Password issues faced by remote domain users
With work-from-home becoming prevalent due to COVID-19, password-related issues will continue to be one of the major concerns facing the IT help desk as forgotten and expired passwords impact productivity and business continuity.
There are a couple of challenges that IT admins have to address.
- Remote users who forget their passwords will call the help desk. Since the user is not connected to the domain network, performing a password reset in Active Directory will not be of any use as it won’t affect the cached credentials of the machine used by the remote user.
- When remote users change their passwords, the change will not be updated in Active Directory; the password will be changed only locally. When they use this new password to access network resources, they will be locked out of the domain.
How ADSelfService Plus helps reset passwords for WFH and remote users
ADSelfService Plus supports self-service password reset for WFH and remote users by enabling users to reset Windows password from their own machines and updating the cached credentials through a VPN client. Here’s how it works:
- ADSelfService Plus comes bundled with a login agent for Windows. Installing it in on the users’ machines will enable a Reset Password/Unlock Account link in the login screen.
- Users can use it to reset their password after determining their identity through a series of authentication methods including biometrics, SMS-based OTP, YubiKey, and soft token authenticator apps.
- ADSelfService Plus resets the users’ passwords in AD and also updates the local cached credentials in the users’ machines.
- Users can then use their new password to log in to their machine, as well as any application that uses AD credentials such as VPN, OWA, and SharePoint.
All you need to do is install ADSelfService Plus, configure remote password reset through VPN, and deploy its password reset login agent to the users’ machines. Now, when users working from home forget their passwords or their passwords expire, they can simply reset their passwords from the login screen of their machines.
Don’t let password expiration interrupt your remote workforce
Password expiration is another major reason why remote users are unable to access network resources or get locked out of their accounts. ADSelfService Plus supports sending password expiration notifications to remote users through email, SMS, and push notifications. The notification is completely customizable, supports attachment, can be sent every day, or on particular days, and even be emailed to users’ managers to make sure the users reset their passwords before expiration.
Remote desktop two-factor authentication (2FA)
Another challenge with a remote workforce is to ensure security during remote desktop activities. ADSelfService Plus supports 2FA for local and remote desktop Windows logons. Admins can force 2FA for all users or only to remote desktop users by configuring organizational units (OUs) and group-based policies in ADSelfService Plus. They can also choose from 15 different authentication methods, including biometrics, YubiKey, Google Authenticator, SMS and email-based OTP, and push notification authentication.
The ADSelfService Plus advantage
Provides more value: ADSelfService Plus packs in single sign-on (SSO), multi-factor authentication (MFA) for non-Windows endpoints and cloud applications, password synchronization, password policy enforcer, and directory self-update, in addition to password reset and password expiration notification.
Reduces costs and improves productivity: Whether users are working from home or traveling, ADSelfService Plus enables them to handle password issues on their own.
Improves security posture: With MFA and password policy enforcer, ADSelfService Plus helps improve password security, and adds another layer of authentication to secure user accounts.
Deploying ADSelfService Plus for remote users
To make ADSelfService Plus available over the internet for remote users, refer to this guide. It contains step-by-step instructions, including how to set up a reverse proxy for improved security.