We are getting ready to deploy a new Juniper SSL VPN Gateway solution using the Network Connect client for 19,000 users. Our current VPN client solution uses GINA. Juniper has stated that we should not use Network Connect's GINA if we are using Host Checker. Our issue is supporting end users who forget their passwords on their laptops.
Today our Helpdesk will reset the end user's password and the end user will be able log into the corporate network using the GINA client first and then be able to login into the Windows domain using the new password. Now that we are no longer using GINA with the Juniper Network Connect client and end users forget their Windows domain password, it will be impossible for the Helpdesk help the end user to log into his/her PC. In addition, our security group will not allow us to create a local username and password on the end user PCs for the Helpdesk to use in order to help the end user access his/her PC locally; thus prevents the ability to bring up the Network Connect client and run the "Logoff on Connect" option which would allow the end user to use his/her new Windows domain password.
I was wondering if anyone had this same problem. If so, what did you do to resolve this issue?
I would hate to go back using Network Connect's GINA client due the some of the operational problems we have had with the GINA client. Thank you for your time.
this is a very good question but i think this was the main reason behind GINA in the first place. If you are using your cached account and have lost the password than until your computer makes a connection to the corporate network and windows gets the new password you are stuck using the old password and if there is no local account for helpdesk than till the user connects the computer to the corporate lan they will be fresh out of luck.
I am pretty sure GINA will be the only way to go but would love to hear any way around this situation.
We've been dealing with this forever. See the attached document. There is a section dedicated for users who forget their password and you dont need the GINA.
You can login with any local account, it doesnt have to be an admin acccount. That is just what our help-desk would instruct the user to do. All you need is a local account that login and launch NetConnect.
that is what the this user was saying he could not do either
"In addition, our security group will not allow us to create a local username and password on the end user PCs for the Helpdesk to use in order to help the end user access his/her PC locally"