Force password change on first login over RDP
-
Is there are Microsoft blog post, tech article or whatever place of authority that I can send to IT support people?
I need it for those that doesn't know that you can't force users to change their passwords on first login (or after password reset) when they connect over RDP only.
Users get this error:
As far as I know there is no reasonable workaround around this catch-22 problem.
Except don't force users to change password on first login... -
@Pete-S said in Force password change on first login over RDP:
Is there are Microsoft blog post, tech article or whatever place of authority that I can send to IT support people?
I need it for those that doesn't know that you can't force users to change their passwords on first login (or after password reset) when they connect over RDP only.
Users get this error:
As far as I know there is no reasonable workaround around this catch-22 problem.
Except don't force users to change password on first login...Is this after they have been given a temporary password?
Is PasswordChangeEnabled set to true on the RDWeb server?
Albeit, I'm not sure if that would prompt the user to actually change the password like it does if their password is expired.We don't have an RDS Lab up at the moment so I'm not able to test.
-
I don't know about RDWeb but it's happens for example when you reset the password in AD, give the user a temporary password and select "Users must change password at next logon".
If you connect with RDP directly to a windows OS (applies to all of them) you can never change your password and you can't login.
I believe it's because RDP need to authenticate the user before the client is allowed to connect and then change their password.
It's been like this since forever, at least Windows 7.
IT support that has remote users should know this. I just need a source from Microsoft I can point them to that explains it to people so they know what to do.
-
@Pete-S said in Force password change on first login over RDP:
I don't know about RDWeb but it's happens for example when you reset the password in AD, give the user a temporary password and select "Users must change password at next logon".
If you connect with RDP directly to a windows OS (applies to all of them) you can never change your password and you can't login.
I believe it's because RDP need to authenticate the user before the client is allowed to connect and then change their password.
It's been like this since forever, at least Windows 7.
IT support that has remote users should know this. I just need a source from Microsoft I can point them to that explains it to people so they know what to do.
I'm working on getting a test RD Farm set up. I'll follow-up once I've tested.
I think the RDWeb prompt should happen when that variable is set in AD.
-
@PhlipElder said in Force password change on first login over RDP:
@Pete-S said in Force password change on first login over RDP:
I don't know about RDWeb but it's happens for example when you reset the password in AD, give the user a temporary password and select "Users must change password at next logon".
If you connect with RDP directly to a windows OS (applies to all of them) you can never change your password and you can't login.
I believe it's because RDP need to authenticate the user before the client is allowed to connect and then change their password.
It's been like this since forever, at least Windows 7.
IT support that has remote users should know this. I just need a source from Microsoft I can point them to that explains it to people so they know what to do.
I'm working on getting a test RD Farm set up. I'll follow-up once I've tested.
I think the RDWeb prompt should happen when that variable is set in AD.
Setting in place:
Yup. Works.
-
Logged in.
-
Great, so it works if you use RDWeb.
But if you RDP directly to any Windows server or workstation it won't.
-
@Pete-S said in Force password change on first login over RDP:
Great, so it works if you use RDWeb.
But if you RDP directly to any Windows server or workstation it won't.
Nope. It won't. There's no way around that.
We also have Exchange on-premises so OWA works for that password change.
