I run AD via windows 2003 server. I (like most) found the following vbs script to run due to windows 7 machines only showing a ballon tip regarding password expiration. I need an actual msg box like XP machines prompting users. The only thing I changed with the script is the name. I have everything setup per the instructions and after running a gpupdate I receive no errors in my event log. However, when I log in with a machine that I know the password is about to expire the script does not seem to execute. Is there something a need to add in the scrtipt (sorry - no experience with .vbs).
It goes in the GPO - User Config - Policies - Admin Templates - System - Logon - Run these programs at user logon. You will also need to add the folder location to IE Trusted Sites to avoid having a popup asking if it should run the script.
' First, get the domain policy.
warningDays = 6
Set LoginInfo = CreateObject("ADSystemInfo")
Set objUser = GetObject("LDAP://" & LoginInfo.UserName & "")
strDomainDN = UCase(LoginInfo.DomainDNSName)
strUserDN = LoginInfo.UserName
Set oDomain = GetObject("LDAP://" & strDomainDN)
Set maxPwdAge = oDomain.Get("maxPwdAge")
' Calculate the number of days that are
' held in this value.
numDays = CCur((maxPwdAge.HighPart * 2 ^ 32) + _
maxPwdAge.LowPart) / CCur(-864000000000)
'WScript.Echo "Maximum Password Age: " & numDays
' Determine the last time that the user
' changed his or her password.
Set oUser = GetObject("LDAP://" & strUserDN)
' Add the number of days to the last time
' the password was set.
whenPasswordExpires = DateAdd("d", numDays, oUser.PasswordLastChanged)
fromDate = Date
daysLeft = DateDiff("d",fromDate,whenPasswordExpires)
'WScript.Echo "Password Last Changed: " & oUser.PasswordLastChanged
if (daysLeft < warningDays) and (daysLeft > -1) then
Msgbox "Password Expires in " & daysLeft & " day(s)" & " at " & whenPasswordExpires & chr(13) & chr(13) & "Once logged in, press CTRL-ALT-DEL and" & chr(13) & "select the 'Change a password' option", 0, "PASSWORD EXPIRATION WARNING!"
' Clean up.
Set oUser = Nothing
Set maxPwdAge = Nothing
Set oDomain = Nothing