expired user password

Post a reply

Smilies
:D :) :( :o :shock: :? 8) :lol: :x :P :oops: :cry: :evil: :twisted: :roll: :wink: :!: :?: :idea: :arrow: :| :mrgreen:

BBCode is OFF
Smilies are ON

Topic review
   

Expand view Topic review: expired user password

Re: expired user password

by akatik » Tue Jan 23, 2018 7:22 pm

I have no special configuration. I installed server. Configured static IP. Installed remote desktop role. Added local user. Disabled NLA in gpedit.msc. Changed date to expire password. As few clicks as possible.

Re: expired user password

by geefox » Tue Jan 23, 2018 6:58 pm

tried to change credssp to rdp - but also with no luck.
do you have any special configuration?

Update: I only receive the dialog, if I try to login to testserver via windows 10 notebook and mstsc, than the dialog appears and I'm able to change the password.
If I try to login via wtware on raspberry, the dialog won't appear

Re: expired user password

by geefox » Tue Jan 23, 2018 11:57 am

ok, think there is a strange behaviour - tried it on our 2016 test rds server without a broker.

after login, the user receives the message to change password -> hit ok -> and then the loginscreen in attachment2 appears - but its not possible to login

maybe its a CredSSP thing - going to try a few things
Attachments
1.JPG
1.JPG (157.75 KiB) Viewed 10819 times
2.JPG
2.JPG (77 KiB) Viewed 10819 times
3.JPG
3.JPG (84.07 KiB) Viewed 10819 times

Re: expired user password

by aka » Mon Jan 22, 2018 6:32 pm

With NLA enabled, no way to get windows login screen. Server with NLA did not accept connection without password.

Why password change not functional in 2) ? Here is my 2016 without NLA after ask_password=on:
Untitled.png
Untitled.png (22.83 KiB) Viewed 10829 times
I press OK, and:
Untitled1.png
Untitled1.png (24.88 KiB) Viewed 10828 times
Untitled2.png
Untitled2.png (20.29 KiB) Viewed 10827 times

Re: expired user password

by geefox » Mon Jan 22, 2018 1:28 pm

so I did a few tests regarding this password flag

1) NLA disabled, ask_password disabled => Windows Login Screen => Windows password change message => password change functional
2) NLA disabled, ask_password set => WTware Login Screen => Windows password change message => password change not functional, password cannot be changed
3) NLA enabled, ask_password disabled => WTware Login Screen => WTware dialog with password message (deactivate NLA etc)
4) NLA enabled, ask_password enabled => WTware Login Screen => WTware dialog with password message (deactivate NLA etc)

so maybe its possible to implement a behavior which switches from the WTware Login Screen to the windows login screen after the WTware dialog in 3) or 4) appears, so it would be possible to change the password?

Or do you know any other solution for changing the password after it is expired, or a new user account is created, and the flag is set?

Re: expired user password

by akatik » Wed Jan 17, 2018 4:12 pm

If NLA is disabled, WTware does not know what happened inside rdp session in windows interface. Client has no chance to know about password changing.

If NLA is enabled, password should be changed in wtware interface. Unfortunately, wtware can not do it :(

expired user password

by geefox » Wed Jan 17, 2018 9:58 am

hello,

how is it possible for users with an expired password to change it?
If I dont enable the "ask_password" parameter, than the user's have to login twice (broker and than rds server) - but the users are able to change the password.
But with an enabled "ask_password" line, there is no password change dialog

Top