Re: expiring user account passwords

From: Ken Schaefer (kenREMOVE_at_THISadOpenStatic.com)
Date: 10/03/04 

Date: Sun, 3 Oct 2004 15:23:13 +1000

Once their passwords have expired, they will not be able to access the
machine via the network, interactively, as a batch file etc.

Now, if their password has just expired, then IIS won't immediately deny
them access if they have recently logged on - IIS has a cached token that it
will reuse for a few minutes (this is done for performance reasons so that
the user doens't have to be authenticated against the user database for each
web page, image etc that they request).

However, an FTP user will not receive any "password change" notification.
FTP doesn't support that. When the user logs on, they will simply be denied
access. The user will need a different mechanism to change their password.

Cheers
Ken

"Susan Wilson" <Susan Wilson@discussions.microsoft.com> wrote in message
news:26ED53FA-1658-4B32-99DA-89C729FBE1CC@microsoft.com...
> Our company now requires all user accounts on our w2000 IIS servers (not
> active directory) to automatically expire every 90 day's. Although user
> accounts that "log into the server console" have always expired, Ftp user
> accounts and user accounts that access these servers via front page server
> extensions, had each of their accounts set to "password never expires".
>
> After expiring the passwords of the ftp users and frontpage users, (the
> user
> accounts now show "user must change password on next login") I expected
> when
> they accessed the server via ftp or Frontpage (server extensions) they
> would
> be prompted to change there password after entering a valid
> username/password. If that happened, I would not be writing.
>
> Both user types are prompted for their user name and password then had
> access to there ftp data or front page data on the server without any
> forcing
> of password change.
>
> My question is simple. How do the ftp users and front page server
> extension
> users receive the "your password has expired" message and be forced to
> change
> it? I have reviewed the local security policies and do no see a flag that
> control this.
>
> Is a user only forced to change an expired password when they log into
> the
> server console? If this is indeed the case, could you point me to a
> Microsoft document that states this.
>
>

Relevant Pages

  • expiring user account passwords
    ... Our company now requires all user accounts on our w2000 IIS servers (not ... active directory) to automatically expire every 90 day's. ... accounts and user accounts that access these servers via front page server ... After expiring the passwords of the ftp users and frontpage users, ...
    (microsoft.public.inetserver.iis.security)
  • Re: News entries diappear after a while - header expiration?
    ... that if your server makes a mistake and sends an unnecessarily high ... header embeds the message sequence number in it. ... > NOT seem to expire. ... And that otherwise invisible msg. ...
    (microsoft.public.windows.inetexplorer.ie6_outlookexpress)
  • Re: Vincent: Exchange 2003 Trial Expire - Timebomb
    ... As you said I can restart the service and I thought ... server was "stopped" and didn't crash that option doesn't work. ... > is about to expire. ... > is to look at the Exchange Setup Progress Log found in the root of the ...
    (microsoft.public.exchange2000.setup.installation)
  • Re: IMF Will Not Update
    ... Microsoft Exchange Server 2003: Update for Intelligent Message Filter for Exchange Server 2003: 2006.11.09 ... If you miss the "window," the updates "expire" and then you have to wait another 2 weeks for the next lot of updates to come along. ... Make sure your SBS Server is running Microsoft Update. ...
    (microsoft.public.windows.server.sbs)
  • Re: Password questions/problems
    ... Win 2k Server on the server, and the workstations are all Win Xp Pro. ... > admin password or something like that was set to expire today and did they ... Are the users using domain accounts or is it a workgroup environment? ...
    (microsoft.public.win2000.security)