Password Expiring Message

[bensong]

Hi.
W2k3 Domain.

Situation is we have many users who never directly logon to a computer or to OWA. They only logon to various company web sites. The problem is their password expires without notification or opportunity to change it.

Of course this prompts many Irate phone calls from the users, when they can't get into the site.

We have set these users to not expire, but that isnt very security wise, according to HIPAA.

Anyone have any suggestions?

Thanks

 

[khautz]

Inform the users that this is part of company policy and that in order for them to continue to use IT resources they must follow policy. If their account is unsecure it affects more than just them, it affects the entire company...

but i guess your looking for a more techincal solution..

 

[bensong]

Yes, please.

We had to go against the policy because every 90 days about 200 or better users call because they can't access the site to work because the password is expired, and no way for them to change it.

Not making the helpdesk personel real happy either.

B

 

[markdmac]

OK, so why don't you set up some form of email notification or web site popup that instructs them to change their password on a specific date? Instruct them and their manager that failure to change thier password when instructed will result in a charge back to their department. Direct them to a link to OWA where they can reset their password.



I hope you find this post helpful.

Regards,

Mark