No password prompt before expiration

June 12, 2009 at 05:56:05
Specs: Windows 2003 server/ XP
We have W2K Domain Controller/Active Directory. Users used to be prompted to change password before expiration date. Now users are no longer being promoted to change their passwords. I checked the setting (prompt user to change password before expiration). It is set to 5 days at the domain level. I have also turned on "no override" switch under options. Users still not prompted to change their passwords. Is there any other setting, I have to set in order for users to be warned that their passwords about to expire? Users passwords will expires in few days. Please any suggestion, Please help

See More: No password prompt before expiration

Report •


#1
June 12, 2009 at 09:41:46
... found these:
***********************************************
Passwords can be set so they expire and force users to create a new password in the interest of security. This setting dictates how many days before the password expires a warning will be given to the user

[Start] [Run] [Regedit]
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT
\CurrentVersion\Winlogon
Modify/Create the Value Data Type(s) and Value Name(s) as detailed below.
Data Type: REG_DWORD [Dword Value] // Value Name: PasswordExpiryWarning
Setting for Value Data: [Enter Number of Days Before Expiration to Begin Warnings]
Exit Registry and Reboot
*************************************************************
System Key: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
Value Name: PasswordExpiryWarning
Data Type: REG_DWORD (DWORD Value)
Value Data: Number of Days (Default = 14)
*******************************************************
Change this policy

Computer Configuration -> Windows Settings -> Security Settings -> Local >
Policies -> Security Options ->

Interactive logon: Prompt user to change password before expiration

Here set the number of days (default is 14) before users start getting
warnings that their password will expire...
****************************************************************
On Windows, you can see overall security settings for all accounts on the box using
the command:

C:\> net accounts

Force user logoff how long after time expires?: Never
Minimum password age (days): 0
Maximum password age (days): 42
Minimum password length: 0
Length of password history maintained: None
Lockout threshold: Never
Lockout duration (minutes): 30
Lockout observation window (minutes): 30
Computer role: WORKSTATION
The command completed successfully.

...[on win2k "Computer role:" says SERVER]
********************************************
C:\> net accounts /domain

You can run this on any system that is a member of the domain, and it'll show you the domain-wide settings for accounts.

.... hope some of this helps!


.


.

Grrrr
"...pentathol makes you sing like a canary"
http://img193.imageshack.us/img193/...
... got brain freeze


Report •
Related Solutions


Ask Question