Passwords expiring with no notification

[Ron]

Having problems with some workstations having their
password expire with no warning on a 2000 Domain. Can I
have policy that would give 3 Login warnings?

I also would like to have all workstations synced up to
have its password expiring at a particular date.

Any help in the syntax would be appreciated

 

[Steven Umbach]

Check the Local Security Policy [secpol.msc ] on those computer for the security
option under security settings/local policies/security options for prompt user
to change password before expiration which by default should be 14 days. You can
configure it in Domain Security Policy also if you want. I don't know of a way
to have all users passwords expiring at the same time unless you try to
configure everyone to change their password at next logon and configure the
password minimum age to be a day less than the maximum age which could get you
close but I don't recommend it. A user should be able to change their password
whenever they want after maybe a short maximum password age. What if they felt
that someone somehow obtained their password. Would you want them to have to
wait 56 days or until you manually reset it?? --- Steve

 

[Bruce Sanderson]

I've noticed on some Windows XP workstations (RTM and SP1 - not sure about
SP2 yet), that the password about to expire warning does not appear when the
user logs on. This has been an annoyance for quite a while that I have not
got to the bottom of.

I've checked the "Interactive logon: Prompt user to change password before
expiration" using RSOP, GPMC and gpedit.msc and all these tools tell me that
this setting is 14 days.

This seems to happen on XP computers that are left powered on (but logged
off) when not in use (e.g. nights and weekends) and where only one (domain)
user account is normally used to logon.

I investigated (complained) about this shortly after XP went RTM, but never
got any explanation or solution. Since our users don't deem this a very
important problem, I've not pursued it.

What I've noticed is that if the same user account is used to logon to a
Terminal Services session (or RDP to another computer), they do get the
"password about to expire" message, although they didn't get it when logging
on their XP workstation. If the user does not change the password, logs of
the TS or RDP session, logs of at their workstation, then logs on at the
workstation again, they still don't get the warning (even if the workstation
is restarted).

Quite mysterious!
--
Bruce Sanderson MVP

It is perfectly useless to know the right answer to the wrong question.

Check the Local Security Policy [secpol.msc ] on those computer for the
security
option under security settings/local policies/security options for prompt
user
to change password before expiration which by default should be 14 days.
You can
configure it in Domain Security Policy also if you want. I don't know of a
way
to have all users passwords expiring at the same time unless you try to
configure everyone to change their password at next logon and configure
the
password minimum age to be a day less than the maximum age which could get
you
close but I don't recommend it. A user should be able to change their
password
whenever they want after maybe a short maximum password age. What if they
felt
that someone somehow obtained their password. Would you want them to have
to
wait 56 days or until you manually reset it?? --- Steve


message

Having problems with some workstations having their
password expire with no warning on a 2000 Domain. Can I
have policy that would give 3 Login warnings?

I also would like to have all workstations synced up to
have its password expiring at a particular date.

Any help in the syntax would be appreciated

 

[Steven L Umbach]

That is interesting, particularly the part about when they logon to TS or RD that
they are then prompted. I have read about other users having the same issue but it
certainly seems no to be widespread and don't recall seeing a resolution. I guess it
would be chalked up to being a glitch. Below is a KB referencing a similar problem
but it is kind of dated. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;Q313194

I've noticed on some Windows XP workstations (RTM and SP1 - not sure about SP2
yet), that the password about to expire warning does not appear when the user logs
on. This has been an annoyance for quite a while that I have not got to the bottom
of.

I've checked the "Interactive logon: Prompt user to change password before
expiration" using RSOP, GPMC and gpedit.msc and all these tools tell me that this
setting is 14 days.

This seems to happen on XP computers that are left powered on (but logged off) when
not in use (e.g. nights and weekends) and where only one (domain) user account is
normally used to logon.

I investigated (complained) about this shortly after XP went RTM, but never got any
explanation or solution. Since our users don't deem this a very important problem,
I've not pursued it.

What I've noticed is that if the same user account is used to logon to a Terminal
Services session (or RDP to another computer), they do get the "password about to
expire" message, although they didn't get it when logging on their XP workstation.
If the user does not change the password, logs of the TS or RDP session, logs of at
their workstation, then logs on at the workstation again, they still don't get the
warning (even if the workstation is restarted).

Quite mysterious!
--
Bruce Sanderson MVP

It is perfectly useless to know the right answer to the wrong question.

Check the Local Security Policy [secpol.msc ] on those computer for the security
option under security settings/local policies/security options for prompt user
to change password before expiration which by default should be 14 days. You can
configure it in Domain Security Policy also if you want. I don't know of a way
to have all users passwords expiring at the same time unless you try to
configure everyone to change their password at next logon and configure the
password minimum age to be a day less than the maximum age which could get you
close but I don't recommend it. A user should be able to change their password
whenever they want after maybe a short maximum password age. What if they felt
that someone somehow obtained their password. Would you want them to have to
wait 56 days or until you manually reset it?? --- Steve

Having problems with some workstations having their
password expire with no warning on a 2000 Domain. Can I
have policy that would give 3 Login warnings?

I also would like to have all workstations synced up to
have its password expiring at a particular date.

Any help in the syntax would be appreciated

 

[Guest]

I'm getting the same thing. I get prompted that my password will expire in x
days if I log into any type of Windows system other than XP Pro. We've got a
Win2K domain in mixed mode, and if I log into NT, TS or RDP I do get a
prompt. On XP, no prompt.

I tried the article posted below and after changing the setting it refers
to, the result remained the same except that it took a tiny bit longer to log
in. Still no prompt, though.

Anyone got any other possibilities?

That is interesting, particularly the part about when they logon to TS or RD that
they are then prompted. I have read about other users having the same issue but it
certainly seems no to be widespread and don't recall seeing a resolution. I guess it
would be chalked up to being a glitch. Below is a KB referencing a similar problem
but it is kind of dated. --- Steve

http://support.microsoft.com/default.aspx?scid=kb;en-us;Q313194

I've noticed on some Windows XP workstations (RTM and SP1 - not sure about SP2
yet), that the password about to expire warning does not appear when the user logs
on. This has been an annoyance for quite a while that I have not got to the bottom
of.

I've checked the "Interactive logon: Prompt user to change password before
expiration" using RSOP, GPMC and gpedit.msc and all these tools tell me that this
setting is 14 days.

This seems to happen on XP computers that are left powered on (but logged off) when
not in use (e.g. nights and weekends) and where only one (domain) user account is
normally used to logon.

I investigated (complained) about this shortly after XP went RTM, but never got any
explanation or solution. Since our users don't deem this a very important problem,
I've not pursued it.

What I've noticed is that if the same user account is used to logon to a Terminal
Services session (or RDP to another computer), they do get the "password about to
expire" message, although they didn't get it when logging on their XP workstation.
If the user does not change the password, logs of the TS or RDP session, logs of at
their workstation, then logs on at the workstation again, they still don't get the
warning (even if the workstation is restarted).

Quite mysterious!
--
Bruce Sanderson MVP

It is perfectly useless to know the right answer to the wrong question.

Check the Local Security Policy [secpol.msc ] on those computer for the security
option under security settings/local policies/security options for prompt user
to change password before expiration which by default should be 14 days. You can
configure it in Domain Security Policy also if you want. I don't know of a way
to have all users passwords expiring at the same time unless you try to
configure everyone to change their password at next logon and configure the
password minimum age to be a day less than the maximum age which could get you
close but I don't recommend it. A user should be able to change their password
whenever they want after maybe a short maximum password age. What if they felt
that someone somehow obtained their password. Would you want them to have to
wait 56 days or until you manually reset it?? --- Steve


Having problems with some workstations having their
password expire with no warning on a 2000 Domain. Can I
have policy that would give 3 Login warnings?

I also would like to have all workstations synced up to
have its password expiring at a particular date.

Any help in the syntax would be appreciated