Prompting for password change

Hi all,

Recently i changed the policy on password changing and now users no longer get a warning 14 days out everytime they log on and they also now seem to be changing passwords at different times when they all used have a same last day to change password.

Can someone please help make these changes.

14 days out prompt to change password
Have all users change passwords on same last due day.

Thanks

CyberIDentity

LVL 1
CyberIDentityAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

rsivanandanCommented:
It could be because last time when all the users changed their passwords, they didn't do it on the same date. What you could do is instead of giving the expiry date of password (like 60 days or so). Configure all of them to have 'User Must Change Password On Next Logon' and it will make sure that all of them change it on a specific date.

But I don't see any problem in the way it is working right now. As long as they change it between that 14 day notice it should be fine, right?

Cheers,
Rajesh
Sam PanwarSr. Server AdministratorCommented:
Hi,

It sounds like you have done it correctly. I would try to change the setting to maybe 15 days or more for domain policy and then run secedit /refreshpolicy machine_policy /enforce on the domain controller. Then reboot a domain computer to see if the "effective" setting changes to 15 days or more . Assuming it does, change it back to 14 days on the domain controller to see if it helps. If nothing helps, run netdiag and dcdiag on the domain controller and netdiag on one of the domain computers looking for any failed tests that may be pertinen

Check this registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon

PasswordExpiryWarning (DWORD)

Change the number for this. Does it exist? If not, create it

OR

On your DC, Aministrative Tools > Domain Security Policy,
Security Settings > Account Policies > Password Polioy >
Maximum password age

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Dushan De SilvaTechnology ArchitectCommented:
You can check event viewer.

BR Dushan
Active Protection takes the fight to cryptojacking

While there were several headline-grabbing ransomware attacks during in 2017, another big threat started appearing at the same time that didn’t get the same coverage – illicit cryptomining.

Dushan De SilvaTechnology ArchitectCommented:
Hello,
Have you tried with my comment?

BR Dushan
CyberIDentityAuthor Commented:
Hello Dushan,

Sorry for the delay in responding to your suggestions and closing this thread , Yes your advice worked and my issue was resolved.

Thanks

CyberIDentity
CyberIDentityAuthor Commented:
Sorry I meant Abs jaipur
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.