Re: Force PW change with notice

From: andy d (ajd777_at_hotmail.com)
Date: 10/08/04 

Date: Fri, 8 Oct 2004 16:09:23 +0100

<Navigato> wrote in message news:eqlatYUrEHA.3464@TK2MSFTNGP14.phx.gbl...
> Sorry, should have provided this info in the first place: Win2K3 Servers -
> AD Domain, Domain accounts and a very large number of mobile users. The
> 'Change password at next logon is no good' as it doesn't provide enough
> notice to the users - and tends to cause issues when used with Outlook Web
> Access.
>
> Thanks!
>
> "Miha Pihler" <mihap-news@atlantis.si> wrote in message
> news:eVZbhkQrEHA.644@tk2msftngp13.phx.gbl...
>> Hi,
>>
>> Can you give us more information? Is this domain environment (NT, Windows
>> 2000 or Windows 2003 domain) or standalone computers with individual user
>> account on these computers...
>>
>> One thing you can do is select user account and set "User must change
>> password at next logon". This will force user to change password.
>>
>> Mike
>>
>> <Navigato> wrote in message news:exknbLLrEHA.1952@TK2MSFTNGP12.phx.gbl...
>> > I'm looking for a way to force individual user's passwords to expire
> ahead
>> > of schedule in a manner consistent with the normal expiration according
> to
>> > the domain/ local security polices. Does anyone know of an existing
>> script
>> > or tool that can do this? If not, where can I find the current value
>> > of
> a
>> > user's remaining days until password expires?
>> >
>> > The point is initially some users do no change their passwords or they
>> have
>> > shared them with others. I would like to force an expiration that
>> > gives
>> > them the standard notice before the expiration occurs, allowing them to
>> > change their passwords on their own.
>> >
>> >
>>
>>
>
>

Hi Navigato,

You can configure a warning notifying that the thier password will expire in
x days. This is actually a setting on the clients PC but can be configured
using group polices. This way a user will have x days notice that thier
password is due to expire.

Ive seen similiar problems in the past with laptops users dialling into none
windows rras. Because they are not prompted to change thier password (they
cant "logon using dial up networking") when the password expires they cannot
access resources on the internal network.

Its a pain!

hope this helps

cheers

Andy

Relevant Pages

  • Re: Unable to change password: access denied...
    ... It is not related to encryption level, ... to "Users must log on in order to change password" NT4 ... domain accounts policies... ... >profile where its international settings was set to ...
    (microsoft.public.win2000.security)
  • RE: No password expiration message/Cant change password
    ... Default Domain Policy: Local policies-security options: All that shows ... Policy: Network Security: Force logoff when logon hours expire. ... At first I get a Must Change Password notice, Click Change Password, get ... > Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)
  • Re: Set "Password never expires" on users in a specific OU?
    ... You should not assign values directly to the userAccountControl attribute. ... user must change it the next time they logon on. ... ' Check if user must change password at next logon. ... I pieced this together from some other scripts I have.... ...
    (microsoft.public.scripting.vbscript)
  • Re: Integrated Authentication Fails, Basic Authentication works
    ... When we set the directory security to ... > Integrated we cannot logon w/ domain users. ... > we can logon no problem w/ the domain accounts. ... > As soon as we enable windows auth, ...
    (microsoft.public.inetserver.iis.security)
  • RE: ADMT - password questions
    ... > I understand that you want to disable the "User Must Change password at ... > next logon" option when using ADMT to migrate user account with password. ... The preferred solution is to use a registry key to control ... > 2 - more secure behavior, client can''t use OWF password change API. ...
    (microsoft.public.windows.server.migration)