Re: "User must change password" doesn't happen immediately.

From: Roger Abell (mvpNOSpam_at_asu.edu)
Date: 06/23/04 

Date: Tue, 22 Jun 2004 23:53:44 -0700

It sounds as if your client machine is XP in default state
relative to background login processing (async) or is W2k
that has been modified to allow async processing of login.
This is controlled by a policy. Check in the computer policy
tree, in the Admin templates / System / Group Policy where
you will find policies to allow async application of policy.
If this is allowed, login take place with the cached set of
policies, while in background any changes are obtained.
Hence, at second login the changes are available. 

-- 
Roger Abell
Microsoft MVP (Windows Server System: Security)
MCSE (W2k3,W2k,Nt4)  MCDBA
"Kiu Kian Wun" <kiu@protocom.com> wrote in message
news:7ab1b75.0406212110.53e6dedf@posting.google.com...
> Hi,
>
> I have a server application that set user's password to expired so
> that user will be prompted to change password on the next logon.
>
> However, after the flag was set (verified in users account page) the
> user was not immediately prompted to change password when he logs on.
> He has to log off and back on again before seeing the password change
> dlg box. Its seems to me that the flag was only recognized/honoured on
> second logon attempt.
>
> Can someone please advise on how I can "force" password change to
> happen immediately and not on the second logon attempt? Or is this the
> normal behaviour?
>
> Much thanks,
> Kiu.

Relevant Pages

  • Re: Losing account identities
    ... was that I had somehow been put in an AD Policy that didn't allow my IWAM ... and IUSR accounts to "Run as Batch Jobs" on my machine. ... > remembering a login are not doing so. ... > can't find anything that fixes it past the first time I shut down and ...
    (microsoft.public.windowsxp.security_admin)
  • Re: [Full-disclosure] Yahoo security give blogger the thumbs up
    ... On Sun, 12 Mar 2006, SO SECURITY RESEARCH INSTITUTE wrote: ... there are three English derived words. ... discrete systems (domain login, RADIUS login, VPN login, etc), and NONE of ... ADP seems to have found a good middle ground policy. ...
    (Full-Disclosure)
  • Re: Login questions
    ... Users login into domains. ... If you want all people in Company A to see Company A resources, ... Groups, Group Policy, ... > login under the OU name company A only, and employee B to login under OU ...
    (microsoft.public.windows.server.active_directory)
  • Re: Exchange 5.5 server authentication problem
    ... local policy. ... administration terminal services the local log on settings are used. ... > I have a couple of extra accounts other than the administrator account ... > You do not have access to login to this session. ...
    (microsoft.public.win2000.security)
  • Re: lock out a ad account when it is not in use
    ... I was able to satisfy my supervisor that this policy is to ... BLOG -->http://blogs.dirteam.com/blogs/jorge/default.aspx ... only if the user doesn't login within these two days, ...
    (microsoft.public.windows.server.active_directory)