Re: Maximum password Age, Domain Security Policy

From: Steven L Umbach (n9rou_at_n0-spam-for-me-comcast.net)
Date: 11/30/04 

Date: Tue, 30 Nov 2004 01:53:28 GMT

I don't know of a way to force it, unless you manually want to it by
configuring their accounts to change password at next logon which you could
do with the Active Directory command line tools such as dsquery and dsmod
with the user command to search for and force accounts with certain password
ages [-stalepwd]to change their password at next logon. I would educate the
users that they need to change their password when prompted to - at least
not waiting until the last day. By default they should have 14 days
arning. --- Steve

http://www.jsiinc.com/SUBO/tip7300/rh7330.htm -- dsquery user command.

"Reidar Berntzen" <reidar@dod.no> wrote in message
news:ducnq01tmborckes0irvv99p4jg5jag4se@4ax.com...
> Hi!
>
> We have a Windows 2003 server in a single domain.
> The Domain Security Policy is implemented with maximum password age -
> 30 days.
>
> Now users complain that they loose their network connection, meaning
> network drive mappings, while they are working. It seems that the
> password expires without warning to users and network mapped network
> drives disconnects. The password expires dialog-box warning is working
> at log on, but most of the users selects cancel and start their work
> without changing the password. Many users do not log off after work,
> but lock the pc to next working day, and therefore they are not warned
> about password expiration.
>
> Is there any possibility to force a password change when the password
> expires? (Even while the user is logged on the domain)
>
> Any suggestions would be appreciated!
>
> Thanks,
>
> --
> Reidar Berntzen

Relevant Pages

  • Re: Windows 2000 users accounts get locked out
    ... You say that those machines are on your network or not?? ... The caller machine is the name of the machine that ... the user was attempting to logon from at the time of the lockout. ... Still my accounts get locked out. ...
    (microsoft.public.win2000.security)
  • Re: Auto Logon to network
    ... see a prompt for a name and password when you connect to a network ... > unique ID and password to logon to XP and matching user accounts ... > second screen to logon to network. ... >>all accounts are stored on the domain controllers, or you will have to go ...
    (microsoft.public.win2000.networking)
  • Re: Maximum password Age, Domain Security Policy
    ... When a users password expires, the pwdlastset attribute is set to 0 and the ... The password change warning is only implemented during the logon process. ... >> network drive mappings, while they are working. ...
    (microsoft.public.win2000.group_policy)
  • Re: Question: Sharing resources between Forests
    ... recource) and have your users logon with their given domain A credentials. ... Create a trust between our respective networks. ... Create local accounts on the server for the users needing access. ... on network A that users on network B need access to. ...
    (microsoft.public.windows.server.active_directory)
  • Re: OWA 2003 is only accessable during workingdays
    ... Is it the same when you log in from a client on the network? ... thinking of AD Users and Computers, Properties, Accounts, Logon Hours. ...
    (microsoft.public.exchange.misc)
Loading