Free EditionRemote users often struggle to reset expiring passwords and update their machine's outdated credential cache because they lack a connection to Active Directory. And in instances when they lose machine access due to an expired password, they are unable to reach out to the help desk for assistance and experience decreased productivity.
ADSelfService Plus, an identity security solution with adaptive MFA, SSO, and password management capabilities, enables users to securely reset their Active Directory passwords even when they have no connection to Active Directory. It automatically updates the cached domain credentials on their Windows machines remotely using a VPN client. Cached credentials can also be updated without a VPN when an organization does not have VPN infrastructure or uses a VPN vendor not supported by ADSelfService Plus.
When a user logs in to an Active Directory domain for the first time, the login credentials are cached locally on their machine. These cached credentials are updated each time the machine is connected to Active Directory, i.e., to the corporate network, during login. When a remote user who is not connected to the corporate network logs in to their machine, their login information is verified locally against the cached credentials stored on their machine. If the verification succeeds, they can access the machine. In short, cached credentials allow users to log in to their machines even when they have no way of reaching the Active Directory domain controller for authentication.
A significant issue faced by remote users is a mismatch caused by outdated cached credentials that blocks them from accessing their machine. Mismatches in cached credentials are likely to occur when users utilize more than one device for work. Let us consider an employee working in the hybrid model using two different devices—a desktop device at the office and a laptop at home. Say the employee recently changed their Active Directory password while working from the office on their domain-connected desktop device. Their laptop's cached credentials would still contain the old password since the device does not have a connection to the corporate network for an update. Forgetting this, the employee may try to log in with their new password on their laptop while working remotely, and they may get locked out after multiple attempts.
Alternatively, let us assume that after a couple of attempts, the employee realizes that their laptop still has the old password cached and continues to use it during login. However, in an unlikely circumstance, if the employee happens to bring their laptop to the office, it gets connected to the corporate network, and the cached credentials get updated without their knowledge. The employee now might habitually enter their old password during login and get locked out after multiple attempts.
After every password reset or change, ADSelfService Plus provides a cached credentials update for remote users either using a VPN client or without using a VPN client. It comes bundled with a GINA/Credential Provider client, also known as the Windows login agent, that allows remote users to perform a secure self-service password reset right from their login screens and forcefully updates their Windows machine's cached credentials afterwards.
Here's how ADSelfService Plus' cached credentials update via VPN works for remote Windows users.
Here's how ADSelfService Plus' cached credentials update works for remote Windows users without using a VPN.
Windows server versions: Windows Server 2022, Windows Server 2019, Windows Server 2016, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2, and Windows Server 2008
Windows client versions: Windows 11, Windows 10, Windows 8.1, Windows 8, Windows 7, and Windows Vista
Empower remote users with self-service password reset and cached credentials update features, and limit password-related help desk tickets.
Give remote users the ability to regain access to their machines quickly even if they forget their passwords, which helps avoid any major business interruptions.
Resetting passwords through help desk assistance and connecting machines to the corporate network for a cached credentials update are both time-consuming and expensive processes, which can be easily eliminated using ADSelfService Plus.
Enable context-based MFA with 19 different authentication factors for endpoint and application logins.
Learn moreAllow users to access all enterprise applications with a single, secure authentication flow.
Learn moreEnhance remote work with cached credential updates, secure logins, and mobile password management.
Learn moreEstablish an efficient and secure IT environment through integration with SIEM, ITSM, and IAM tools.
Learn moreDelegate profile updates and group subscriptions to end users and monitor these self-service actions with approval workflows.
Learn moreCreate a Zero Trust environment with advanced identity verification techniques and render your networks impenetrable to threats.
Learn more
