ManageEngine, the real-time IT management company, today announced that ADSelfService Plus, its self-service password management solution, now updates Windows cached credentials. With this feature, ManageEngine now provides remote users with immediate access to their machines after they reset their passwords, solving one of the most frustrating forgotten password issues facing today’s mobile workforce.
Whenever a user logs on to an Active Directory domain, the Windows operating system securely caches the domain credentials and stores them locally in the user’s machine. This lets users especially those who are often traveling or work off-site log on to their machines when they are disconnected from the corporate network. However, problems arise when users forget their passwords, and the passwords are reset in Active Directory, either by the help desk or by the users through a self-service portal. Because remote users don’t have access to the corporate network, the new domain password and the cached credentials become out of sync. As a result, users will not be able to log on to their machines using their new passwords.
The new version of ADSelfService Plus solves this problem by automatically updating the cached credentials immediately after users reset their Active Directory passwords. It enables users to log on to their machines with their newly-reset passwords, even when they are disconnected from the corporate network. This will reduce password-related calls to the help desk and reduce the computer downtime caused by account lockouts.
“ADSelfService Plus helps users solve password issues on their own and work uninterrupted even when they are away from the office,” said Parthiban Paramsivam, director of product management at ManageEngine. “Users can reset their forgotten passwords using the Windows logon extension employed by ADSelfService Plus, and it automatically updates the cached credentials. All they need is a virtual private network client on their machines to establish a connection with the Active Directory domain.”
Password Manager for Remote Users
When the domain password is reset in Active Directory, the cached credentials in the user’s machine become obsolete. Then, the user won’t be able to log on to his machine and will get locked out. The ADSelfService Plus enhanced Windows logon extension overcomes this situation by synchronizing the locally cached password with the new password in Active Directory. As soon as an end user resets his password in Active Directory using the Windows logon extension, it establishes a secure connection to the domain controller using a VPN client, such as Fortinet, and seamlessly updates the cached password.
ADSelfService Plus uses a multi-factor authentication technique comprising security questions; SMS and email-based, one-time passwords; and Google Authenticator to verify users’ identities. Once verified, users can easily reset their passwords from the logon screen of their machines on their own. The cached credentials will also be updated immediately, allowing remote users to log on to their machines using their new passwords anytime.