ML
    • Register
    • Login
    • Search
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups

    Force password change on first login over RDP

    IT Discussion
    windows rdp
    2
    8
    130
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Pete.S
      Pete.S last edited by Pete.S

      Is there are Microsoft blog post, tech article or whatever place of authority that I can send to IT support people?

      I need it for those that doesn't know that you can't force users to change their passwords on first login (or after password reset) when they connect over RDP only.

      Users get this error:
      ea92d2ab-88e0-4e03-b0ed-fb4cc9b0c34c-image.png

      As far as I know there is no reasonable workaround around this catch-22 problem.
      Except don't force users to change password on first login...

      PhlipElder 1 Reply Last reply Reply Quote 1
      • PhlipElder
        PhlipElder @Pete.S last edited by

        @Pete-S said in Force password change on first login over RDP:

        Is there are Microsoft blog post, tech article or whatever place of authority that I can send to IT support people?

        I need it for those that doesn't know that you can't force users to change their passwords on first login (or after password reset) when they connect over RDP only.

        Users get this error:
        ea92d2ab-88e0-4e03-b0ed-fb4cc9b0c34c-image.png

        As far as I know there is no reasonable workaround around this catch-22 problem.
        Except don't force users to change password on first login...

        Is this after they have been given a temporary password?

        Is PasswordChangeEnabled set to true on the RDWeb server?
        d04f168c-03ee-4e0b-a391-a9abaa45803c-image.png
        Albeit, I'm not sure if that would prompt the user to actually change the password like it does if their password is expired.

        We don't have an RDS Lab up at the moment so I'm not able to test.

        Pete.S 1 Reply Last reply Reply Quote 1
        • Pete.S
          Pete.S @PhlipElder last edited by Pete.S

          @PhlipElder

          I don't know about RDWeb but it's happens for example when you reset the password in AD, give the user a temporary password and select "Users must change password at next logon".

          If you connect with RDP directly to a windows OS (applies to all of them) you can never change your password and you can't login.

          I believe it's because RDP need to authenticate the user before the client is allowed to connect and then change their password.

          It's been like this since forever, at least Windows 7.

          IT support that has remote users should know this. I just need a source from Microsoft I can point them to that explains it to people so they know what to do.

          PhlipElder 1 Reply Last reply Reply Quote 0
          • PhlipElder
            PhlipElder @Pete.S last edited by

            @Pete-S said in Force password change on first login over RDP:

            @PhlipElder

            I don't know about RDWeb but it's happens for example when you reset the password in AD, give the user a temporary password and select "Users must change password at next logon".

            If you connect with RDP directly to a windows OS (applies to all of them) you can never change your password and you can't login.

            I believe it's because RDP need to authenticate the user before the client is allowed to connect and then change their password.

            It's been like this since forever, at least Windows 7.

            IT support that has remote users should know this. I just need a source from Microsoft I can point them to that explains it to people so they know what to do.

            I'm working on getting a test RD Farm set up. I'll follow-up once I've tested.

            I think the RDWeb prompt should happen when that variable is set in AD.

            PhlipElder 1 Reply Last reply Reply Quote 1
            • PhlipElder
              PhlipElder @PhlipElder last edited by

              @PhlipElder said in Force password change on first login over RDP:

              @Pete-S said in Force password change on first login over RDP:

              @PhlipElder

              I don't know about RDWeb but it's happens for example when you reset the password in AD, give the user a temporary password and select "Users must change password at next logon".

              If you connect with RDP directly to a windows OS (applies to all of them) you can never change your password and you can't login.

              I believe it's because RDP need to authenticate the user before the client is allowed to connect and then change their password.

              It's been like this since forever, at least Windows 7.

              IT support that has remote users should know this. I just need a source from Microsoft I can point them to that explains it to people so they know what to do.

              I'm working on getting a test RD Farm set up. I'll follow-up once I've tested.

              I think the RDWeb prompt should happen when that variable is set in AD.

              fadc8a9b-7b42-459f-82f0-7073be0666d4-image.png

              Setting in place:
              649d6896-45a7-44c9-9f3a-933e5b2243ea-image.png

              91e12377-04e4-4826-92db-8a5dae9d20b5-image.png

              9afca571-a547-4635-8db0-17c0b48b6742-image.png

              0b1a2ab8-b167-4a65-935f-a75923f1b0bd-image.png

              Yup. Works.

              PhlipElder 1 Reply Last reply Reply Quote 1
              • PhlipElder
                PhlipElder @PhlipElder last edited by

                @PhlipElder 5272edaa-f44d-4f2e-b1ef-2761ddb9c489-image.png

                Logged in.

                1 Reply Last reply Reply Quote 0
                • Pete.S
                  Pete.S last edited by

                  Great, so it works if you use RDWeb.

                  But if you RDP directly to any Windows server or workstation it won't.

                  PhlipElder 1 Reply Last reply Reply Quote 0
                  • PhlipElder
                    PhlipElder @Pete.S last edited by

                    @Pete-S said in Force password change on first login over RDP:

                    Great, so it works if you use RDWeb.

                    But if you RDP directly to any Windows server or workstation it won't.

                    Nope. It won't. There's no way around that.

                    We also have Exchange on-premises so OWA works for that password change.

                    1 Reply Last reply Reply Quote 1
                    • First post
                      Last post