Windows 7 Password Expiration Notification

Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic

   Hi All,

I am posting this in the hope that someone here would be able to answer a question that has been a problem for some time...

Windows 7 (And Vista) have changed the way users are notified of upcoming password expiration events - the prompt which XP used to show as: "Your password will expire in xx days - would you like to change your password now?"

In Windows 7 the password expiry notification doesn't appear during logon but rather as a balloon notification in the notification area after the user is logged on.

My problem is that this balloon is not prominent enough and it's increasing the number of account lockouts for remote workers. (They can't change passwords remotely)

MS has suggested that the only way to change this is by coding a change to the Credential Provider but this is a complicated and cumbersome solution.

Anyone else experienced this problem or perhaps even aware of a solution?

Thanks a lot,
Milan

Author	Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic
MilanS Members Profile Send Private Message Find Members Posts Add to Buddy List Newbie Joined: 25 April 2010 Status: Offline Points: 1	Post Options Post Reply Quote MilanS Report Post Thanks(0) Quote Reply Topic: Windows 7 Password Expiration Notification Posted: 25 April 2010 at 1:43pm
	Hi All, I am posting this in the hope that someone here would be able to answer a question that has been a problem for some time... Windows 7 (And Vista) have changed the way users are notified of upcoming password expiration events - the prompt which XP used to show as: "Your password will expire in xx days - would you like to change your password now?" In Windows 7 the password expiry notification doesn't appear during logon but rather as a balloon notification in the notification area after the user is logged on. My problem is that this balloon is not prominent enough and it's increasing the number of account lockouts for remote workers. (They can't change passwords remotely) MS has suggested that the only way to change this is by coding a change to the Credential Provider but this is a complicated and cumbersome solution. Anyone else experienced this problem or perhaps even aware of a solution? Thanks a lot, Milan

covski Members Profile Send Private Message Find Members Posts Add to Buddy List Newbie Joined: 14 July 2010 Status: Offline Points: 1	Post Options Post Reply Quote covski Report Post Thanks(0) Quote Reply Posted: 14 July 2010 at 1:27pm
	Hi, I'm seeing the same issue - Windows 7 users don't get prompted when their password is due to expire. I've read a number of articles online that suggest the need to show the action center and balloon notifications (Things that we'd hidden via GPO). Allowing these, along with setting the GPO to wait for the network at login have not helped. I came across another article which gives a VBS script that can be run at logon via GPO, the purpose of which is to generate a pop up box warning that the password is due to expire (Code at the bottom). This does work, but I don't really want to have to start messing around with files to run at logon. So, I have a workaround that I don't want to use. Does anyone have a better solution? Thanks Steve '======================================== ' First, get the domain policy. '======================================== Dim oDomain Dim oUser Dim maxPwdAge Dim numDays Dim warningDays warningDays = 6 Set LoginInfo = CreateObject("ADSystemInfo") Set objUser = GetObject("LDAP://" & LoginInfo.UserName & "") strDomainDN = UCase(LoginInfo.DomainDNSName) strUserDN = LoginInfo.UserName Set oDomain = GetObject("LDAP://" & strDomainDN) Set maxPwdAge = oDomain.Get("maxPwdAge") '======================================== ' Calculate the number of days that are ' held in this value. '======================================== numDays = CCur((maxPwdAge.HighPart * 2 ^ 32) + _ maxPwdAge.LowPart) / CCur(-864000000000) 'WScript.Echo "Maximum Password Age: " & numDays '======================================== ' Determine the last time that the user ' changed his or her password. '======================================== Set oUser = GetObject("LDAP://" & strUserDN) '======================================== ' Add the number of days to the last time ' the password was set. '======================================== whenPasswordExpires = DateAdd("d", numDays, oUser.PasswordLastChanged) fromDate = Date daysLeft = DateDiff("d",fromDate,whenPasswordExpires) 'WScript.Echo "Password Last Changed: " & oUser.PasswordLastChanged if (daysLeft < warningDays) and (daysLeft > -1) then Msgbox "Password Expires in " & daysLeft & " day(s)" & " at " & whenPasswordExpires & chr(13) & chr(13) & "Once logged in, press CTRL-ALT-DEL and" & chr(13) & "select the 'Change a password' option", 0, "PASSWORD EXPIRATION WARNING!" End if '======================================== ' Clean up. '======================================== Set oUser = Nothing Set maxPwdAge = Nothing Set oDomain = Nothing

esimjo Members Profile Send Private Message Find Members Posts Add to Buddy List Newbie Joined: 11 March 2011 Status: Offline Points: 1	Post Options Post Reply Quote esimjo Report Post Thanks(0) Quote Reply Posted: 10 November 2011 at 10:57pm
	Have you check SYNERGIX Active Directory Client Extensions ? It has password expiration notification feature that works even when the computer is offline from Active Directory. The product is designed mostly for remote users establishing VPN connection to their corporate network. http://www.synergix.com/adCE-screenshots.aspx http://www.synergix.com

c9876 Members Profile Send Private Message Find Members Posts Add to Buddy List Newbie Joined: 25 May 2012 Status: Offline Points: 1	Post Options Post Reply Quote c9876 Report Post Thanks(0) Quote Reply Posted: 25 May 2012 at 2:14am
	Excellent suggestion. Synergix AD Client Extensions is loaded with features to address issues surrounding remote users. They let you run computer startup script even when the computer starts offline from corporate network. The computer startup and the user logon scripts run after the user logs on ( with cached credentials ) and later on, establishes vpn connection

Jesse1113 Members Profile Send Private Message Find Members Posts Add to Buddy List Newbie Joined: 15 August 2012 Status: Offline Points: 1	Post Options Post Reply Quote Jesse1113 Report Post Thanks(0) Quote Reply Posted: 15 August 2012 at 3:13am
	Yes, known issue of Windows 7. Hopefully they will fix it in Windows 8. NetWrix offers a tool called Password Expiration Notifier (www.netwrix.com) to address this exact problem by regularly checking specified AD domains for passwords that are about to expire, and notifying users via automated E-mails about those pending expirations.

jonathan cauthorn Members Profile Send Private Message Find Members Posts Add to Buddy List Newbie Joined: 14 March 2013 Status: Offline Points: 1	Post Options Post Reply Quote jonathan cauthorn Report Post Thanks(0) Quote Reply Posted: 14 March 2013 at 10:12pm
	I had a similar need and was able to modify this for my needs. What I needed was a way to check to see if users have changed a password since a specific date, and if they haven't, ask them to change their password. This is necessary for Google Apps Password Sync (GAPS). We don't want to just expire everyone's passwords, but only require the password to change when someone is logging in locally to the workstation. Here's my modifications: '===== ' PasswordChange.vbs ' by Jonathan Cauthorn, 2013-03-14 ' Modified from a script at: ' http://community.spiceworks.com/scripts/show/1594-password-expiration-pop-up-for-windows-7 ' If the user has not changed their password since this date we will prompt them to change it. ' If they have canged it since this date we will simply exit. pwMustChangeSinceDate = "03/13/2013" Dim oDomain Dim oUser ' Get user LDAP object Set LoginInfo = CreateObject("ADSystemInfo") Set objUser = GetObject("LDAP://" & LoginInfo.UserName & "") 'WScript.Echo "UserName: " & LoginInfo.UserName ' Get Domain DNS name strDomainDN = UCase(LoginInfo.DomainDNSName) strUserDN = LoginInfo.UserName 'WScript.Echo "Domain DNS Name: " & LoginInfo.DomainDNSName & vbCrLf & strUserDN '======================================== ' Determine the last time that the user ' changed their password. '======================================== Set oUser = GetObject("LDAP://" & strUserDN) '======================================== ' Get the PasswordLastChanged Date '======================================== pwChanged = DateDiff("d",pwMustChangeSinceDate,oUser.PasswordLastChanged) 'WScript.Echo "Password Last Changed and days left: " & vbCrLf & oUser.PasswordLastChanged & vbCrLf & pwChanged ' If password hasn't been changed since the Must Change date, prompt the user if (pwChanged < 1) then Msgbox "You must change your password now. It was last changed on: " & vbCrLf & oUser.PasswordLastChanged & vbCrLf & "Press CTRL + ALT + DEL and select the 'Change a password' option.", vbCritical, "Password Expiration Warning!" End if '======================================== ' Clean up. '======================================== Set oUser = Nothing Set maxPwdAge = Nothing Set oDomain = Nothing '===== Open in Google Docs Viewer Open link in new tab Open link in new window Open link in new incognito window Download file Copy link address Edit PDF File on PDFescape.com