Solved

Password Policy not prompting for expiration

Posted on 2011-02-14
8
1,195 Views
Last Modified: 2012-05-11
Hi Experts,

I have a SBS 2003 domain with 1 other server and ~20 workstations - windows 7 and windows xp (no vista).

None of my machines prompt when a password is about to expire, which is causing passwords to expire while users are away remotely.

I wrote out my group policy setup in the code attachment.

Does anyone have any ideas?

Thanks
Computer Configuration (Enabled)
    Windows Settings
        Security Settings
            Account Policies/Password Policy
                Enforce password history 24 passwords remembered 
                Maximum password age 42 days 
                Minimum password age 0 days 
                Minimum password length 7 characters 
                Password must meet complexity requirements Disabled 
                Store passwords using reversible encryption Disabled 

Local Policies/Security Options
    Interactive Logon
        Interactive logon: Prompt user to change password before expiration 14 days

Open in new window

0
Comment
Question by:kylegreig
8 Comments
 
LVL 10

Accepted Solution

by:
ChopperCentury earned 334 total points
ID: 34890849
Your group policy may not be accepting the Local Policies.
Log into the server directly and look under Administrative Tools, Local Security Policies.
Expand Local Policies, and Security Options...make sure your Prompt user to change password option is configured.
0
 

Author Comment

by:kylegreig
ID: 34891068
Under Default Domain Controller Security settings it hadn't been defined.

I have now set it to 14 days - will this work?
0
 
LVL 10

Assisted Solution

by:ChopperCentury
ChopperCentury earned 334 total points
ID: 34891143
That should be the ticket.
To test....create a new test OU and test User inside of that OU, along with a test GPO assigned to that OU and set the maximum password age of anything less than 14 in the GPO. Try logging in with the test user and see if you get the warning to reset your password.
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 
LVL 11

Expert Comment

by:Rory de Leur
ID: 34892403
Do you have a policy/setting that disables all balloon notifications?

Check these keys and remove them if you find them (the default settings will be put in place again):
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\TaskbarNoNotification
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\TaskbarNoNotification
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\EnableBalloonTips

Don't forget to reboot..
0
 
LVL 38

Assisted Solution

by:ChiefIT
ChiefIT earned 166 total points
ID: 34893716
The only policies that will work for a password policy are LOCAL and the default domain policy:

Also, in AD users and computers, there is a checkbox under each user account that says "password never expires". That overrides the default domain policy and the local policy.
0
 
LVL 5

Expert Comment

by:NARANTHIRAN
ID: 34894132
Run gpupdate in the command prompt to update the Group policy what u have done.
0
 

Author Comment

by:kylegreig
ID: 35122863
ChopperCentury's posts sorted it out and ChiefIT's post helped with understanding. Please mark as accepted solution.
0

Featured Post

Edgartown IT Case Study

Learn about Edgartown's quest to ensure the safety and security of the entire town's employee and citizen data. Read the case study!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

For both online and offline retail, the cross-channel business is the most recent pattern in the B2C trade space.
Learn how ViaSat reduced average response times for IT incidents from 10 minutes to 30 seconds.
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question