When I've had this issue with remote XP clients I reset their domain credentials to something temporary and then have them logon to Windows XP using a "dial up connection." The built-in Windows XP VPN client can use that to authenticate on logon.
Once the client is logged in, have them reset their password to something new/confidential. Gil On Tue, Mar 27, 2012 at 4:32 PM, Ryan Frantz <[email protected]> wrote: > I have the dubious task of managing 100+ telecommuting employees' company > laptops (Windows XP). Generally, it's not very difficult to do so. One > process in particular though, always forces me to reevaluate how we manage > those systems: Windows domain password resets. > > We use full disk encryption (FDE) for our laptops that forces the user to > log in at boot. The software has hooks into the Windows GINA so that it can > create, effectively, a single sign-on experience. When users are required > to reset their Windows domain passwords, the FDE software syncs with the > reset and all is well. > > Unfortunately, we've had a few scenarios where users reset their Windows > domain password and forgot what it was the next day, so they call the > Support Desk for assistance. We can remotely unlock/reset the FDE password, > but FDE decouples from the Windows GINA, forcing the user to log in to > Windows at least once (where before, the FDE handled this). However, the > user can't remember Windows password. And if they can't log in, they can't > connect securely via VPN so that we can assist remotely. Very > chicken-before-the-egg. > > We've thought up some potentially valid solutions to this including creating > a restricted access "recovery" domain account that is included in the laptop > image (as a user profile) for this type of purpose but I have this nagging > feeling there may be a better way. > > If you've experienced a similar scenario and were able to implement a > manageable solution, please share. > > > > Ryan Frantz > Technical Services Director > InforMed, LLC > 410-972-2025 x2131 > [email protected] > > _______________________________________________ > Discuss mailing list > [email protected] > https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss > This list provided by the League of Professional System Administrators > http://lopsa.org/ > _______________________________________________ Discuss mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
