Group Policy Password Reminders

By It_Inserts_The_Username_Here ·
We have some users that are complaining that they are not receiving a password change pop up when the notice is supposed to appear. We have a 60 day password policy, and when it get's close to that time, myself and other users seems to be receiving them. The users who are having the problem are people who are not in our main facility very often. Most of these people rely on VPN access to get on the network. I read something from Microsoft about the Group Policy setting "Always wait for the network at computer startup and logon." I believe this would cause them to not be able to log on because, from what I read, it eliminates the use of cashed credentials. (Here is the article: My question is, is there a way to fix this so these people will see this popup, or is this a lost cause since they are remote users? It really is a pain to have to change their passwords every 3 months instead of them doing it on their own. The only other option I can think of at this time is to send out a mass e-mail reminding them that the 60 days is almost up. Most people will probably disregard the e-mails anyway though, and we will be stuck with the same problem.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

When is the popup shown?

by TobiF In reply to Group Policy Password Rem ...

I'm no system administrator myself, so I'm just "thinking aloud" here.

Could it be that the password reminder is only showed at system logon. In that case, you may have an issue with users, who never logs in or out (preferring hibernation, for instance). And I guess VPN could also be tricky, since the user is already logged on (on his own computer in disconnected mode), before connecting over VPN.

Perhaps you could extend the "buffer period" by setting forced renewal to 90 days and activate the reminder after 60 days?

Then you coul, once a week scan for users, who have less than 15 days left and email them?

Collapse -

No popup

People are saying that there is no popup. I can't confirm this, obviously, because they are out of the office.

I think extending the "buffer period" would only prolong the inevitable. I believe they would still be calling us to change their passwords. Scanning for users once a week is too much administrative effort.

From other forums I have been reading, it looks like this is a common problem. There are 3rd party applications out there, otherwise people seem to be using scripts to fix the problem. Because we have under 50 users that are remote, we are just going to go the route of scheduled task and run this script. It will tell them how many days they have left until their password expires. Hopefully they will actually take the 10 seconds that it actually takes to change their password.

Collapse -

some thoughts - are these computers

by Sue T In reply to No popup

on a domain? Have you set group policy on their computer to remind them to change the password? Is the local group policy conflicting with the domain group policy? When people have this issue and I don't see a quick fix I usually tell them to put a recurring appointment in their calendar which will remind them to change password on the 1st of the month.

Collapse -

All are domain users.

All of these PCs and users are part of our domain. When playing around with the script we had created, it appears that when the user is not connected to the physical network or on VPN, the local password policy was taking over. The cached credentials obviously will not expire on the machine, but the password will not allow network access or access to resources on the network. Because we are a smaller organization and did not feel this should be an "expensive" fix, we found a feeware program that queries Active Directory and sends e-mail reports to an admin showing the passwords about to expire, and to the users whose password is about to expire. It is actually very nice for a free program. Too bad the full version of the software is too expensive, it really is a neat product.

Collapse -

what is

by Sue T In reply to All are domain users.

the freeware program? I would like to take a look at it. sounds like it could come in handy.

Related Discussions

Related Forums