My remotes are told to only change password once logged into PC and connected to NC. THen do a CTL ALT DEL to change and cache.

A trick in case the PWD is out of sync is to log PC with local account and "run as" IE to cache the network user account back to PC.

Hi, my users have this issue too. Sometimes they are running network connect, other times they are logging in from home machines with no domain affiliation. They get 'invalid login' in IE, then their accounts get locked after 3 times (standard AD password policy), then they claim that the helpdesk unlocks their account, they remove all installed Juniper products like host checker, and they are able to login fine... I didnt think there were any locally cached AD passwords within users personal machines??

Natasha

You are correct there are no AD cached passwords on personal machines because personal owned computers are rarily allowed to connect to a company's AD domain. I did find the acceptable workaround however for my situation. Thanks for you input :-)

yes I discovered this last night in a document. However, I thought there might be a way to do this automatically without end user intervention through some configuration or policy setting through the juniper device itself but I guess that is not the case. Thanks for your input :-)

you mean to launch IE in run as administrator then sign in to vpn via NC and then do the password change?? Not sure I follow you. Can you explain in a little more detail please?

Thanks for confirming that nothing is cached locally. Will the 'run IE as admin' fix work if the user is not running network connect?