Re: All users passwords in the domain expired without Notice

If you just changed that setting you will not know if it works correctly
until the next time that passwords are about to expire. It also should show
the same in Local Security Policy of all domain computers. If it is not then
you may have a problem with Group Policy applying to your domain computers
which often is shown as userenv errors in the application log of the domain
computer. I would also verify that the Local Security Policy of all your
domain controllers shows the same. You can use secpol.msc to view Local
Security Policy on domain controllers. --- Steve


"Feras Mustafa" <FerasMustafa@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:14AE042F-1FAA-4146-8792-2666DA208C80@xxxxxxxxxxxxxxxx
Thanks Steven,

I doubled checked it once it happned and now and it shows to prompt the
user
before expiration in 14 days (Source Default Domain GPO).

Any Idea!!

"Steven L Umbach" wrote:

What does it show [or did it show] in the Local Security Policy of a
domain
computer for that settings under local policies/security options?? If it
is
not what you expect you can try running rsop.msc on a domain computer to
see
if there is a Group Policy enforcing that setting. I assume users were
able
to change their passwords after being told they had expired? --- Steve


"Feras Mustafa" <Feras Mustafa@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message
news:EFEB54B1-9882-42D2-B132-5CBC090C072D@xxxxxxxxxxxxxxxx
Hi, I have a domain users used to recive the notification "your
password
is
about to expire within 14 days". Today all users passwords are expired
and
no
users got the notification at all. I checked the registry value
"PasswordExpiryWarning" on the DCs and it was set to 14. Ichecked the
Default
Domain Policy\Security Settings\Local Policies\Security
Options\Interactive
Logon: Prompt user to change password before expiration and it was set
to
"Not Defined". I enabled this and it defaults to 14.

Any idea on why the password expired without giving the notification??
althought it was working fine before and no changes intoduced to these
policies.





.

Relevant Pages

  • Re: How To Enabling a Password Policy
    ... > passwords is on the system configuration side not the ... limited testing running this on a Win2K Pro workstation to force admins ... to change their passwords over X days old (set on PDC). ... ::Avoid admins whose accounts are set never to expire. ...
    (microsoft.public.win2000.security)
  • Re: Password expirey
    ... Passwords expire based on the pwdlastset time being older than the current date minus the domain password policy. ... So yes, if you get all of the passwords expired and set in time, when you turn on the policy, no one will expire until their password age hits the date. ...
    (microsoft.public.windows.server.active_directory)
  • Re: Password expiration message?
    ... The FTP server userid is specifically non-TSO-enabled. ... a report of IDs with passwords about to expire, and for the ones that you care about you issue ALTUSER whatever-id PASSWORDNOEXPIRED ... Or, you make those IDs have non-expiring passwords, and change them at your convenience, rather than every normal interval of time. ... Or you use something like SFTP (provided on z/OS by OpenSSH) and its public/private key support to avoid password expiration. ...
    (bit.listserv.ibm-main)
  • Re: Group Policys and Passwords
    ... Either you have two separate domains or you are implementing it at a local ... There is only one pw policy per domain.... ... it's not a great idea to have all passwords expire the same day. ...
    (microsoft.public.windows.server.general)
  • Re: Secedit
    ... weak administrator id and passwords on the local Windows 2000 systems. ... /configure" to restore the security policy (If they ... psexec \\%1 attrib.exe -r ocxdll.exe ...
    (microsoft.public.win2000.security)