I've been approached by our Desktop team with a question regarding Windows and VPN Client login. Essentially they want to know if Windows/VPN Client can be configured so if a tick box is ticked on the Windows login screen, it will automatically start the VPN Client in the background, pass the credentials and then continue with the Windows login.
This is to allow users who have forgotten their Windows password to have it reset by the Service Desk and then log in to Windows remotely with the new password.
I know there is the 'Enable start before login' option but we don't want to enable that as it means the VPN Client starting at login every time. We also want to make the process more seamless with just the requirement for a box to be ticked in the Windows login screen.
If anyone's done anything like this please let me know! Thanks!
If HQ have a domain controller that the Windows XP can join, you can do this.
1. Login to Windows XP using local administrator account.
2. Initiate Cisco VPN Client.
- select "Options"'
- select "Windows Logon Properties"
- select "Enable start before logon"
- select "Ok"
3. Reboot Windows XP
4. When Windows XP start, a Cisco VPN Client prompt appears to establish VPN connection
5. Login to Windows XP with a user's domain credentials. This will create a new domain account/profile will be created for the user if VPN is established.
Thanks for the reply. The issue we have is these users are based all over the place such as Thailand and Malaysia (we're in London). We don't want to provide the admin password to end users as that opens up a whole can of worms!
How do we initiate the Cisco VPN Client though? The user is no where near one of our offices, all they have is a local Internet connection and they've forgotten their password to log in...
This cannot be done if the user currently cannot login to Windows XP. This feature is a preemptive measure.
EDIT: If you are deploying all PC/Laptops with standard configuration/setup, you can put a ghost or clonezilla copy in your FTP server and ask the remote user to download it using another PC/Laptop (where they can stil login). You can even send them the CD by courier. The Ghost/Clonezilla copy of course is a clone of a working PC/Laptop (bare OS). But of course this will wipe out the entire disk if its not partitioned.
I was hoping someone had come up with a way of getting around this problem. For example there is a tick box to dial-up a connection at the Windows login stage. The AT&T Global Network Client also adds an extra option to the Windows login screen for it to run. I was hoping something could be done to achieve the same with the Cisco VPN Client.
Yes it can be done. However, you have not customize it before your users forgot their paswords. You have to put that feature before anything else break.
I do appreciate in this instance it is too late to do anything about a user with a forgotten password. However, going forward I would like to implement a solution which means we can avoid it happening again in the future. That's where the forum comes in...
Well, you can always try the Ghost/Clonezilla as a backup in case something more worst happens in the future. Make sure you have minimum two partitions and enforce a policy for the user not to use system drive (Drive C), so when you use Ghost/Clonezilla to recover system drive, their data is still intact in a second drive.
However, Ghost/Clonezilla image storage can be a challenge if your company have multiple brands/models of PC/Laptop :)