+ Post New Thread
Results 1 to 6 of 6
Windows 7 Thread, password notification in Technical; We have been trying to solve a problem where windows 7 and our svr2k8 domain doesnt display the password expiry ...
  1. #1
    mdench's Avatar
    Join Date
    Oct 2011
    Location
    West Sussex
    Posts
    819
    Thank Post
    40
    Thanked 106 Times in 96 Posts
    Rep Power
    39

    password notification

    We have been trying to solve a problem where windows 7 and our svr2k8 domain doesnt display the password expiry notification warning to users. And we are a bit stuck....

    We have enabled the policy for interactive logon : Prompt user to change password before expiration set currently to 10 days and the balloon in the notification area has been set to allows show up but it wont notify users when their password is going to expire.... any ideas??

    Cheers

  2. #2

    DaveP's Avatar
    Join Date
    Oct 2006
    Location
    Can't talk now: The mother-ship is calling!
    Posts
    9,360
    Thank Post
    353
    Thanked 1,347 Times in 925 Posts
    Blog Entries
    4
    Rep Power
    1202
    Do you use BGInfo?

    If you do there is a script that you can add to BGInfo to display when the users' password will expire on their desktop:

    Code:
    On Error Resume Next
    
    Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000
    Const E_ADS_PROPERTY_NOT_FOUND  = &h8000500D
    Const ONE_HUNDRED_NANOSECOND    = .000000100
    Const SECONDS_IN_DAY            = 86400
    
    
    ' Get UserName
    Dim objNetwork, userName
    Set objNetwork = CreateObject("WScript.Network")
    
    
    userName = objNetwork.UserName
    
    
    Set objUser = GetObject("LDAP://CN=" & userName & ",OU=Users,DC=domain,DC=local")
    
    
    intUserAccountControl = objUser.Get("userAccountControl")
    If intUserAccountControl And ADS_UF_DONT_EXPIRE_PASSWD Then 
        echo "The password does not expire."
        WScript.Quit
    Else
        dtmValue = objUser.PasswordLastChanged
        If Err.Number = E_ADS_PROPERTY_NOT_FOUND Then              
            echo "The password has never been set."
            WScript.Quit
        Else
            intTimeInterval = Int(Now - dtmValue)
            echo "The password was last set on " & _
              DateValue(dtmValue) & " at " & TimeValue(dtmValue)  & vbCrLf & _
              "The difference between when the password was last" & vbCrLf & _
              "set and today is " & intTimeInterval & " days"
        End If
    
    
        Set objDomain = GetObject("LDAP://DC=domain,DC=local")
        Set objMaxPwdAge = objDomain.Get("maxPwdAge")
    
    
        If objMaxPwdAge.LowPart = 0 Then
            Echo "The Maximum Password Age is set to 0 in the " & _
                         "domain. Therefore, the password does not expire."
            WScript.Quit
        Else
            dblMaxPwdNano = _
                Abs(objMaxPwdAge.HighPart * 2^32 + objMaxPwdAge.LowPart)
            dblMaxPwdSecs = dblMaxPwdNano * ONE_HUNDRED_NANOSECOND  
            dblMaxPwdDays = Int(dblMaxPwdSecs / SECONDS_IN_DAY)     
            echo "Maximum password age is " & dblMaxPwdDays & " days"
    
    
            If intTimeInterval >= dblMaxPwdDays Then
                echo "The password has expired."
            Else
                echo "The password will expire on " & _
                  DateValue(dtmValue + dblMaxPwdDays) & " (" & _
                  Int((dtmValue + dblMaxPwdDays) - Now) & " days from today)."
            End If
        End If
    End If
    Source: bginfo show days until password expires? - Spiceworks

    I haven't go this to work yet as where the author states:

    ...There's two places where you'll need to modify to match your running domain....
    he does not explain where in the script those changes should be made [I do not clain to be adept at VBS and so this may take some time for me to get right]

    If there are any VBS experts out there who can indicate where I need to make the changes and what they should be I would be grateful.

    As we already use BGInfo I think that this will be a good solution for us once it is working. Hopefully it will help you also.

  3. #3
    mdench's Avatar
    Join Date
    Oct 2011
    Location
    West Sussex
    Posts
    819
    Thank Post
    40
    Thanked 106 Times in 96 Posts
    Rep Power
    39
    Nah we don't use that.. Thanks anyway!

  4. #4

    Join Date
    Mar 2010
    Location
    shadowx@AllEvil:/
    Posts
    222
    Thank Post
    12
    Thanked 28 Times in 25 Posts
    Rep Power
    14
    I haven't got anything specific other than to suggest disabling all GPOs except the password reset one and see what happens. Could be another GPO is blocking popups/balloon notifications?

  5. #5

    john's Avatar
    Join Date
    Sep 2005
    Location
    London
    Posts
    10,447
    Thank Post
    1,537
    Thanked 1,069 Times in 934 Posts
    Rep Power
    305
    Quote Originally Posted by DaveP View Post
    Do you use BGInfo?

    If you do there is a script that you can add to BGInfo to display when the users' password will expire on their desktop:

    Code:
    On Error Resume Next
    
    Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000
    Const E_ADS_PROPERTY_NOT_FOUND  = &h8000500D
    Const ONE_HUNDRED_NANOSECOND    = .000000100
    Const SECONDS_IN_DAY            = 86400
    
    
    ' Get UserName
    Dim objNetwork, userName
    Set objNetwork = CreateObject("WScript.Network")
    
    
    userName = objNetwork.UserName
    
    
    Set objUser = GetObject("LDAP://CN=" & userName & ",OU=Users,DC=domain,DC=local")
    
    
    intUserAccountControl = objUser.Get("userAccountControl")
    If intUserAccountControl And ADS_UF_DONT_EXPIRE_PASSWD Then 
        echo "The password does not expire."
        WScript.Quit
    Else
        dtmValue = objUser.PasswordLastChanged
        If Err.Number = E_ADS_PROPERTY_NOT_FOUND Then              
            echo "The password has never been set."
            WScript.Quit
        Else
            intTimeInterval = Int(Now - dtmValue)
            echo "The password was last set on " & _
              DateValue(dtmValue) & " at " & TimeValue(dtmValue)  & vbCrLf & _
              "The difference between when the password was last" & vbCrLf & _
              "set and today is " & intTimeInterval & " days"
        End If
    
    
        Set objDomain = GetObject("LDAP://DC=domain,DC=local")
        Set objMaxPwdAge = objDomain.Get("maxPwdAge")
    
    
        If objMaxPwdAge.LowPart = 0 Then
            Echo "The Maximum Password Age is set to 0 in the " & _
                         "domain. Therefore, the password does not expire."
            WScript.Quit
        Else
            dblMaxPwdNano = _
                Abs(objMaxPwdAge.HighPart * 2^32 + objMaxPwdAge.LowPart)
            dblMaxPwdSecs = dblMaxPwdNano * ONE_HUNDRED_NANOSECOND  
            dblMaxPwdDays = Int(dblMaxPwdSecs / SECONDS_IN_DAY)     
            echo "Maximum password age is " & dblMaxPwdDays & " days"
    
    
            If intTimeInterval >= dblMaxPwdDays Then
                echo "The password has expired."
            Else
                echo "The password will expire on " & _
                  DateValue(dtmValue + dblMaxPwdDays) & " (" & _
                  Int((dtmValue + dblMaxPwdDays) - Now) & " days from today)."
            End If
        End If
    End If
    Source: bginfo show days until password expires? - Spiceworks

    I haven't go this to work yet as where the author states:



    he does not explain where in the script those changes should be made [I do not clain to be adept at VBS and so this may take some time for me to get right]

    If there are any VBS experts out there who can indicate where I need to make the changes and what they should be I would be grateful.

    As we already use BGInfo I think that this will be a good solution for us once it is working. Hopefully it will help you also.
    Code:
    Set objUser = GetObject("LDAP://CN=" & userName & ",OU=Users,DC=domain,DC=local")
    Code:
    Set objDomain = GetObject("LDAP://DC=domain,DC=local")
    Are the two bits where your domain needs to go, it is quite easy to get the info, for the first bit:
    The OU=Users part is where are your user accounts stored in Active Directory, if they are all in the Users folder then that is fine, if you have a folder called Domain Users or People or something else replace the word Users with that. The last bit which is DC=..... that is if your domain is schoolsname.county.local, then that becomes DC=schoolsname,DC=county,DC=local"

    The last one to edit is just the DC bit used at the end of the first one.

    Does that help and work (I don't use BGInfo anymore so cannot check but that should do it)

  6. Thanks to john from:

    DaveP (26th July 2012)

  7. #6

    DaveP's Avatar
    Join Date
    Oct 2006
    Location
    Can't talk now: The mother-ship is calling!
    Posts
    9,360
    Thank Post
    353
    Thanked 1,347 Times in 925 Posts
    Blog Entries
    4
    Rep Power
    1202
    Thanks John. I will give that a go this morning.



SHARE:
+ Post New Thread

Similar Threads

  1. Password expiration notification Windows 7
    By timbo343 in forum Windows 7
    Replies: 0
    Last Post: 17th October 2011, 01:04 PM
  2. Email notification of password expiry?
    By gshaw in forum Windows
    Replies: 0
    Last Post: 23rd April 2008, 01:42 PM
  3. Replies: 12
    Last Post: 12th September 2005, 11:47 AM
  4. making passwords help
    By browolf in forum Scripts
    Replies: 7
    Last Post: 26th August 2005, 10:49 AM
  5. Use of domain password (& staff AUP, etc.) ;)
    By mark in forum School ICT Policies
    Replies: 22
    Last Post: 29th June 2005, 03:36 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •