Maximum password Age, Domain Security Policy

  • Thread starter Thread starter Reidar Berntzen
  • Start date Start date
R

Reidar Berntzen

Hi!

We have a Windows 2003 server in a single domain.
The Domain Security Policy is implemented with maximum password age -
30 days.

Now users complain that they loose their network connection, meaning
network drive mappings, while they are working. It seems that the
password expires without warning to users and network mapped network
drives disconnects. The password expires dialog-box warning is working
at log on, but most of the users selects cancel and start their work
without changing the password. Many users do not log off after work,
but lock the pc to next working day, and therefore they are not warned
about password expiration.

Is there any possibility to force a password change when the password
expires? (Even while the user is logged on the domain)

Any suggestions would be appreciated!

Thanks,
 
I don't know of a way to force it, unless you manually want to it by
configuring their accounts to change password at next logon which you could
do with the Active Directory command line tools such as dsquery and dsmod
with the user command to search for and force accounts with certain password
ages [-stalepwd]to change their password at next logon. I would educate the
users that they need to change their password when prompted to - at least
not waiting until the last day. By default they should have 14 days
arning. --- Steve

http://www.jsiinc.com/SUBO/tip7300/rh7330.htm -- dsquery user command.
 
This is not possible.
When a users password expires, the pwdlastset attribute is set to 0 and the
'change password at next logon' box becomes checked.
The password change warning is only implemented during the logon process.
I agree, this needs to be an education process to get the users to change
their password before it expires.

--
Glenn L

CCNA, MCSE (2000,2003) + Security
Steven L Umbach said:
I don't know of a way to force it, unless you manually want to it by
configuring their accounts to change password at next logon which you could
do with the Active Directory command line tools such as dsquery and dsmod
with the user command to search for and force accounts with certain
password ages [-stalepwd]to change their password at next logon. I would
educate the users that they need to change their password when prompted
to - at least not waiting until the last day. By default they should have
14 days arning. --- Steve

http://www.jsiinc.com/SUBO/tip7300/rh7330.htm -- dsquery user command.

Reidar Berntzen said:
Hi!

We have a Windows 2003 server in a single domain.
The Domain Security Policy is implemented with maximum password age -
30 days.

Now users complain that they loose their network connection, meaning
network drive mappings, while they are working. It seems that the
password expires without warning to users and network mapped network
drives disconnects. The password expires dialog-box warning is working
at log on, but most of the users selects cancel and start their work
without changing the password. Many users do not log off after work,
but lock the pc to next working day, and therefore they are not warned
about password expiration.

Is there any possibility to force a password change when the password
expires? (Even while the user is logged on the domain)

Any suggestions would be appreciated!

Thanks,
Click to expand...
Click to expand...
 
Back
Top