password expiration notification
-
Tuesday, January 22, 2013 10:27 AM
We have a windows 2008 R2 forest with Windows 7 clients. I configured en tested Fine grained password policy with shadow groups.
Works fine. Now i want to test password expiration notification.
I configured password age(msDS-MaximumPasswordAge) for 10 days. The standard password expiry notification registry setting is 5 days on the windows 7 clients.
But i when i logon the next day i got the password expiry notification..
I thought that the notification would start after 5 days, for the 5 remaning days.
What am i missing??
All Replies
-
Tuesday, January 22, 2013 10:41 AM
Please see this guide hope it will help you somehow
http://technet.microsoft.com/en-us/library/cc754544(v=ws.10).aspx
Regards, Ravikumar P
-
Tuesday, January 22, 2013 11:04 AM
Hi Ravikumar,
The link you provided has nothing to do with password expiry notification.
My question is, when do users get the first password expiry notification balloon?? The next time they logon?? Or in this case 5 days before password expires??
If it is 5 days before password expires, why do i get a notification the next day, "Your password will expire in 3 days". Weird..
-
Tuesday, January 22, 2013 11:52 AM
Do you have correct group policy settings at your place.?
Anyways, a useful thread link for your reference: http://social.technet.microsoft.com/Forums/en-US/w7itprosecurity/thread/fce9e485-67a4-47df-a649-f92632fb6132/
Regards, Ravikumar P
- Marked As Answer by Biga_b Tuesday, January 22, 2013 11:52 AM
- Unmarked As Answer by Biga_b Tuesday, January 22, 2013 11:52 AM
- Edited by Ravikumar PulagouniMicrosoft Community Contributor Tuesday, January 22, 2013 11:55 AM adding useful thread
-
Tuesday, January 22, 2013 12:02 PM
As far i can tell, FGPP is configured correct.
This Pso is applied at a group. Member of this group have a windows 7 clients. On the clients there is a standard "PasswordExpiryWarning" registry setting with a value of 5 days.
Any idea's??
-
Tuesday, January 22, 2013 1:22 PMEarlier, the default interval that users were notified of password expiration was 14 days before expiration. In Windows 7 and Windows Server 2008 R2, the default password expiry notice occurs 5 days before the password expiration date.This is by design.
Resolution:Unless specified and enforced by a policy, Windows 7 and Windows Server 2008 R2 users will not received a password expiry notice until 5 days before password expiration. Using gpedit, the group policy to alter this default can be found at: Computer Configuration\Windows Settings\Local Policies\Security Options under Interactive Logon: Prompt user to change password before expiration. Using regedit, the registry entry which controls this can be found at: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon under PasswordExpiryWarning.Regards, Ravikumar P
-
Tuesday, January 22, 2013 3:29 PM
That's correct. I know this.
But why do i get a password notification today, if i configured and applied FGPP yesterday, with a 10 day password age configured?
I didn't user or configure the GPO "Computer Configuration\Windows Settings\Local Policies\Security Options under Interactive Logon: Prompt user to change password before expiration"
I do use the default password expiry notification of 5 days..
Thanx
-
Wednesday, May 29, 2013 3:22 PM
You can also try out the specific utility for the same it will give you alerts for password Expiration of users
Take a look
.png)
