?
Solved

Password Policy not prompting for expiration

Posted on 2011-02-14
8
Medium Priority
?
1,198 Views
Last Modified: 2012-05-11
Hi Experts,

I have a SBS 2003 domain with 1 other server and ~20 workstations - windows 7 and windows xp (no vista).

None of my machines prompt when a password is about to expire, which is causing passwords to expire while users are away remotely.

I wrote out my group policy setup in the code attachment.

Does anyone have any ideas?

Thanks
Computer Configuration (Enabled)
    Windows Settings
        Security Settings
            Account Policies/Password Policy
                Enforce password history 24 passwords remembered 
                Maximum password age 42 days 
                Minimum password age 0 days 
                Minimum password length 7 characters 
                Password must meet complexity requirements Disabled 
                Store passwords using reversible encryption Disabled 

Local Policies/Security Options
    Interactive Logon
        Interactive logon: Prompt user to change password before expiration 14 days

Open in new window

0
Comment
Question by:kylegreig
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 10

Accepted Solution

by:
ChopperCentury earned 1336 total points
ID: 34890849
Your group policy may not be accepting the Local Policies.
Log into the server directly and look under Administrative Tools, Local Security Policies.
Expand Local Policies, and Security Options...make sure your Prompt user to change password option is configured.
0
 

Author Comment

by:kylegreig
ID: 34891068
Under Default Domain Controller Security settings it hadn't been defined.

I have now set it to 14 days - will this work?
0
 
LVL 10

Assisted Solution

by:ChopperCentury
ChopperCentury earned 1336 total points
ID: 34891143
That should be the ticket.
To test....create a new test OU and test User inside of that OU, along with a test GPO assigned to that OU and set the maximum password age of anything less than 14 in the GPO. Try logging in with the test user and see if you get the warning to reset your password.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 11

Expert Comment

by:Rory de Leur
ID: 34892403
Do you have a policy/setting that disables all balloon notifications?

Check these keys and remove them if you find them (the default settings will be put in place again):
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\TaskbarNoNotification
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\TaskbarNoNotification
- HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\EnableBalloonTips

Don't forget to reboot..
0
 
LVL 39

Assisted Solution

by:ChiefIT
ChiefIT earned 664 total points
ID: 34893716
The only policies that will work for a password policy are LOCAL and the default domain policy:

Also, in AD users and computers, there is a checkbox under each user account that says "password never expires". That overrides the default domain policy and the local policy.
0
 
LVL 5

Expert Comment

by:NARANTHIRAN
ID: 34894132
Run gpupdate in the command prompt to update the Group policy what u have done.
0
 

Author Comment

by:kylegreig
ID: 35122863
ChopperCentury's posts sorted it out and ChiefIT's post helped with understanding. Please mark as accepted solution.
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When the s#!t hits the fan, you don’t have time to look up who’s on call, draft emails, call collaborators, or send text messages. An instant chat window is definitely the way to go, especially one like HipChat. HipChat is a true business app. An…
New style of hardware planning for Microsoft Exchange server.
Two types of users will appreciate AOMEI Backupper Pro: 1 - Those with PCIe drives (and haven't found cloning software that works on them). 2 - Those who want a fast clone of their boot drive (no re-boots needed) and it can clone your drive wh…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question