Sysinternals Homepage
Forum Home Forum Home > Windows Discussions > Troubleshooting
  New Posts New Posts RSS Feed - Windows 7 Password Expiration Notification
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

Windows 7 Password Expiration Notification

 Post Reply Post Reply
Author
Message
MilanS View Drop Down
Newbie
Newbie
Avatar

Joined: 25 April 2010
Status: Offline
Points: 1
Post Options Post Options   Thanks (0) Thanks(0)   Quote MilanS Quote  Post ReplyReply Direct Link To This Post Topic: Windows 7 Password Expiration Notification
    Posted: 25 April 2010 at 1:43pm
Hi All,

I am posting this in the hope that someone here would be able to answer a question that has been a problem for some time...

Windows 7 (And Vista) have changed the way users are notified of upcoming password expiration events - the prompt which XP used to show as: "Your password will expire in xx days - would you like to change your password now?"

In Windows 7 the password expiry notification doesn't appear during logon but rather as a balloon notification in the notification area after the user is logged on.

My problem is that this balloon is not prominent enough and it's increasing the number of account lockouts for remote workers. (They can't change passwords remotely)

MS has suggested that the only way to change this is by coding a change to the Credential Provider but this is a complicated and cumbersome solution.

Anyone else experienced this problem or perhaps even aware of a solution?

Thanks a lot,
Milan
Back to Top
covski View Drop Down
Newbie
Newbie


Joined: 14 July 2010
Status: Offline
Points: 1
Post Options Post Options   Thanks (0) Thanks(0)   Quote covski Quote  Post ReplyReply Direct Link To This Post Posted: 14 July 2010 at 1:27pm
Hi,

I'm seeing the same issue - Windows 7 users don't get prompted when their password is due to expire.  I've read a number of articles online that suggest the need to show the action center and balloon notifications (Things that we'd hidden via GPO).  Allowing these, along with setting the GPO to wait for the network at login have not helped.

I came across another article which gives a VBS script that can be run at logon via GPO, the purpose of which is to generate a pop up box warning that the password is due to expire (Code at the bottom).  This does work, but I don't really want to have to start messing around with files to run at logon.

So, I have a workaround that I don't want to use.

Does anyone have a better solution?

Thanks

Steve

'========================================
    ' First, get the domain policy.
    '========================================
    Dim oDomain
    Dim oUser
    Dim maxPwdAge
    Dim numDays
    Dim warningDays

    warningDays = 6
   
    Set LoginInfo = CreateObject("ADSystemInfo")  
    Set objUser = GetObject("LDAP://" & LoginInfo.UserName & "")  
    strDomainDN = UCase(LoginInfo.DomainDNSName) 
    strUserDN = LoginInfo.UserName

    
    Set oDomain = GetObject("LDAP://" & strDomainDN)
    Set maxPwdAge = oDomain.Get("maxPwdAge")

    '========================================
    ' Calculate the number of days that are
    ' held in this value.
    '========================================
    numDays = CCur((maxPwdAge.HighPart * 2 ^ 32) + _
                    maxPwdAge.LowPart) / CCur(-864000000000)
    'WScript.Echo "Maximum Password Age: " & numDays
    
    '========================================
    ' Determine the last time that the user
    ' changed his or her password.
    '========================================
    Set oUser = GetObject("LDAP://" & strUserDN)

    '========================================
    ' Add the number of days to the last time
    ' the password was set.
    '========================================
    whenPasswordExpires = DateAdd("d", numDays, oUser.PasswordLastChanged)
    fromDate = Date
    daysLeft = DateDiff("d",fromDate,whenPasswordExpires)
    
    'WScript.Echo "Password Last Changed: " & oUser.PasswordLastChanged

    if (daysLeft < warningDays) and (daysLeft > -1) then
        Msgbox"Password Expires in " & daysLeft & " day(s)" & " at " & whenPasswordExpires & chr(13) & chr(13) & "Once logged in, press CTRL-ALT-DEL and" & chr(13) & "select the 'Change a password' option", 0, "PASSWORD EXPIRATION WARNING!"
    Endif

    '========================================
    ' Clean up.
    '========================================
    Set oUser = Nothing
    Set maxPwdAge = Nothing
    Set oDomain = Nothing

Back to Top
esimjo View Drop Down
Newbie
Newbie


Joined: 11 March 2011
Status: Offline
Points: 1
Post Options Post Options   Thanks (0) Thanks(0)   Quote esimjo Quote  Post ReplyReply Direct Link To This Post Posted: 10 November 2011 at 10:57pm
Have you check SYNERGIX Active Directory Client Extensions ? 
 
It has password expiration notification feature that works even when the computer is offline from Active Directory.  The product is designed mostly for remote users establishing VPN connection to their corporate network.
 
 
 
 
Back to Top
c9876 View Drop Down
Newbie
Newbie


Joined: 25 May 2012
Status: Offline
Points: 1
Post Options Post Options   Thanks (0) Thanks(0)   Quote c9876 Quote  Post ReplyReply Direct Link To This Post Posted: 25 May 2012 at 2:14am
Excellent suggestion.  

Synergix AD Client Extensions is loaded with features to address issues surrounding remote users.  They let you run computer startup script even when the computer starts offline from corporate network. The computer startup and the user logon scripts run after the user logs on ( with cached credentials ) and later on, establishes vpn connection
Back to Top
Jesse1113 View Drop Down
Newbie
Newbie


Joined: 15 August 2012
Status: Offline
Points: 1
Post Options Post Options   Thanks (0) Thanks(0)   Quote Jesse1113 Quote  Post ReplyReply Direct Link To This Post Posted: 15 August 2012 at 3:13am
Yes, known issue of Windows 7. Hopefully they will fix it in Windows 8. NetWrix offers a tool called Password Expiration Notifier (www.netwrix.com) to address this exact problem by regularly checking specified AD domains for passwords that are about to expire, and notifying users via automated E-mails about those pending expirations.
Back to Top
jonathan cauthorn View Drop Down
Newbie
Newbie


Joined: 14 March 2013
Status: Offline
Points: 1
Post Options Post Options   Thanks (0) Thanks(0)   Quote jonathan cauthorn Quote  Post ReplyReply Direct Link To This Post Posted: 14 March 2013 at 10:12pm
  •  I had a similar need and was able to modify this for my needs. What I needed was a way to check to see if users have changed a password since a specific date, and if they haven't, ask them to change their password. This is necessary for Google Apps Password Sync (GAPS). We don't want to just expire everyone's passwords, but only require the password to change when someone is logging in locally to the workstation. Here's my modifications:

    '=====
    ' PasswordChange.vbs
    ' by Jonathan Cauthorn, 2013-03-14
    ' Modified from a script at:
    ' http://community.spiceworks.com/scripts/show/1594-password-expiration-pop-up-for-windows-7
    ' If the user has not changed their password since this date we will prompt them to change it.
    ' If they have canged it since this date we will simply exit.

    pwMustChangeSinceDate = "03/13/2013"
    Dim oDomain
    Dim oUser

    ' Get user LDAP object
    Set LoginInfo = CreateObject("ADSystemInfo")
    Set objUser = GetObject("LDAP://" & LoginInfo.UserName & "")
    'WScript.Echo "UserName: " & LoginInfo.UserName

    ' Get Domain DNS name
    strDomainDN = UCase(LoginInfo.DomainDNSName)
    strUserDN = LoginInfo.UserName
    'WScript.Echo "Domain DNS Name: " & LoginInfo.DomainDNSName & vbCrLf & strUserDN

    '========================================
    ' Determine the last time that the user
    ' changed their password.
    '========================================
    Set oUser = GetObject("LDAP://" & strUserDN)

    '========================================
    ' Get the PasswordLastChanged Date
    '========================================
    pwChanged = DateDiff("d",pwMustChangeSinceDate,oUser.PasswordLastChanged)
    'WScript.Echo "Password Last Changed and days left: " & vbCrLf & oUser.PasswordLastChanged & vbCrLf & pwChanged

    ' If password hasn't been changed since the Must Change date, prompt the user
    if (pwChanged < 1) then
    Msgbox "You must change your password now. It was last changed on: " & vbCrLf & oUser.PasswordLastChanged & vbCrLf & "Press CTRL + ALT + DEL and select the 'Change a password' option.", vbCritical, "Password Expiration Warning!"
    End if

    '========================================
    ' Clean up.
    '========================================
    Set oUser = Nothing
    Set maxPwdAge = Nothing
    Set oDomain = Nothing

    '=====

Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down