Announcement

Collapse
No announcement yet.

Prompt user to change password

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Prompt user to change password

    In our default domain policy, we have set the "Interactive Logon: Prompt user to change password before expiration" to 10 Days.
    But, for some reason, no one gets prompted to change their password until the day it's expired.

    At some point in the past, a co-worker had reset the value to '0' to disable the prompt (because of user complaints). But we started getting more complaints that the users were not getting any warning. So I set the value to "10", but still, the prompts do not happen.

    I have run RSOP on several client machines and the proper gpo is applied with the value for this item as "10", so I know the gpo is being applied correctly. I just can't figure out why it's not working.

    Oh, and this is a single domain in a single forest. Functional level is 2003. All clients are XP SP2.

    Does anyone have any suggestions?
    Thanks,
    Jason L.

  • #2
    Re: Prompt user to change password

    Are you sure you changed this value in default domain policy? Because password policies are only exeption to apply rules of gpo, that is, default domain policy always overrides password settings from other gpo's.

    Comment


    • #3
      Re: Prompt user to change password

      Also, have you tried gpupdate /force on local clients?
      ** Remember to give credit where credit is due and leave reputation points where appropriate **

      Comment


      • #4
        Re: Prompt user to change password

        All of our account/password security settings are in the default domain policy.
        And I can verify that... when I run RSOP.msc on a client it shows that the "Prompt user to change password...." item is set to 10 days, and that it was inherited from the default domain policy.

        We also have all of our clients running gpupdate /force as part of the logon process (through a 3rd party utility).

        Again, I know the gpo is being applied to the clients, because RSOP is showing me that the client is getting the values from the default domain policy.

        Here are the other password policies:
        history = 2 passwords remembered
        max age = 90 days
        min age = 0 days
        min length = 6 chars
        complexity = enabled
        reversible encrypt = enabled

        I'm trying to figure out if there's anything I've overlooked.

        Thanks,

        Jason L

        Comment


        • #5
          Re: Prompt user to change password

          When the policy is applied to the clients, it will affect the local accounts existing in the 'Security Accounts Management' Database on every client.
          Because domain accounts exist in the Active Direcory, you must check if the policy is applied to the Domain Controllers.

          \Rems

          This posting is provided "AS IS" with no warranties, and confers no rights.

          __________________

          ** Remember to give credit where credit's due **
          and leave Reputation Points for meaningful posts

          Comment


          • #6
            Re: Prompt user to change password

            Hai all

            Jason

            as you have applied the GPO in the compuetr configuration the DEFAULT DOMAIN POLICY, try by checking the RSOP in the computers container in the ADUC

            In ADUC-computers- right click a compuetr- go to all task - select RSOP

            see whether the policy is showing or not

            because the policy applied in the computer configuration will only take effect if the compuetrs are in the computer container


            bye
            Balaji

            Have a good day

            Comment

            Working...
            X