So what i want to achieve is the ability to change my password when it expires. I want to do this via an RDP session to a server, so that it prompts me to change, and i can carry on with my day. I know that NLA restricts this and that it is by design. Fair enough. I have read that disabling NLA (which i know isn't recommended) removes this restriction and should enable me to change password via an RDP session.
So...
I have an environment with multiple domains that i need to apply this 'fix' to. In the first domain i disable NLA via group policy it works. Great! I can RDP to the server and then it asks me to update my password. I am disabling this on the Default Domain Policy in all domains.
My domain controllers are all Windows 2012 R2 and patched to the same level. When i disable the same option in group policy on a different domain, it doesn't work!? I still get the same problem where i am told i cant RDP to the server until i update my password..
Any idea what could be causing this? Could there be another policy over riding NLA being disabled? Is there anywhere in the event log on the domain controllers that may shed some more light on this?
Thanks in advance!