Solved

Password Policy not prompting for expiration

Posted on 2011-02-14
8
1,197 Views
Last Modified: 2012-05-11
Hi Experts,

I have a SBS 2003 domain with 1 other server and ~20 workstations - windows 7 and windows xp (no vista).

None of my machines prompt when a password is about to expire, which is causing passwords to expire while users are away remotely.

I wrote out my group policy setup in the code attachment.

Does anyone have any ideas?

Thanks
Computer Configuration (Enabled)
    Windows Settings
        Security Settings
            Account Policies/Password Policy
                Enforce password history 24 passwords remembered 
                Maximum password age 42 days 
                Minimum password age 0 days 
                Minimum password length 7 characters 
                Password must meet complexity requirements Disabled 
                Store passwords using reversible encryption Disabled 

Local Policies/Security Options
    Interactive Logon
        Interactive logon: Prompt user to change password before expiration 14 days

Open in new window

0
Comment
Question by:kylegreig
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 10

Accepted Solution

by:
ChopperCentury earned 334 total points
ID: 34890849
Your group policy may not be accepting the Local Policies.
Log into the server directly and look under Administrative Tools, Local Security Policies.
Expand Local Policies, and Security Options...make sure your Prompt user to change password option is configured.
0
 

Author Comment

by:kylegreig
ID: 34891068
Under Default Domain Controller Security settings it hadn't been defined.

I have now set it to 14 days - will this work?
0
 
LVL 10

Assisted Solution

by:ChopperCentury
ChopperCentury earned 334 total points
ID: 34891143
That should be the ticket.
To test....create a new test OU and test User inside of that OU, along with a test GPO assigned to that OU and set the maximum password age of anything less than 14 in the GPO. Try logging in with the test user and see if you get the warning to reset your password.
0
U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

 
LVL 11

Expert Comment

by:Rory de Leur
ID: 34892403
Do you have a policy/setting that disables all balloon notifications?

Check these keys and remove them if you find them (the default settings will be put in place again):
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\TaskbarNoNotification
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\TaskbarNoNotification
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\EnableBalloonTips

Don't forget to reboot..
0
 
LVL 38

Assisted Solution

by:ChiefIT
ChiefIT earned 166 total points
ID: 34893716
The only policies that will work for a password policy are LOCAL and the default domain policy:

Also, in AD users and computers, there is a checkbox under each user account that says "password never expires". That overrides the default domain policy and the local policy.
0
 
LVL 5

Expert Comment

by:NARANTHIRAN
ID: 34894132
Run gpupdate in the command prompt to update the Group policy what u have done.
0
 

Author Comment

by:kylegreig
ID: 35122863
ChopperCentury's posts sorted it out and ChiefIT's post helped with understanding. Please mark as accepted solution.
0

Featured Post

PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We asked our MSP customer base what their favorite tools were and how they help them serve clients. We focused our questions on favorite tools in the following categories: >PSA tools >RMM tools >Alert management tools >Communication tools and Mo…
If you are IT support and need to work after hours to resolve customer issues then here are a few tips on how to handle after hours support
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question