No password prompt before expiration

June 12, 2009 at 05:56:05
Specs: Windows 2003 server/ XP
We have W2K Domain Controller/Active Directory. Users used to be prompted to change password before expiration date. Now users are no longer being promoted to change their passwords. I checked the setting (prompt user to change password before expiration). It is set to 5 days at the domain level. I have also turned on "no override" switch under options. Users still not prompted to change their passwords. Is there any other setting, I have to set in order for users to be warned that their passwords about to expire? Users passwords will expires in few days. Please any suggestion, Please help

See More: No password prompt before expiration

Report •

June 12, 2009 at 09:41:46
... found these:
Passwords can be set so they expire and force users to create a new password in the interest of security. This setting dictates how many days before the password expires a warning will be given to the user

[Start] [Run] [Regedit]
Registry Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT
Modify/Create the Value Data Type(s) and Value Name(s) as detailed below.
Data Type: REG_DWORD [Dword Value] // Value Name: PasswordExpiryWarning
Setting for Value Data: [Enter Number of Days Before Expiration to Begin Warnings]
Exit Registry and Reboot
System Key: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
Value Name: PasswordExpiryWarning
Data Type: REG_DWORD (DWORD Value)
Value Data: Number of Days (Default = 14)
Change this policy

Computer Configuration -> Windows Settings -> Security Settings -> Local >
Policies -> Security Options ->

Interactive logon: Prompt user to change password before expiration

Here set the number of days (default is 14) before users start getting
warnings that their password will expire...
On Windows, you can see overall security settings for all accounts on the box using
the command:

C:\> net accounts

Force user logoff how long after time expires?: Never
Minimum password age (days): 0
Maximum password age (days): 42
Minimum password length: 0
Length of password history maintained: None
Lockout threshold: Never
Lockout duration (minutes): 30
Lockout observation window (minutes): 30
Computer role: WORKSTATION
The command completed successfully.

...[on win2k "Computer role:" says SERVER]
C:\> net accounts /domain

You can run this on any system that is a member of the domain, and it'll show you the domain-wide settings for accounts.

.... hope some of this helps!



"...pentathol makes you sing like a canary"
... got brain freeze

Report •
Related Solutions

Ask Question