We have a large network where 30% of our users log in through the Cisco ASA firewall (VPN). With a new GPO implemented recently forcing password changes the users who work from home are forced to change their passwords through outlook web access (OWA) or once they log in through the VPN. However the problem is trying to locally cache the passwords once authentication has been established.
I know that having the user lock their machine while logged in to the VPN and unlocking it will force the passwords to locally cache however the department heads do not believe that it is a reasonable step to require the user to remember lock their machine. Buying third party software to manage this is also out of the question.
Are there other ways to force the salt hash passwords to update? Perhaps a script that would be run once authenticated with the VPN? If that is an option how would I go about first setting up the script and then getting it to run from the firewall?
Any suggestions would be great!
Thanks,
Chris