RE: Forcing Password Changes for Non-Interacitve Logons



Hi,

Sure - see

http://www.nuffield.ox.ac.uk/users/holmes/reportpasswordchange.zip

There are three files, the .vbs, which you will need to edit to suit your environment, a text file which is the text that will be included in the email sent to the user, and a .bat file which just calls the script - this batch file should be run as a scheduled task in the context of a user with read access to AD.

I have edited out much of the config for security reasons, you will need to have a look at the .vbs and change settings where appropriate - ie your domain, the password expiry no of days etc - it's all pretty straightforward.

You will need to create a secure password reset page, we use a .NET control to achieve this. Note the page will need to run in the context of a user with *write* access to AD.

There are other scripts out there that do this, just Google 'password expiry script' or similar.

Regards,

Mark


-----Original Message-----
From: Kosala Atapattu [mailto:kosala.atapattu@xxxxxxxxx]
Sent: 21 July 2009 04:48
To: Mark Holmes
Cc: GrowlieGirl@xxxxxxxxx; focus-ms@xxxxxxxxxxxxxxxxx
Subject: Re: Forcing Password Changes for Non-Interacitve Logons

Care to share the script :).

Kosala

On Tue, Jul 21, 2009 at 1:55 AM, Mark
Holmes<mark.holmes@xxxxxxxxxxxxxxxxx> wrote:
Hi,

We have a similar issue at my place - not all users are joined to the
domain, so don't do an interactive logon.  I use a vb script which
runs nightly and checks AD for users whose password is due to expire,
it sends email reminders 14 7 3 and 2 days before expiry via email
(pulls the users address from AD).  They then go to a secure page on
our intranet to change their password.

Cheers,

Mark


On 20 Jul 2009, at 23:32, "GrowlieGirl@xxxxxxxxx"
<GrowlieGirl@xxxxxxxxx> wrote:

I have googled and googled but cannot find the answer to this one,
hoping you can help.
We have ADS password policy enforced whereby the user has to change
their password every 60 days. If they have not changed their
password after this time their account is locked. Unfortunately the
users with non-interactive accounts do not get the notification to
change their password nor can they get to the change password
facility that the interactive logon users can use. Is there any way
to notify the users and have them carry out a password change?

On 20 Jul 2009, at 23:32, "GrowlieGirl@xxxxxxxxx"
<GrowlieGirl@xxxxxxxxx> wrote:

I have googled and googled but cannot find the answer to this one,
hoping you can help.
We have ADS password policy enforced whereby the user has to change
their password every 60 days. If they have not changed their
password after this time their account is locked. Unfortunately the
users with non-interactive accounts do not get the notification to
change their password nor can they get to the change password
facility that the interactive logon users can use. Is there any way
to notify the users and have them carry out a password change?





--
Kosala
--------------------------------------------
Disclaimer: Views expressed in this mail are my personal views and
they would not reflect views of the employer.
--------------------------------------------
blog.kosala.net
www.linux.lk/~kosala/
www.kosala.net



Relevant Pages

  • Re: Forcing Password Changes for Non-Interacitve Logons
    ... Care to share the script:). ... users with non-interactive accounts do not get the notification to ... facility that the interactive logon users can use. ... to notify the users and have them carry out a password change? ...
    (Focus-Microsoft)
  • Re: Forcing Password Changes for Non-Interacitve Logons
    ... users with non-interactive accounts do not get the notification to ... facility that the interactive logon users can use. ... to notify the users and have them carry out a password change? ...
    (Focus-Microsoft)
  • Interactive Logon: CTRL_ALT+DEL
    ... First of all, thanks for reading this. ... to disable the Interactive Logon: ... one have any suggestions on how we can script this automatically so we could set up the distribution of the XP ... Thanks, Scott ...
    (microsoft.public.windowsxp.security_admin)