Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Windows 7 workstations don't receive password expire notice

Status
Not open for further replies.
weigoldk

weigoldk

MIS
Jan 12, 2001
249
US
We are just launching into Windows 7 workstations. One user said that she did not receive the normal two week notice that her password was going to expire in the next xx days. We had AD set up to the default of 14 days for the notice to appear. I specifically set the number to 14 days and will be testing that change as soon as I get close to my expiration. Has anyone else experienced this issue? We need to give our users at least a few days notice about their password. Any solutions? I don't want to go to a third party software for this solution.

Thanks in advance for your help.
 
Sort by date Sort by votes
Is it something like that which is being discussed in this link? They are talking about Cached Credentials, and also third party security programs as being a problem.

Password expiration notice not working

It might be worthwhile you posting in one of the Server Forums too?
 
Upvote 0 Downvote
Interesting link, and I think there are some similarities. I'm speaking of the domain user profile exclusively. We don't use McAfee and our AV does not require any login. The user that I spoke of above, logs directly onto the network w/a wired connection so the AD "should" not ever use cached credentials. Also we are using GPO to set the notification time--which is also mentioned in the link.

I'll give it a week or so then I'll try posting to the server forum. Thanks for all of your tips--they have given me more things to think about.
 
Upvote 0 Downvote
I had the same issue. I was able to reproduce it, if I had the UAC turned off. When it was turned on, the notification would work. Then I called MS Support and it started working correctly whether UAC was turned on or off. Either way, I put together a VBS script that goes in to your GPO that displays a popup window telling the user their password expires in # days and that the user MUST click OK to dismiss.
It goes in the GPO - User Config - Policies - Admin Templates - System - Logon - Run these programs at user logon. You will also need to add the folder location to IE Trusted Sites to avoid having a popup asking if it should run the script.

PwExpChk.vbs

'========================================
' First, get the domain policy.
'========================================
Dim oDomain
Dim oUser
Dim maxPwdAge
Dim numDays
Dim warningDays

warningDays = 6

Set LoginInfo = CreateObject("ADSystemInfo")
Set objUser = GetObject("LDAP://" & LoginInfo.UserName & "")
strDomainDN = UCase(LoginInfo.DomainDNSName)
strUserDN = LoginInfo.UserName


Set oDomain = GetObject("LDAP://" & strDomainDN)
Set maxPwdAge = oDomain.Get("maxPwdAge")

'========================================
' Calculate the number of days that are
' held in this value.
'========================================
numDays = CCur((maxPwdAge.HighPart * 2 ^ 32) + _
maxPwdAge.LowPart) / CCur(-864000000000)
'WScript.Echo "Maximum Password Age: " & numDays

'========================================
' Determine the last time that the user
' changed his or her password.
'========================================
Set oUser = GetObject("LDAP://" & strUserDN)

'========================================
' Add the number of days to the last time
' the password was set.
'========================================
whenPasswordExpires = DateAdd("d", numDays, oUser.PasswordLastChanged)
fromDate = Date
daysLeft = DateDiff("d",fromDate,whenPasswordExpires)

'WScript.Echo "Password Last Changed: " & oUser.PasswordLastChanged

if (daysLeft < warningDays) and (daysLeft > -1) then
Msgbox "Password Expires in " & daysLeft & " day(s)" & " at " & whenPasswordExpires & chr(13) & chr(13) & "Once logged in, press CTRL-ALT-DEL and" & chr(13) & "select the 'Change a password' option", 0, "PASSWORD EXPIRATION WARNING!"
End if

'========================================
' Clean up.
'========================================
Set oUser = Nothing
Set maxPwdAge = Nothing
Set oDomain = Nothing
 
Upvote 0 Downvote
Dear ItsMarkK,

THANK YOU. I'm betting that this will be a frequently used solution. I'll try to get it implemented and tested next week.

Thankss again,
K
 
Upvote 0 Downvote
No problem. The lack of noticable notification (popup notification goes away when user moves the mouse), forced me to find a better old-fashion way.

I added a tid bit of code the other day (daysLeft > -1) that I think may cause the script to not report if the password is past its expiration date. I added it as a quick fix to avoid displaying the popup on non-expiring passwords.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

K
  • Locked
  • Question
Recover Data Windows 10 1
Replies
2
Views
4K
Rick998
Rick998
pjw001
  • Locked
  • Question
Latest Windows Update - End of Service
Replies
2
Views
3K
pjw001
pjw001
VicM
  • Locked
  • Question
Problem updating Windows Explorer
Replies
1
Views
976
Nancycaf
Nancycaf
pjw001
  • Locked
  • Question
Windows 11 Screen Colours have changed (slightly) 3
Replies
14
Views
8K
pjw001
pjw001
Andrzejek
  • Locked
  • Question
How to Disable Google Chrome Password Manager 2
Replies
3
Views
1K
combo
combo

Part and Inventory Search

Sponsor

Back
Top