We have a small group of users who are not capable of realizing that their VPN password is cached in Windows, so when they have to update their AD password, the old cached password has to be cleared. We originally wanted to completely disable the password cache feature, but that created a whirlwind of complaints.
Has anyone come up with a script to clear these saved credentials out? I want to make a desktop icon called “Fix VPN” that wipes out the credentials and gets them back to work.
Please help! small really means like 150 ppl lmao
EDIT: We are using the default Windows 10 VPN client. We are superficially using a Meraki firewall with L2TP / IPSEC settings.
Why are you letting users dictate your IT policy? Not only is it dangerous, but it’s lazy and can create more work on the backend with locked accounts. “… Created a whirlwind of complaints.” You set policy and that is how it is.
Because both of those approaches are wrong. Most of the IT staff does NOT set policy (they should be able and willing to propose it, however, and willing to bend when it’s declined from above). Upper management for a given subset does. They’re the ones that have to field that boil-up of displeasure, and as such, MUST be on the same page and in agreement with whatever policy is put in place, because they will come back down hard when they get called out on policies that some underling thought was all well and good to unilaterally impose, while ignoring the impact to the end user’s mood, morale, and productivity.
Edit: And I say “for a subset” because, in a larger org, that may well be way below a C-level, but a regional branch layer even needs to, at least internally, be consistent on these things.
I do agree, I didn’t mean to sound that way, I just meant that letting users set the rules is like saying passwords are too hard to remember so let’s have blank passwords. Just like you can’t have a sick person dictate their therapy, they often don’t know what’s best for themselves. And I realize IT doesn’t MAKE the policy (usually) but as the SME’s we have a unique position to guide and direct both from experience, best practice, and for future proofing.
As long as we understand that we’re also stuck doing the gorram job of a salesman and making that pitch up, rather than down (or laterally, while taking the viewpoint that it’s down).