoft Client. No need to interact with a on prem AD (which makes the entire conversation obsolete).

Then you can top this design with other technologies like intunes or other software deployments.

In the end could you replace VPN by approaches like ZTNA, which goes integrated in such technologies above. The end state will be: Users can work from home like they work in the company - Zero changes and zero VPN.

__________________________________________________________________________________________________________________
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 Simplified Sam over 2 years ago in reply to LuCar Toni

We are small company, which are sadly on premise, so hybrid option are a no go.
(The users have notebooks which are domain joined, not sure how you could do this with complete sepearte domain.)

Could you explain how ztna works? If i understand correctly you got client on each pc, which connects to sophos cloud, and sophos cloud is connect with our servers over server-client? And the benefit of ztna is, that i have the connection only for the application and not for the entire vpn network?

(And the current internet provider is not fast enough or reliable for us right now.)
Cancel
Vote Up 0 Vote Down

Cancel