Windows 2012 server - how to set user password for change every 6 months

I see under user settings on our server where I can have the user change their password the next time they log in, but is it possible to have this automatically happen every 6 months for all users and if so can they get a warning the day before?
Thanks
Mike
Mike-LFCAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

BufferstopCommented:
You can change the setting in Group Policy to make user change their password every 6 month.

You can create a script that runs though Group Policy that pops up some information on the screen the day before they change the password.
Jeremy WeisingerSenior Network Consultant / EngineerCommented:
If you set this policy, Windows will notify users when their password will expire soon.

Note that if you set this policy and users have not changed their password in the specified period of time, it will prompt them at next logon.
Mike-LFCAuthor Commented:
Do i need to set this group policy on each workstation or on one of the two active directory servers?  Until now we have not needed to use group policy for anything but the environment has changed.  How do you do this in group policy?
Jeremy WeisingerSenior Network Consultant / EngineerCommented:
If you have an Active Directory environment, then setting this in the Default Domain Policy is where you would want to do this.

Assuming you have an Active Directory domain and it's Windows 2008 or newer, here are the steps:

1. Open Group Policy Management
2. Expand Forest -> Domains -> domain name
3. Right-click on the Default Domain Policy and select Edit
4. Expand Computer Configuration\Policies\Windows Settings\Security Settings\Account Policies\Password Policy
5. Edit the settings to you requirements.

Note: do not enable "Store passwords using reversible encryption". This is there for backwards compatibility and weakens the password storage.

If you do not have a domain environment, you must edit the Local Security Policy on each machine. If you have a lot of machines then it is possible to copy the policy from one computer to others.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2012

From novice to tech pro — start learning today.