RE: Expiring inactive accounts

Can script this ... Works well:

http://joeware.net/win/free/tools/accexp.htm

paul giddens

-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx]
On Behalf Of Raoul Armfield
Sent: Wednesday, December 20, 2006 10:34 AM
To: focus-ms@xxxxxxxxxxxxxxxxx
Cc: Noaman Khan; dubaisans dubai
Subject: Re: Expiring inactive accounts


Noaman Khan wrote:
Hello,

Depends on if system is part of AD or not. If so ensure that your
domain security policy is set to Maximum password age for 60 days.
Also verify your local security policy.

Thanks

It sounds like he already has the 60 day policy in place. What he is
looking for is the ability to prevent someone from logging on after 60
days of inactivity.

OP:

You can probably script something like that by having a VB script look
at last logon date and if it is more than 60 days before the current day
then you can have it disable the account. This will force the user to
contact the admin to reenable the account.

I can probably dig up a quick script that will do this if you need/want
it.

Raoul


Noaman

On 12/20/06, dubaisans dubai <dubaisans@xxxxxxxxx> wrote:
I want to ensure that Windows 2000 domain users who are not logging
in for 60 days cannot login after that without admin intervention.

In Windows NT 4.0 I used to enable the checkbox "User must login to
change password" and had a password expiry of 60 days. So if somebody

did not change password in 60 days and came later he could not login.
administrator had to reset his expired password

In Windows 2000 how do I achieve this ? I donot see this option
"User must login to change password" anywhere. I have set the
password expiry for 60 days. But somebody who logs in after 90 days
also can use his old password , immediately change to new one and
login successfully.

or is there a better way in Windows 2000 to automatically disable
inactive accounts ?




--
Raoul Armfield
rarmfield at amnh dot org

Relevant Pages

  • Re: Hacker activity?
    ... >login to a server, most as root but some are attempts to login to ... >telnet, all come from the same remote server, and all fail. ... >getting some odd cgi calls to a script on a secure ssl server. ... Make sure root cannot login to your system via ssh. ...
    (freebsd-questions)
  • Re: [opensuse] BASH: has $COLUMNS gone nuts?
    ... You do realize that lines & columns are dynamic values which at least some terminals and login daemons will continuously adjust right? ... What the above shows is that I dragged the corner of my PuTTY window (which was connected to sshd, not every terminal client nor every server daemon does this) making the window a little larger and without issuing any commands, and no possibility that any bashrc or inclusions got executed, the values changed, because the terminal told the daemon and the daemon told it's child processes. ... Try calling them from within a script: ... Although, I would also actually be perverse and say that since the SCO systems predate most others, including ALL linux, that you could actually make the argument that the dwindling remaining production sco boxes in the world are right and the 90 million linux & freebsd & sun boxes are all wrong. ...
    (SuSE)
  • Abusing poor programming techniques in webserver scripts V 1.0
    ... $login = Request.Form ... fool the database parser. ... verified in the script of access to the database, ... The SQL statement will be parsed by the database manager, ...
    (SecProg)
  • Re: Limit desktop & start menu
    ... Create a login script that runs when users log into the TS, and map the R: ... persisitent "R" drive on the server itself and that may cure it. ...
    (microsoft.public.windows.terminal_services)
  • RE: vb script called from login script exits when login script ter
    ... In Novell our login times (from the time the user types in their ... seconds with a very bare bones login script. ... that was an improvement but still not as good as our NetWare login times. ... VBScipt is terminated after the synchronous part of logon script is ...
    (microsoft.public.scripting.vbscript)