Using "runas /user:<cached id> something" after establishing a VPN session should do the trick.
Guy ________________________________ From: [EMAIL PROTECTED] On Behalf Of Ken Cornetet Sent: Wednesday, November 22, 2006 9:56 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] Updating cached credentials Thanks Al. We typically change passwords via a web app (Psynch) rather than at the workstation. One of our desktop techs thought that changing your password via the three-finger salute would cause the credentials to be updated, but in this case it didn't seem to work. We'll try the workstation lock and see if that works. ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick Sent: Wednesday, November 22, 2006 12:31 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] Updating cached credentials As I understand it, The nortel vpn client is a shim that works at layer 3 and does not take effect until after the user session has begun. This prevents much of the normal node processing you'd like to see happen such as control of the windows firewall, caching of group membership and so on. Since most companies require a password change on a regular basis for user accounts, I'm kind of surprised that you see this behavior. The way to change the user credentials on a nortel client is to have the user use the three finger salute (ctrl+alt+del sequence) to lock the workstation after the vpn is established. When the user logs back on this *is expected* to re-cash the credentials. This should be a familiar sequence of events for the users every password change. Has this not addressed the problem for you to date? On 11/22/06, Ken Cornetet <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > wrote: Is there a way to force updating of cached credentials on an XP workstation? We have several users that seldom (if ever) connect to the corporate network directly. Instead, they log in (XP sp2) using cached credentials and connect via a Nortel VPN. We have several group policies that are filtered by group membership. The problem is that the group membership seems to be cached on the workstation, and is never updated to reflect the new membership, and group policy is never applied. Is there any mechanism for forcing this update? List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
