Update Windows Cached Credentials using ADSelfService Plus

Research shows that up to 30 percent of all calls to the help desk are password related. While help desk technicians handle most password reset or password change calls, they're powerless when the request comes from remote users. These users are unable to access their machines because:

1. They have forgotten their Windows 10 or 7 cached passwords. Remote users mostly use locally cached Active Directory credentials to log on to their machines. So even if the help desk team updates the remote user's password, they won't be able to access their machine, as the Active Directory cached credentials are still not updated.
2. Their cached credentials have expired. Some users connect to their corporate network via a virtual private network (VPN) or use remote connections (RDP), and thereby are not prompted to change their soon-to-expire Active Directory passwords from their Windows taskbar.

With users becoming increasingly mobile, forgotten and expired passwords could cause major business interruptions. When users are away from the office, they should be able to reset passwords and change cached credentials in their machines on their own.

ADSelfService Plus, a web-based self-service password management solution, allows users to securely reset their passwords in Active Directory, automatically update the cached domain credentials on their machines from their login screens, and more.

What are Active Directory cached credentials?

• When users log on to an Active Directory domain, a form of the logon information is cached locally on their machines (example: Windows 10 or Windows 7 laptops). This cached credential makes it easy for users to log on to their Windows machines when they have no way of reaching the domain controller for authentication.
• However, when a user forgets the password and it is reset in Active Directory by the IT help desk, the cached domain credentials in the users' machines are rendered inaccurate. This means the user will not be able to access their machine; even the help desk technician cannot assist them, because resetting the password in Active Directory will not update the cached credentials, as help desk technicians cannot change passwords remotely.

How remote users can update Windows cached credentials

ADSelfService Plus comes bundled with a GINA/CP client, which places the Reset Password/Account Unlock link right on the Windows logon screen once installed. By clicking this link, users can reset their domain passwords. After a successful remote password reset, the cached password is automatically updated in the user's machine.

How ADSelfService Plus updates Active Directory cached credentials?

1. When remote users forget their Windows passwords, they can use ADSelfService Plus’ GINA/CP client to reset their password right from the logon screen of their machines. For more information on the GINA/CP client, click here.
2. ADSelfService Plus resets the password in Active Directory and notifies the GINA/CP client that the reset operation is successful.
3. The GINA/CP client establishes a secure connection with Active Directory through a VPN client, such as Fortinet and Cisco AnyConnect, and initiates a request for updating the local cached credentials.
4. After the request is approved by Active Directory, ADSelfService Plus ensures force cached credentials update in the users' machines. Click here for a step-by-step guide on how to enable cached password update and configure VPN settings.

Benefits