Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Windows 7 Password Expiration

Posted on 2014-04-10
9
Medium Priority
?
1,825 Views
Last Modified: 2014-04-16
If a user waits until his/her password expires during the day, while they are away and their PC is locked, the system tells them their password has expired but presents no apparent way to change the password.  There is only the Cancel or the Switch User buttons to press and of course the user name and password.  Entering in a password only tells them their password has expired.  What am I missing?

This is a XenDesktop 5.6 VDI environment.
0
Comment
Question by:whoam
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
9 Comments
 

Author Comment

by:whoam
ID: 39992896
If they login 'fresh' and need to change an expired password, they are fine.  The Netscaler takes them through a wizard.  This is only if the password expries after they have logged in and the station locks.
0
 
LVL 35

Expert Comment

by:Bembi
ID: 39992902
As I remember there is a GPO which controlls if a user is capable to change the password of an expired account or if the system just denies the access.
0
 
LVL 37

Expert Comment

by:Mahesh
ID: 39992917
New password prompt can be get for expired password only when you try to logon to your workstation

If user has locked his workstation, it means he is still logged on and system will never enforce password change while user logged on.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:whoam
ID: 40002634
Mahesh,

Making sure I understand.  If a password expires during the day and the user then locks his or her workstations, they do not have any means of changing the password.  They must reboot the workstation and log in 'new' before they can change their password.

Is this correct?
0
 
LVL 37

Expert Comment

by:Mahesh
ID: 40003193
If user session is locked during \ after password expiry, they won't get prompted for password change

However if they logged off \ reboot after password expires they should be prompted to change their password

Mahesh.
0
 

Author Comment

by:whoam
ID: 40003281
Mahesh,

That seems like a poor design.  I know it wasn't your or my idea, just seems odd that MS would make it so you have to hard boot a station, lose your work, just to change a password.  Seems like you'd make a mechanism to be able to enter the old password, then the new one into a locked station.  

I assume this can't be changed by GPO?

Thanks!
0
 
LVL 37

Accepted Solution

by:
Mahesh earned 2000 total points
ID: 40003852
You don't have to reboot machine

Logoff and logon will work

There is no mechanism available with GPO as far as I know

Mahesh.
0
 
LVL 35

Expert Comment

by:Bembi
ID: 40004744
OK, at least with minimum and maximum password age policies you should produce a warning, when the password will retire shortly.

If you are connected to a network, you can logon from a different machine (of for domain into a domain controller), change the password there for the locked user and you should be able to logon from the locked machine again.

A work around not to loose our work, but havn't tested it.
0
 

Author Comment

by:whoam
ID: 40004930
Yeah, we have warning set, but you know no one looks at those.

We have VDI, so logging into a differnet endpoint just brings up the sames session.

I don't see a way to log out once locked.  Anyway, log out or reboot, work is gone.

Crummy design.
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
How to deal with a specific error when using the Enable-RemoteMailbox cmdlet to create a mailbox in the cloud-based service, for an existing user in an on-premises Active Directory.
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question