We have a large network where 30% of our users log in through the Cisco ASA firewall (VPN). With a new GPO implemented recently forcing password changes the users who work from home are forced to change their passwords through outlook web access (OWA) or once they log in through the VPN. However the problem is trying to locally cache the passwords once authentication has been established. I know that having the user lock their machine while logged in to the VPN and unlocking it will force the passwords to locally cache however the department heads do not believe that it is a reasonable step to require the user to remember lock their machine. Buying third party software to manage this is also out of the question. Are there other ways to force the salt hash passwords to update? Perhaps a script that would be run once authenticated with the VPN? If that is an option how would I go about first setting up the script and then getting it to run from the firewall? Any suggestions would be great! Thanks, Chris

Hi Chris, Cisco client does not update Microsoft cached credential. Locking and unlocking to synchronize Local cached credentials is a workaround. If you prefer a script solution, here is a discussion which might be helpful for you: synchronizing domain user Local cached credentials with domain http://forums.techarena.in/windows-security/950161.htm Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information. If you have difficulty to customize the script, I suggest that you create a new post in the Official Scripting Guys Forum to get further support there. They are the best resource for scripting related problems. The Official Scripting Guys Forum! http://social.technet.microsoft.com/Forums/en-US/ITCG/threads Regards, Bruce