javajo
asked on
Password is about to expire notification not appearing?
Good morning -
Why is it that some clients do not receive a notification when their password is about to expire?
Runing AD in W2K server mode.
XP and W2K clients on network
Thanks!.
Why is it that some clients do not receive a notification when their password is about to expire?
Runing AD in W2K server mode.
XP and W2K clients on network
Thanks!.
Maybe their accounts are set for password never expires.
ASKER
Thanks savone -
No - that's not it.
Password policy is domain wide. Passwords definitely expire.
No - that's not it.
Password policy is domain wide. Passwords definitely expire.
ASKER
Just found something -
Could it be because the Messenger service is disabled?
Could it be because the Messenger service is disabled?
It is my understanding that the Expiration Notification Time is located on the Local System within the registry (populated by Group Policy). Ck the offending computer's registry and see if this is enabled..
Hive: HKEY_LOCAL_MACHINE
Key: Software\Microsoft\Windows NT\CurrentVersion\Winlogon
Name: PasswordExpiryWarning
Type: REG_DWORD
Value: set # days
Hive: HKEY_LOCAL_MACHINE
Key: Software\Microsoft\Windows
Name: PasswordExpiryWarning
Type: REG_DWORD
Value: set # days
ASKER
I just remembered that we disabled the Messenger service on a few desktops due to spam being sent through this service. Would disabling the Messenger service prevent password expiration notifications from appearing?
I should not think so, since it is a local setting and not coming from the DC... again, I may be wrong about this.. but, to be sure, you could easily turn on the Messenger Service on those systems, or test it on a bench machine connected to the DC in a Test Container with a GP that is configured with a very short password expiration policy (1 day?)...
On a broader point, how is this spam getting into your network? That is something I would look into also.. Personally, I like to have the Messenger Service running on any domain I work in, since it is very convenient to send messages to the users with the Net Send line...
FE
On a broader point, how is this spam getting into your network? That is something I would look into also.. Personally, I like to have the Messenger Service running on any domain I work in, since it is very convenient to send messages to the users with the Net Send line...
FE
ASKER
The password expiration message doesn't come from the DC?
Isn't this message generated through group policy stored on the DC?
Thanks again!
Isn't this message generated through group policy stored on the DC?
Thanks again!
The policy itself is generated by the DC, but remember what Group Policy really is. When a computer logs into the domain, it downloads group policy and applies it locally to the client. Most of these policy changes that are applied are basically just Registry Changes that are made locally. The password expiration policy is (at least I think) specified locally, and the actual message that the user gets is also local.
So, the first place I would start is to look at the Registry of the offending machine, and make sure that the policy is being applied.
FE
So, the first place I would start is to look at the Registry of the offending machine, and make sure that the policy is being applied.
FE
ASKER
Thanks Fatal Exception -
The policy appears like it's gatting applied.
The notification is set to 14 days which I believe is the default.
The policy appears like it's gatting applied.
The notification is set to 14 days which I believe is the default.
Yea, that is the default - 14 days. I take it that you have this set to the default also in the Domain Policy - Group Policy?
Check out this article:
No Password Expiration Notice Is Presented During the Logon Process
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q313194
Check out this article:
No Password Expiration Notice Is Presented During the Logon Process
http://support.microsoft.com/default.aspx?scid=kb;en-us;Q313194
ASKER
Do you think this will slow down the login process for a network of about 50 users?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
:)