I'm in the same boat as you. I just leave them on a workgroup. I believe the only way the local machine will update the login password is actually by authenticating with it while in the domain or on vpn. Since the juniper is web-based and dependent on the user login, there is no way to be connected to the vpn and allow the user to login on their machine to update the cached password.
From: Ben N [mailto:bennordlan...@gmail.com] Sent: Tuesday, January 11, 2011 10:11 AM To: NT System Admin Issues Subject: domain joined laptops that aren't on your network So we setup domain joined laptops and then ship them out to users that work primarily from home. They then use SSL VPN (juniper SA) to connect back to us, but these laptops never actually make it back to our physical network in most cases. We have these people change their password in OWA or via RDP to a server, but that doesn't reflect back to the domain joined laptop they are on until one day they actually show up at one of our offices I had thought being on VPN, that it would sync up with the domain enough that their current domain password would be required the next time they logged into their laptops, but this isn't the case. Any ideas? ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin