Solved

Password Policy not prompting for expiration

Posted on 2011-02-14
8
1,196 Views
Last Modified: 2012-05-11
Hi Experts,

I have a SBS 2003 domain with 1 other server and ~20 workstations - windows 7 and windows xp (no vista).

None of my machines prompt when a password is about to expire, which is causing passwords to expire while users are away remotely.

I wrote out my group policy setup in the code attachment.

Does anyone have any ideas?

Thanks
Computer Configuration (Enabled)
    Windows Settings
        Security Settings
            Account Policies/Password Policy
                Enforce password history 24 passwords remembered 
                Maximum password age 42 days 
                Minimum password age 0 days 
                Minimum password length 7 characters 
                Password must meet complexity requirements Disabled 
                Store passwords using reversible encryption Disabled 

Local Policies/Security Options
    Interactive Logon
        Interactive logon: Prompt user to change password before expiration 14 days

Open in new window

0
Comment
Question by:kylegreig
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 10

Accepted Solution

by:
ChopperCentury earned 334 total points
ID: 34890849
Your group policy may not be accepting the Local Policies.
Log into the server directly and look under Administrative Tools, Local Security Policies.
Expand Local Policies, and Security Options...make sure your Prompt user to change password option is configured.
0
 

Author Comment

by:kylegreig
ID: 34891068
Under Default Domain Controller Security settings it hadn't been defined.

I have now set it to 14 days - will this work?
0
 
LVL 10

Assisted Solution

by:ChopperCentury
ChopperCentury earned 334 total points
ID: 34891143
That should be the ticket.
To test....create a new test OU and test User inside of that OU, along with a test GPO assigned to that OU and set the maximum password age of anything less than 14 in the GPO. Try logging in with the test user and see if you get the warning to reset your password.
0
Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

 
LVL 11

Expert Comment

by:Rory de Leur
ID: 34892403
Do you have a policy/setting that disables all balloon notifications?

Check these keys and remove them if you find them (the default settings will be put in place again):
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\TaskbarNoNotification
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\TaskbarNoNotification
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\EnableBalloonTips

Don't forget to reboot..
0
 
LVL 38

Assisted Solution

by:ChiefIT
ChiefIT earned 166 total points
ID: 34893716
The only policies that will work for a password policy are LOCAL and the default domain policy:

Also, in AD users and computers, there is a checkbox under each user account that says "password never expires". That overrides the default domain policy and the local policy.
0
 
LVL 5

Expert Comment

by:NARANTHIRAN
ID: 34894132
Run gpupdate in the command prompt to update the Group policy what u have done.
0
 

Author Comment

by:kylegreig
ID: 35122863
ChopperCentury's posts sorted it out and ChiefIT's post helped with understanding. Please mark as accepted solution.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Dramatic changes are revolutionizing how we build and use technology. Every company is automating, digitizing, and modernizing operations. We need a better, more connected way to work together as teams so we can harness the insights from our system…
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
How to Install VMware Tools in Red Hat Enterprise Linux 6.4 (RHEL 6.4) Step-by-Step Tutorial

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question