none
Remove Password Reset is Never Expires from GPO

    Question

  • i have created one new password reset policy at Domain root level same as Default Domain policy and change its precedence to top in all group policy even before default domain policy.

    I am using Windows Server 2008 R2 Domain Controller

    Now the policy is applied successfully to user machine and also verified from "secpol.msc". But user is not getting notification of  expired password.

    From following command, Password Expires: Never so how can i remove this option so user get notification to change password time to time.


    • Edited by Y'kas Monday, June 6, 2016 6:52 AM
    Monday, June 6, 2016 6:47 AM

Answers

  • > Now the policy is applied successfully to user machine and also verified
    > from "secpol.msc". But user is not getting notification of  expired
    > password.
     
    The policy MUST apply to the PDC emulator, not to the user's client
    computer.
     
    >  From following command, Password Expires: Never so how can i remove
    > this option so user get notification to change password time to time.
     
    Edit the user and uncheck "Password never expires" :-) But it doesn't
    matter - domain PW expiration policy overrides this setting anyway.
     
    Monday, June 6, 2016 1:25 PM
  • Hi,
    You may need to check how the password expiration setting is configured in your password polies of domain. "Password never expires" will override any password expiration policy you configure in Group Policy.
    Regards,
    Wendy

    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, June 7, 2016 3:16 AM
    Moderator

All replies

  • So, you wish to "suggest" to the users, but not to "force" the users, to perform a password change?

    Don [doesn't work for MSFT, and they're probably glad about that ;]

    Monday, June 6, 2016 8:57 AM
  • > Now the policy is applied successfully to user machine and also verified
    > from "secpol.msc". But user is not getting notification of  expired
    > password.
     
    The policy MUST apply to the PDC emulator, not to the user's client
    computer.
     
    >  From following command, Password Expires: Never so how can i remove
    > this option so user get notification to change password time to time.
     
    Edit the user and uncheck "Password never expires" :-) But it doesn't
    matter - domain PW expiration policy overrides this setting anyway.
     
    Monday, June 6, 2016 1:25 PM
  • Hi,
    You may need to check how the password expiration setting is configured in your password polies of domain. "Password never expires" will override any password expiration policy you configure in Group Policy.
    Regards,
    Wendy

    Please remember to mark the replies as answers if they help and un-mark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, June 7, 2016 3:16 AM
    Moderator