Page 1 of 1

expired user password

Posted: Wed Jan 17, 2018 9:58 am
by geefox
hello,

how is it possible for users with an expired password to change it?
If I dont enable the "ask_password" parameter, than the user's have to login twice (broker and than rds server) - but the users are able to change the password.
But with an enabled "ask_password" line, there is no password change dialog

Re: expired user password

Posted: Wed Jan 17, 2018 4:12 pm
by akatik
If NLA is disabled, WTware does not know what happened inside rdp session in windows interface. Client has no chance to know about password changing.

If NLA is enabled, password should be changed in wtware interface. Unfortunately, wtware can not do it :(

Re: expired user password

Posted: Mon Jan 22, 2018 1:28 pm
by geefox
so I did a few tests regarding this password flag

1) NLA disabled, ask_password disabled => Windows Login Screen => Windows password change message => password change functional
2) NLA disabled, ask_password set => WTware Login Screen => Windows password change message => password change not functional, password cannot be changed
3) NLA enabled, ask_password disabled => WTware Login Screen => WTware dialog with password message (deactivate NLA etc)
4) NLA enabled, ask_password enabled => WTware Login Screen => WTware dialog with password message (deactivate NLA etc)

so maybe its possible to implement a behavior which switches from the WTware Login Screen to the windows login screen after the WTware dialog in 3) or 4) appears, so it would be possible to change the password?

Or do you know any other solution for changing the password after it is expired, or a new user account is created, and the flag is set?

Re: expired user password

Posted: Mon Jan 22, 2018 6:32 pm
by aka
With NLA enabled, no way to get windows login screen. Server with NLA did not accept connection without password.

Why password change not functional in 2) ? Here is my 2016 without NLA after ask_password=on:
Untitled.png
Untitled.png (22.83 KiB) Viewed 10837 times
I press OK, and:
Untitled1.png
Untitled1.png (24.88 KiB) Viewed 10836 times
Untitled2.png
Untitled2.png (20.29 KiB) Viewed 10835 times

Re: expired user password

Posted: Tue Jan 23, 2018 11:57 am
by geefox
ok, think there is a strange behaviour - tried it on our 2016 test rds server without a broker.

after login, the user receives the message to change password -> hit ok -> and then the loginscreen in attachment2 appears - but its not possible to login

maybe its a CredSSP thing - going to try a few things

Re: expired user password

Posted: Tue Jan 23, 2018 6:58 pm
by geefox
tried to change credssp to rdp - but also with no luck.
do you have any special configuration?

Update: I only receive the dialog, if I try to login to testserver via windows 10 notebook and mstsc, than the dialog appears and I'm able to change the password.
If I try to login via wtware on raspberry, the dialog won't appear

Re: expired user password

Posted: Tue Jan 23, 2018 7:22 pm
by akatik
I have no special configuration. I installed server. Configured static IP. Installed remote desktop role. Added local user. Disabled NLA in gpedit.msc. Changed date to expire password. As few clicks as possible.