Let's say that you have a typical Windows domain network at the headquarters. A rule of the network account policy is that the password changes every 90 days.
And let's say that you have a group of outside sales people who do not come into the office. Every once in a while they vpn into HQ.
If the password expires on their account, they can still login to their laptops because the laptop keeps a local copy of the access list. But then the VPN fails and email fails.
They call and we reset their account password.
The VPN works.
But then how does the laptop get updated?
Here's how:
- login on the laptop without network (using the old password).
- connect to a network for internet.
- start the VPN connection to HQ.
- lock the laptop (CTRL+ALT+DEL > LOCK).
- unlock (using the new password).
When unlocking, the computer is connected to the domain (via the VPN tunnel), It will verify the password with the domain. As a side effect this will update the password on the laptop.