none
Windows 7 Expired Password - Recvd Warning prompts but not forced to change password

    Question

  • Our Windows 7 users are prompted when their passwords will expire in 14 Days, however They are not forced to change thier password before it expires. If the users ignore the expiration warning they can only get logged into the network after having the helpdesk reset thier password.

    Is there a way to force Windows 7 users to change thier passwords on the day it expires. Our WinXP users get the 14 day warning and are forced to change thier passwords on day 14.

    I have the GPO configured to notifiy users when thier passwords will expire in 14 days

    Thank you,

    Glen

    Tuesday, July 13, 2010 3:53 PM

Answers

  • Hi,

     

    After applying above settings, the user can change the password by default at the expire day. Please create a new domain profile and test the issue on several Windows 7 machines. Can the user be enforced to change password at expire day? If not, please refer to the following steps to collect the information for research.

     

    1. On the DC, open GPMC, right-click Group Policy Results, choose Group Policy Results Wizard, follow the wizard to collect a Group Policy result for problematic Windows 7 client.

     

    2. On the Windows 7 machine where GPO failed to apply, please perform the following steps to collect log files:

     

    a) Please add the specified registry key to enable group policy log (%windir%\debug\usermode\gpsvc.log), and remove or rename it to disable group policy log after collecting data. You may need to create the Diagnostics key if it is not there.

     

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Diagnostics

     

    Type: DWORD

    Value: GPSvcDebugLevel

    Data: 0x30002 (hexadecimal)

     

    b) Then on the problematic Win7 machine, run command “gpupdate /force”.

    c) Then on the problematic Win7 machine, run command “gpresult /v > gpr_win7.txt”, send me gpr_win7.txt file.

    d) On the problematic Win7 machine, run command “eventvwr”, then expand to Applications and service logs -> Microsoft -> windows -> groupPolicy -> Operational. Right-click on it and click “save event as”. Save the file as .evtx format and send it to me.

    e) After that, please send me the above output files. (please zip them first and then send them to me).

     

    - %windir%\debug\usermode\gpsvc.log

    - gpr_win7.txt

    - win7.evtx

     

    Please use Windows Live SkyDrive (http://www.skydrive.live.com/) to upload the GPMC result and the zip files, and then give us the download address.

     

    Thanks,

    Novak

     


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”
    • Marked as answer by Novak Wu Wednesday, July 21, 2010 1:02 AM
    Friday, July 16, 2010 5:06 AM

All replies

  • Thanks for taking the time to answer, but I think you misunderstood the question.

    I am trying to force Windows 7 users to change thier password when the password expires.

    This works for WinXP users. WinXP users are prompted at login. "Your password has expired and must be changed" Win7 users will get a bubble in the system tray warning them to change thier password, but they are never forced to change it. If they ignore the warning they have to contact our helpdesk to have thier password reset for them.

    I am trying to find out if there is a way to get Win7 machines to behave like the WinXP Login

    Wednesday, July 14, 2010 2:48 AM
  • Hi,

     

    Please create a GPO to configure the Windows 7 computers to use the 14 day setting.

     

    Computer Configuration\Windows Settings\Security Settings \Local Policies \Security Options

     

    Find the entry: Interactive logon: Prompt user to change password before expiration

     

    Regards,

    Novak


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”
    Thursday, July 15, 2010 6:30 AM
  • Thanks again for your reply.

    That has been done. Users are prompted at the 14 day mark, but they are never forced to change their password. They are only warned that the password will expire in "n" days. If they keep ignoring the warning they need to call the helpdesk to have thier password changed. Our XP Users are forced to chnage thier password after its expired.

    I am trying to figure out it this is just the way Vista and Win7 is designed or if there is a way to force these users to change the password after it expires so they do not need to contact the help desk.

     

     

    Thursday, July 15, 2010 4:20 PM
  • Hi,

     

    After applying above settings, the user can change the password by default at the expire day. Please create a new domain profile and test the issue on several Windows 7 machines. Can the user be enforced to change password at expire day? If not, please refer to the following steps to collect the information for research.

     

    1. On the DC, open GPMC, right-click Group Policy Results, choose Group Policy Results Wizard, follow the wizard to collect a Group Policy result for problematic Windows 7 client.

     

    2. On the Windows 7 machine where GPO failed to apply, please perform the following steps to collect log files:

     

    a) Please add the specified registry key to enable group policy log (%windir%\debug\usermode\gpsvc.log), and remove or rename it to disable group policy log after collecting data. You may need to create the Diagnostics key if it is not there.

     

    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Diagnostics

     

    Type: DWORD

    Value: GPSvcDebugLevel

    Data: 0x30002 (hexadecimal)

     

    b) Then on the problematic Win7 machine, run command “gpupdate /force”.

    c) Then on the problematic Win7 machine, run command “gpresult /v > gpr_win7.txt”, send me gpr_win7.txt file.

    d) On the problematic Win7 machine, run command “eventvwr”, then expand to Applications and service logs -> Microsoft -> windows -> groupPolicy -> Operational. Right-click on it and click “save event as”. Save the file as .evtx format and send it to me.

    e) After that, please send me the above output files. (please zip them first and then send them to me).

     

    - %windir%\debug\usermode\gpsvc.log

    - gpr_win7.txt

    - win7.evtx

     

    Please use Windows Live SkyDrive (http://www.skydrive.live.com/) to upload the GPMC result and the zip files, and then give us the download address.

     

    Thanks,

    Novak

     


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”
    • Marked as answer by Novak Wu Wednesday, July 21, 2010 1:02 AM
    Friday, July 16, 2010 5:06 AM
  • glevan,

    were you able to solve it? I don't see how the comment marked as answer could have helped. I am experiencing the same on vista.

    Wait - I am not. It was just a bug in our encryption software that modifies the GINA. So it's not Windows's fault.

    Monday, August 23, 2010 11:20 AM
  • Has anyone found a solution for this?  I have been looking on the Internet and have not found anything yet.  I have a standalone PC that I am having this problem with.
    Thursday, February 27, 2014 6:17 PM
  • I am having the exact same problem and have been searching on and off for a solution over the last year.

    Every weekend we have users call our On-Call phone because their passwords expired and they never changed them.  This is even after all the prompts they received to change them.

    We need to force them to change their passwords immediately, before they expire.

    Any help would be appreciated.

    Wednesday, October 26, 2016 3:41 PM
  • Wednesday, October 26, 2016 5:13 PM
    Moderator