ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Force password change on first login over RDP

    IT Discussion
    windows rdp
    2
    8
    655
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • 1
      1337
      last edited by 1337

      Is there are Microsoft blog post, tech article or whatever place of authority that I can send to IT support people?

      I need it for those that doesn't know that you can't force users to change their passwords on first login (or after password reset) when they connect over RDP only.

      Users get this error:
      ea92d2ab-88e0-4e03-b0ed-fb4cc9b0c34c-image.png

      As far as I know there is no reasonable workaround around this catch-22 problem.
      Except don't force users to change password on first login...

      PhlipElderP 1 Reply Last reply Reply Quote 1
      • PhlipElderP
        PhlipElder @1337
        last edited by

        @Pete-S said in Force password change on first login over RDP:

        Is there are Microsoft blog post, tech article or whatever place of authority that I can send to IT support people?

        I need it for those that doesn't know that you can't force users to change their passwords on first login (or after password reset) when they connect over RDP only.

        Users get this error:
        ea92d2ab-88e0-4e03-b0ed-fb4cc9b0c34c-image.png

        As far as I know there is no reasonable workaround around this catch-22 problem.
        Except don't force users to change password on first login...

        Is this after they have been given a temporary password?

        Is PasswordChangeEnabled set to true on the RDWeb server?
        d04f168c-03ee-4e0b-a391-a9abaa45803c-image.png
        Albeit, I'm not sure if that would prompt the user to actually change the password like it does if their password is expired.

        We don't have an RDS Lab up at the moment so I'm not able to test.

        1 1 Reply Last reply Reply Quote 1
        • 1
          1337 @PhlipElder
          last edited by 1337

          @PhlipElder

          I don't know about RDWeb but it's happens for example when you reset the password in AD, give the user a temporary password and select "Users must change password at next logon".

          If you connect with RDP directly to a windows OS (applies to all of them) you can never change your password and you can't login.

          I believe it's because RDP need to authenticate the user before the client is allowed to connect and then change their password.

          It's been like this since forever, at least Windows 7.

          IT support that has remote users should know this. I just need a source from Microsoft I can point them to that explains it to people so they know what to do.

          PhlipElderP 1 Reply Last reply Reply Quote 0
          • PhlipElderP
            PhlipElder @1337
            last edited by

            @Pete-S said in Force password change on first login over RDP:

            @PhlipElder

            I don't know about RDWeb but it's happens for example when you reset the password in AD, give the user a temporary password and select "Users must change password at next logon".

            If you connect with RDP directly to a windows OS (applies to all of them) you can never change your password and you can't login.

            I believe it's because RDP need to authenticate the user before the client is allowed to connect and then change their password.

            It's been like this since forever, at least Windows 7.

            IT support that has remote users should know this. I just need a source from Microsoft I can point them to that explains it to people so they know what to do.

            I'm working on getting a test RD Farm set up. I'll follow-up once I've tested.

            I think the RDWeb prompt should happen when that variable is set in AD.

            PhlipElderP 1 Reply Last reply Reply Quote 1
            • PhlipElderP
              PhlipElder @PhlipElder
              last edited by

              @PhlipElder said in Force password change on first login over RDP:

              @Pete-S said in Force password change on first login over RDP:

              @PhlipElder

              I don't know about RDWeb but it's happens for example when you reset the password in AD, give the user a temporary password and select "Users must change password at next logon".

              If you connect with RDP directly to a windows OS (applies to all of them) you can never change your password and you can't login.

              I believe it's because RDP need to authenticate the user before the client is allowed to connect and then change their password.

              It's been like this since forever, at least Windows 7.

              IT support that has remote users should know this. I just need a source from Microsoft I can point them to that explains it to people so they know what to do.

              I'm working on getting a test RD Farm set up. I'll follow-up once I've tested.

              I think the RDWeb prompt should happen when that variable is set in AD.

              fadc8a9b-7b42-459f-82f0-7073be0666d4-image.png

              Setting in place:
              649d6896-45a7-44c9-9f3a-933e5b2243ea-image.png

              91e12377-04e4-4826-92db-8a5dae9d20b5-image.png

              9afca571-a547-4635-8db0-17c0b48b6742-image.png

              0b1a2ab8-b167-4a65-935f-a75923f1b0bd-image.png

              Yup. Works.

              PhlipElderP 1 Reply Last reply Reply Quote 1
              • PhlipElderP
                PhlipElder @PhlipElder
                last edited by

                @PhlipElder 5272edaa-f44d-4f2e-b1ef-2761ddb9c489-image.png

                Logged in.

                1 Reply Last reply Reply Quote 0
                • 1
                  1337
                  last edited by

                  Great, so it works if you use RDWeb.

                  But if you RDP directly to any Windows server or workstation it won't.

                  PhlipElderP 1 Reply Last reply Reply Quote 0
                  • PhlipElderP
                    PhlipElder @1337
                    last edited by

                    @Pete-S said in Force password change on first login over RDP:

                    Great, so it works if you use RDWeb.

                    But if you RDP directly to any Windows server or workstation it won't.

                    Nope. It won't. There's no way around that.

                    We also have Exchange on-premises so OWA works for that password change.

                    1 Reply Last reply Reply Quote 1
                    • 1 / 1
                    • First post
                      Last post