Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Active directory - password about to expire

Posted on 2012-03-18
5
Medium Priority
?
311 Views
Last Modified: 2012-03-19
Hi AD experts,

When I log into my computer in the office and get a messaging saying "password is about to expire, would you like to change it now" is that controlled on the AD server? Our AD servers are windows 2008.

Is there also a place within AD to say how many days in advance before sending the notifications?
0
Comment
Question by:trojan81
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
5 Comments
 
LVL 23

Accepted Solution

by:
yo_bee earned 2000 total points
ID: 37735372
Question 1:
This is controlled by Policies either Local or via Group Policies in AD.
Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\

Question 2:
This is the Registry setting that needs to be adjusted for the number of days before the password expires notification.

http://www.techrepublic.com/article/change-the-timing-of-the-password-expires-message-in-windows/5519795

Open the Windows registry.

Create or modify the key: PasswordExpiryWarning" in

"HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon.

Enter the value (number of days before password expires that you want to notify users) and click the appropriate decimal or hexadecimal radio button (for example, e in hexadecimal equals 14 days).
0
 
LVL 23

Expert Comment

by:yo_bee
ID: 37735702
Here is a screenshot of the GPO setting.

Computer Configuration > Windows Settings > Policy Settings > Security Settings > Account Policy > Password Policy

GPO Settings
0
 
LVL 23

Expert Comment

by:yo_bee
ID: 37735800
Here is the GPO setting to change the notification.

Computer Configuration > Windows Settings > Policy Settings > Security Settings > Local Policy > Security Option > Interactive Logon : Prompt User to Change Password Before:

GPO For Notification
0
 

Author Closing Comment

by:trojan81
ID: 37736310
WEll done!
0
 
LVL 23

Expert Comment

by:yo_bee
ID: 37737058
Thank you.

hope it was not cryptic in my first reply.
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
Let's recap what we learned from yesterday's Skyport Systems webinar.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question