Hello SpiceHeads,
This should be an incredible simple answer, but my Google-foo and Spiceworks research is failing me.
I have 40 users strong, all of which use laptops (Windows 7). They dock when they are in the office during the day, and many of them take their laptops home at night. I also have three remote users that use cached credentials on their domain-joined laptops, and connect to the VPN only when they need access to internal resources (file access mainly).
We just implemented a 90 day password policy, which is in effect on the domain controller now. Almost all users were set to never have their password expire, so I'm doing a gradual roll-out of changing accounts to where their passwords are expired.
My question is - what exactly will happen to my remote users when I toggle the 'never expire' option on their account? They should expire immediately due to age - but will they fail to log into their laptops? I figure my best bet is to have them change their password first, then turn off the 'never expire' flag on their account - but I'm not sure what steps will need to be taken in 90 days for them.
I'm pretty sure I'm not the only one with remote laptop users (and whose laptops are joined to the domain) - what do you guys do?
Is there a scenario of their password expiring, and during the password change process, they are unable to cause they aren't connected to the domain?
Any guidance is greatly appreciated! Thanks!