Password is about to expire notification not appearing?

Maybe their accounts are set for password never expires.

Thanks savone -

No - that's not it.

Password policy is domain wide.  Passwords definitely expire.

Just found something  -

Could it be because the Messenger service is disabled?

It is my understanding that the Expiration Notification Time is located on the Local System within the registry (populated by Group Policy).  Ck the offending computer's registry and see if this is enabled..

Hive: HKEY_LOCAL_MACHINE
Key: Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Name: PasswordExpiryWarning
Type: REG_DWORD
Value: set # days

I just remembered that we disabled the Messenger service on a few desktops due to spam being sent through this service.  Would disabling the Messenger service prevent password expiration notifications from appearing?


 

I should not think so, since it is a local setting and not coming from the DC...  again, I may be wrong about this..    but, to be sure, you could easily turn on the Messenger Service on those systems, or test it on a bench machine connected to the DC in a Test Container with a GP that is configured with a very short password expiration policy (1 day?)...

On a broader point, how is this spam getting into your network?  That is something I would look into also..  Personally, I like to have the Messenger Service running on any domain I work in, since it is very convenient to send messages to the users with the Net Send line...

FE

The password expiration message doesn't come from the DC?

Isn't this message generated through group policy stored on the DC?

Thanks again!

The policy itself is generated by the DC, but remember what Group Policy really is.  When a computer logs into the domain, it downloads group policy and applies it locally to the client.  Most of these policy changes that are applied are basically just Registry Changes that are made locally.  The password expiration policy is (at least I think) specified locally, and the actual message that the user gets is also local.  

So, the first place I would start is to look at the Registry of the offending machine, and make sure that the policy is being applied.

FE

Thanks Fatal Exception -

The policy appears like it's gatting applied.

The notification is set to 14 days which I believe is the default.

Yea, that is the default - 14 days.  I take it that you have this set to the default also in the Domain Policy - Group Policy?

Check out this article:

No Password Expiration Notice Is Presented During the Logon Process

http://support.microsoft.com/default.aspx?scid=kb;en-us;Q313194

Do you think this will slow down the login process for a network of about 50 users?

:)