Remote working (PDAs) AD and Passwords

Relentless81 · 24 Aug 2011 at 13:15

Wondering how people get around this?

Mobile workers with PDAs only, no other network access
PDAs connect to an Exchange account
Password expiary is every 3 months in AD

Resetting the passwords is causing a lot of issues, IE a lot of calls into the Helpdesk the users are not IT literate and are not office staff, we want to reduce the amount of calls coming in regarding password resets for mobile workers

Audit requirements mean the password cannot be generic and still has to be reset every three months which screws my idea of an OU in AD for the Mobile Workers with a specific Group Policy to allow the passwords to never expire and a secure location for a collection of the user password

Any ideas please?

J.B · 24 Aug 2011 at 13:46

So can the users actually change their password on the remote devices?

Relentless81 · 24 Aug 2011 at 14:00

Sorry no, when the current password expires they have to call in to get it reset and enter the new password to gain access to email. This is what is causing the issue but I cant see a way around it.

TNGL · 24 Aug 2011 at 14:30

Why don't you go in to AD, right click their account --> properties --> account tab --> tick password never expires box.

Relentless81 · 24 Aug 2011 at 14:31

Tingle said:
Why don't you go in to AD, right click their account --> properties --> account tab --> tick password never expires box.

Audit requirments.

TNGL · 24 Aug 2011 at 14:32

Relentless81 said:
Audit requirments.

Ah yes, I didn't take that in to consideration. Sorry.

Relentless81 · 24 Aug 2011 at 14:34

No worries, I thought the same when discussing with my manager, then went onto the custom OU idea but everytime I get shot down by audit requirments

Someone must have a solution rather than resetting on an adhoc basis though but curently it escapes me

Steve_bullockuk · 24 Aug 2011 at 15:49

This is the issue with using a mobile device with an authentication system that wasn't specifically designed to work with mobile devices!

Can't see a way round that if im honest. Surely the mobile workers come back to site from time to time? They could change their passwords manually from a PC.

TNGL · 24 Aug 2011 at 16:39

What about a .asp web page or something that they have to navigate to, to change their password before it expires?

Relentless81 · 24 Aug 2011 at 16:43

Steve_bullockuk said:
This is the issue with using a mobile device with an authentication system that wasn't specifically designed to work with mobile devices!

Can't see a way round that if im honest. Surely the mobile workers come back to site from time to time? They could change their passwords manually from a PC.

Exactly but no unfortunately not all of them visit the head office

Tingle said:
What about a .asp web page or something that they have to navigate to, to change their password before it expires?

That is potentially a good idea but dev time would be involved but I'll mention it and see if its possible

Thanks

TNGL · 24 Aug 2011 at 17:28

Relentless81 said:
That is potentially a good idea but dev time would be involved but I'll mention it and see if its possible

You can probably find a script from Google within no time, to do the job

If you do implement this, you could also go about setting up e-mail reminders, which will be sent out to the employees reminding them to change their password, and sending the reset link along with it.

Terrier_Jimlad · 24 Aug 2011 at 21:51

Put in a self service password reset system like SSRPM - best money our dept ever spent. Whilst it wont let them reset their password on the device (yet) it will let them reset it on a computer on the domain so they dont have to visit you every 30 days etc

Relentless81 · 25 Aug 2011 at 09:38

Interesting thanks for the info, I have emailed it to my colleague