I think there’s a bunch of extra use-cases that needed to be catered for (server-side password resets etc.) I know my team looked at this at previous large scale EFS roll outs (I worked on one for 80K users), though all the details are a bit hazy now. I need to go re-read the designs and UAT docs.
If you change your password after you have connected your VPN (i.e. your password hasn’t expired yet) –or- you have domain connectivity already (pre-user auth VPN), or there’s a server-side password reset (e.g. via OWA or 3rd party portal) after you’ve connected the VPN (and you’re asked to lock/unlock your computer), then everything’s OK. Cheers Ken From: [email protected] [mailto:[email protected]] On Behalf Of David Connors Sent: Tuesday, 7 May 2013 10:30 AM To: ozDotNet Subject: Re: Windows forgetting app passwords On Tue, May 7, 2013 at 10:26 AM, Ken Schaefer <[email protected]<mailto:[email protected]>> wrote: Similar issues exist around EFS (since it uses DPAPI as well) IIRC One way to get around it is to use machine based (or at least pre-user auth) VPN technology. Don’t think Microsoft offers this much (except maybe Direct Access), but the 3rd party VPN suppliers do. Then your machine has connectivity to your DCs before you do a password change. Crazy isn't it? I have been ignoring the issue for a year but was finally confronted by Google Drive. When it can't access its oauth secrets it juts chucks its toys out of the pram and asks you to disconnect and reconnect your account (English translation: Delete everything from your PC and download all of your files again). Moving my family stuff to the cloud as been ... quite an experience. Internode are making good money out of me with data blocks. David.
