For once, I'm not sure where to post. I'll just go for this one. 2003 Domain using Cisco VPN. We have remote users who connect to our network (authenticating with Domian User account credentials) ONLY through VPN. They have no physical access to the internal network. How can my remote users change their Domain Account passwords? I have checked "User is required to change..." but at that point, even logging into the VPN fails. Help???? Life is more painless for those who are brainless.

I'm sure cisco has the answer. The issue is that you have allowed cisco vpn to access ad to use as authentication (guessing from question). Can you issue either ca or home made ca's or other cisco based credentials to authenticate the vpn instead of using ad? I read it wrong and answer it wrong too. So get off my case you goober.

Forgive my naivety... Is ca Cisco Authentication? Life's more painless for the brainless.

Certificate, you can make one and send it via floppy and have them import it. (If you purchased some then could use it too) It will not show good as it was not issued and can't be traced back to original but is just as secure. Change the ca's once in a while. If they have imported the ca then each remote computer could act as a tool to breach the vpn. The actual logon would still be through AD. I read it wrong and answer it wrong too. So get off my case you goober.

Not familiar with Cisco VPN but does it provide an option to "log off on connect" allowing them to actually be connected to the domain after it logs off and when logging back onto windows they can change the password. Bryan

jefro, I'm not real familiar with this. In the configuration settings for the connection the Group Authentication is selected. From your suggestion, I take it that would have to be changed? Can you email me with more specifics/details or step-by-step instructions on how to do this? I'd love to be able to impress my boss!!! Life's more painless for the brainless.