We help IT Professionals succeed at work.

Check out our new AWS podcast with Certified Expert, Phil Phillips! Listen to "How to Execute a Seamless AWS Migration" on EE or on your favorite podcast platform. Listen Now


Windows 7 Password Expiration - VBS Script

tmaususer asked
Medium Priority
Last Modified: 2012-05-11
I run AD via windows 2003 server. I (like most) found the following vbs script to run due to windows 7 machines only showing a ballon tip regarding password expiration. I need an actual msg box like XP machines prompting users. The only thing I changed with the script is the name. I have everything setup per the instructions and after running a gpupdate I receive no errors in my event log. However, when I log in with a machine that I know the password is about to expire the script does not seem to execute. Is there something a need to add in the scrtipt (sorry - no experience with .vbs).

It goes in the GPO - User Config - Policies - Admin Templates - System - Logon - Run these programs at user logon. You will also need to add the folder location to IE Trusted Sites to avoid having a popup asking if it should run the script.
' First, get the domain policy.
Dim oDomain
Dim oUser
Dim maxPwdAge
Dim numDays
Dim warningDays
warningDays = 6

Set LoginInfo = CreateObject("ADSystemInfo")
Set objUser = GetObject("LDAP://" & LoginInfo.UserName & "")
strDomainDN = UCase(LoginInfo.DomainDNSName)
strUserDN = LoginInfo.UserName

Set oDomain = GetObject("LDAP://" & strDomainDN)
Set maxPwdAge = oDomain.Get("maxPwdAge")
' Calculate the number of days that are
' held in this value.
numDays = CCur((maxPwdAge.HighPart * 2 ^ 32) + _
maxPwdAge.LowPart) / CCur(-864000000000)
'WScript.Echo "Maximum Password Age: " & numDays

' Determine the last time that the user
' changed his or her password.
Set oUser = GetObject("LDAP://" & strUserDN)
' Add the number of days to the last time
' the password was set.
whenPasswordExpires = DateAdd("d", numDays, oUser.PasswordLastChanged)
fromDate = Date
daysLeft = DateDiff("d",fromDate,whenPasswordExpires)

'WScript.Echo "Password Last Changed: " & oUser.PasswordLastChanged
if (daysLeft < warningDays) and (daysLeft > -1) then
Msgbox "Password Expires in " & daysLeft & " day(s)" & " at " & whenPasswordExpires & chr(13) & chr(13) & "Once logged in, press CTRL-ALT-DEL and" & chr(13) & "select the 'Change a password' option", 0, "PASSWORD EXPIRATION WARNING!"
End if
' Clean up.
Set oUser = Nothing
Set maxPwdAge = Nothing
Set oDomain = Nothing
Watch Question

Unlock this solution and get a sample of our free trial.
(No credit card required)


It looks like the policy is getting applied but I am receiving the following error on the script.


Unlock the solution to this question.
Thanks for using Experts Exchange.

Please provide your email to receive a sample view!

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.