Problem:

A remote user had forgotten their password, so they phoned our Service Desk to get it reset. The user did not have a direct connection to the domain so their cached credentials were still holding the forgoten password preventing the user logging on.

The below is what I did to resolve the issue, it relied upon having a local account or someone elees pre cached credentials the user could log on with.

Solution:

  • As part of my laptop builds I create a local standard user which comes in usful in situtauions like this, I gave the user the details for this recovery user and got them to log on.
  • I got them to VPN in using their Cisco Anyconnect Client
  • I could now remotly connect to the laptops
  • Under Contol Panel => System => Remote settings I enabled Remote Desktop and added the user to the list of user that con connect.

RDP cached credentials

  • On my computer a ran MSTSC and connected to the computer.
  • When prompted I entered the users new credentials.

RDP cached credentials

  • Windows clients only allow a single user to be logged on at a time, I received a couple of prompts informing me my local recovery user was going to be logged out.
  • Once my RDP seesion had remotely logged in (updating the cached credentials with the new password) I logged out
  • I then asked the user to logon with their new credentials and all was fine
  • Finally I remotely connected to the computer and disabled remote dekstop.