whoam
asked on
Windows 7 Password Expiration
If a user waits until his/her password expires during the day, while they are away and their PC is locked, the system tells them their password has expired but presents no apparent way to change the password. There is only the Cancel or the Switch User buttons to press and of course the user name and password. Entering in a password only tells them their password has expired. What am I missing?
This is a XenDesktop 5.6 VDI environment.
This is a XenDesktop 5.6 VDI environment.
As I remember there is a GPO which controlls if a user is capable to change the password of an expired account or if the system just denies the access.
New password prompt can be get for expired password only when you try to logon to your workstation
If user has locked his workstation, it means he is still logged on and system will never enforce password change while user logged on.
If user has locked his workstation, it means he is still logged on and system will never enforce password change while user logged on.
ASKER
Mahesh,
Making sure I understand. If a password expires during the day and the user then locks his or her workstations, they do not have any means of changing the password. They must reboot the workstation and log in 'new' before they can change their password.
Is this correct?
Making sure I understand. If a password expires during the day and the user then locks his or her workstations, they do not have any means of changing the password. They must reboot the workstation and log in 'new' before they can change their password.
Is this correct?
If user session is locked during \ after password expiry, they won't get prompted for password change
However if they logged off \ reboot after password expires they should be prompted to change their password
Mahesh.
However if they logged off \ reboot after password expires they should be prompted to change their password
Mahesh.
ASKER
Mahesh,
That seems like a poor design. I know it wasn't your or my idea, just seems odd that MS would make it so you have to hard boot a station, lose your work, just to change a password. Seems like you'd make a mechanism to be able to enter the old password, then the new one into a locked station.
I assume this can't be changed by GPO?
Thanks!
That seems like a poor design. I know it wasn't your or my idea, just seems odd that MS would make it so you have to hard boot a station, lose your work, just to change a password. Seems like you'd make a mechanism to be able to enter the old password, then the new one into a locked station.
I assume this can't be changed by GPO?
Thanks!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
OK, at least with minimum and maximum password age policies you should produce a warning, when the password will retire shortly.
If you are connected to a network, you can logon from a different machine (of for domain into a domain controller), change the password there for the locked user and you should be able to logon from the locked machine again.
A work around not to loose our work, but havn't tested it.
If you are connected to a network, you can logon from a different machine (of for domain into a domain controller), change the password there for the locked user and you should be able to logon from the locked machine again.
A work around not to loose our work, but havn't tested it.
ASKER
Yeah, we have warning set, but you know no one looks at those.
We have VDI, so logging into a differnet endpoint just brings up the sames session.
I don't see a way to log out once locked. Anyway, log out or reboot, work is gone.
Crummy design.
We have VDI, so logging into a differnet endpoint just brings up the sames session.
I don't see a way to log out once locked. Anyway, log out or reboot, work is gone.
Crummy design.
ASKER