0

I administer a small network with a Windows Server (2012) and about ten Windows 10 PCs. Normally they are all in an office and are connected via LAN.

Since a few months almost all our staff works at home. They took their desktop PCs home and they connect to the server in the office with VPN (Fortigate). First the users logon to Windows with their usual username/password. Then they might connect per VPN to the server. They do this manually with the FortiClient.

Now these computers were not connected to the server on startup since months. So the normal login procedure, where the Windows PC checks the password on the domain controller did not happen on startup since months. Is that a problem?

I saw in the Windows 10 log file errors 1129 and 5719 which I am sure are related to this. In the moment I think I can ignore these errors but I am not sure. This is why I ask here.

The users will likely in a few months bring their PCs back to the office and work there again connected via LAN. But in the moment it's not clear when that will happen.

Edgar
  • 141
  • 1
  • 5
  • Know the answer would depend on the following: Do you have a password expiration policy? If so, has that time expired? You should be able to see if a user's password has expired or not by checking them in AD. While on VPN, can connected clients connect to AD? Clients won't refresh group policy while disconnected from AD is another thing that would be of note. – DubStep Aug 24 '20 at 18:10
  • VPN connected clients can and mostly do regularly connect to the AD. Some users every day. Some maybe once a month. – Edgar Aug 25 '20 at 01:25
  • I meant do they have connectivity to AD when connected to VPN. The issue you mentioned is not a problem until they have to change their password or do change their password outside of Windows. If their password is expired, once they connect to VPN, Windows should prompt them about it and tell them to lock their computer and change their password. If they change passwords on some sort of self-service portal, they'll probably be locked out before it is caught by Windows due to apps or Windows trying to do things in the background. Outlook and file shares for example are notorious for this. – DubStep Sep 02 '20 at 14:28

0 Answers0