locked
Fine Grained Password Policy-Password expiration reminder frequency and custom message RRS feed

 > 

  • Question

  • Question
    Sign in to vote
    0
    Sign in to vote

    Dear all,

    We have a fine grain password policy implemented in our domain and it is working as expected.

    We have observed that password change reminder balloon message stays for few seconds less that 5 sec and most of the it is getting ignored by users and creating problem.

    With FGPP - is it possible to increase time of reminder message and can we put our Custom message.

    in-short we are looking setting for Interactive Logon Prompt which will display password change notification.

    -Atul


    TheAtulA

    Thursday, October 6, 2016 6:24 AM

Answers

  • Question
    Sign in to vote
    1
    Sign in to vote

    FGPP/PSOs do not and cannot control the reminder/balloon/notification parameters.
    The Ux is determined by the client Operating System, and, since Windows7, the password expiration was changed from 14days to be 7days.
    Also introduced with Windows7, was the "less intrusive" notification method for password expiration (balloon/toast method, instead of a big fat message+button).

    This Ux (duration of the notification display) has no policy setting available. AFAIK there is no in-box ability to control/extend/customise this Ux.

    Other methods exist, such as scripts you could write or find (eg a logon script), custom web pages or CSS (eg on your intranet web server home pages), other non-client-side scripts or methods which could periodically run on a schedule-examine password expiration-send email to the users, or 3rdparty utilities/products which could do similar things already available for purchase.

    Don [doesn't work for MSFT, and they're probably glad about that ;]

    • Proposed as answer by Amy Wang_ Friday, October 7, 2016 2:16 AM
    • Marked as answer by Amy Wang_ Saturday, October 22, 2016 8:18 AM
    Thursday, October 6, 2016 8:23 PM

All replies

  • Question
    Sign in to vote
    1
    Sign in to vote

    You can also alerts the users about their password expiry by sending customized email notification.

    Just download the script from below TechNet resource and modify according to your requirement - https://gallery.technet.microsoft.com/Password-Expiry-Email-177c3e27

    In case if you wish to automate the process, you can also checkout this password expiration reminder tool which should be an appropriate approach in your situation.

    Organizations who want increase their visibility as to what's happening in their IT environments but are perhaps limited on time and resources. <a href="https://www.lepide.com/lepideauditor/">LepideAuditor Suite</a> provides instant access to see who, what, where and when changes are being made to Active Directory, Group Policy, SQL Servers, SharePoint, File Servers, Exchange Servers and more.

    Thursday, October 6, 2016 6:53 AM
  • Question
    Sign in to vote
    1
    Sign in to vote

    FGPP/PSOs do not and cannot control the reminder/balloon/notification parameters.
    The Ux is determined by the client Operating System, and, since Windows7, the password expiration was changed from 14days to be 7days.
    Also introduced with Windows7, was the "less intrusive" notification method for password expiration (balloon/toast method, instead of a big fat message+button).

    This Ux (duration of the notification display) has no policy setting available. AFAIK there is no in-box ability to control/extend/customise this Ux.

    Other methods exist, such as scripts you could write or find (eg a logon script), custom web pages or CSS (eg on your intranet web server home pages), other non-client-side scripts or methods which could periodically run on a schedule-examine password expiration-send email to the users, or 3rdparty utilities/products which could do similar things already available for purchase.

    Don [doesn't work for MSFT, and they're probably glad about that ;]

    • Proposed as answer by Amy Wang_ Friday, October 7, 2016 2:16 AM
    • Marked as answer by Amy Wang_ Saturday, October 22, 2016 8:18 AM
    Thursday, October 6, 2016 8:23 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    Thanks for pointing me to Scripted solution, but I come across PS scripts which are meant for default Domain Level GPO.

    can anyone please help me with the PS script which can be used for FGPP?

    -Atul 

    TheAtulA

    Wednesday, October 12, 2016 12:04 PM
  • Question
    Sign in to vote
    0
    Sign in to vote

    can anyone please help me with the PS script which can be used for FGPP?

    Hi,

    To get further assistance regarding PowerShell scripting, I suggest you refer to dedicated PowerShell forum below:

    Windows PowerShell Forum

    https://social.technet.microsoft.com/Forums/windowsserver/en-US/home?forum=winserverpowershell

    Best Regards,

    Amy

    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, October 13, 2016 3:09 AM
  • Question
    Sign in to vote
    0
    Sign in to vote
    Does anyone know if this was fixed with Windows 10(1909)?  I am seeing a reminder in an intranet web page that my password is expiring.  I have a default domain GPO that expires my password at 90 days and a FGPP getting applied that is like 10000 days or something.  The FGPP should be taking precedence, and I cannot change the default domain GPO and remove the FGPP yet.  Just wanting to know if all my users are going to be getting false positives that their password is expiring with Windows 10 clients because most users are currently targeted with a FGPPDave

    Thursday, May 7, 2020 10:13 PM