We have a few users who must use laptops not joined to our domain to access wireless and file shares. They need the ability to copy files back and forth locally, so terminal services remote desktop services is not a solution.
They have been mapping drives manually and configuring wireless authentication manually. This works until their password expires. They simply cannot remember to change their password especially since they don't receive password expiration warnings on non-domain computers.
Even if they did change the password (set recurring calendar reminder or received some kind of e-mail notification) they would change the password through OWA or some other method and then forget to update the stored passwords on their mapped drives and wireless and then their user account gets locked out at every password change.
They want to have a non-expiring password because it's all too confusing for them.
What are the options that will work from a non-domain laptop? I think wireless 802.1x Radius authentication could be changed to use certificates rather than the user's login credentials, but what about access to network shares? Is there some way to access network shares in a way that does not lock their account out at every password change and is super-user friendly and is more secure than giving them a non-expiring password?