Password Expiry Notice not taking effect in Citrix

  • Thread starter Thread starter g.poplett
  • Start date Start date
G

g.poplett

Hi

I wanted to change the password expiry notice to be 3 days instead of
14 for all my users. I changed this on the 3 DC's that we have. This
works now on all the PC's.

However, we use Citrix as our main access to software and on all the
Citrix Servers, it has kept the registry setting as 14. Any ideas on
why the DC's havent replicated to the Citrix servers. The Servers all
appear in DNS ok just like the pc's and they log onto the network in
the same way?
 
So first the basic question... (sorry)
1) is the citrix machine in the target OU
2) is the citrix machine a domain member?
3) is the citrix machine a DC? (only asked due to your comment about
replication)

The password policy is a bit unique/confusing for one main reason. You only
set up domain based password policy (typically the default domain policy)
and it affects domain users. It will push its policy to machines but that
doesn't affect any domain based users, only local users.

One more question. Regardless of the 'registry' setting, what is the
experience of the users? are they prompted to change their passowrds
appropriately?

Kevin
 
Yes the citrix machine is in the target OU. Yes it is a domain member
and no it isnt a DC.

The users are gettting a prompt 14 days before it changes when they log
into Citrix. If a user logs onto just a normal PC they dont get the
notice until 3 days.
 
Sorry, one more thing. You said about setting it up in the default
domain policy. How do you set it in there? All we have done is change
the registry setting on the servers?
 
Hey,

I think I misread your first note... You are not trying the change the
password age for the users just he expiry notice?

What is the registry key you are modifying? I am looking into this.

I was thinking of how to change the password expiration length. If you post
the registry setting I can test it out and get back to you.

Kevin
 
Hi

Yeah it is the notice. As I said it works on all our normal PC's but
not on the citrix servers so I dont know what the difference is. I am
sure we do not have to add in this registry key manually on all the
citrix servers as after making the change to the Domain Controllers it
updated all the pc's without us doing anything?

Here is the path to the key

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon]

The key is this:

"passwordexpirywarning"=dword:00000003
 
So I'm looking at a security setting...

computer configuration\windows settings\security settings\local
policies\security options\"Interactive logon: Prompt user to change password
before expiration" You enable the setting and put in the number of days
prior to expriation that the user will be prompted. This setting maps to the
registry key you provided so it may not solve anything by doing this with
Group Policy but I will test it out today.

I am setting up a TS to test it out. I don't see why it wouldn't affect the
TS environment. It is treated as an 'interactive' logon AFAIK.

Kevin

Hi

Yeah it is the notice. As I said it works on all our normal PC's but
not on the citrix servers so I dont know what the difference is. I am
sure we do not have to add in this registry key manually on all the
citrix servers as after making the change to the Domain Controllers it
updated all the pc's without us doing anything?

Here is the path to the key

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon]

The key is this:

"passwordexpirywarning"=dword:00000003



Kevin said:
Hey,

I think I misread your first note... You are not trying the change the
password age for the users just he expiry notice?

What is the registry key you are modifying? I am looking into this.

I was thinking of how to change the password expiration length. If you
post
the registry setting I can test it out and get back to you.

Kevin
Click to expand...
Click to expand...
 
Back
Top