When ADMIN PASSWORD has expired - stop ability to bypass change op

[Guest]

I am configuring closed systems with highly restricted access.
Part of the certification is to establish that all of the passwords expire.
Here is the situation:
On a non-networked Windows XP SP2 workstation.
I set the expiration of the the ADMINISTRATOR's password to 45 days. Then I
change the time to be 46 days in the future and logoff. When I log back on,
as ADMINISTRATOR, it informs me that my password has expired and "...would I
like to change it".
If I answer "YES", it allows me to change the password and continues to my
desktop.
If I answer "NO" it takes me to the desktop as well (re-asking the question
every time I log on).
HOW do I configure the system to NOT ALLOW me to continue to the desktop
unless I change the ADMINISTRATOR Password when it has expired?

TO restate the question: I need the system to NOT allow the administrator
(or any account for that matter) to be able to continue to the desktop after
the password is expired UNLESS THEY CHANGE THE PASSWORD.

thanks,
- Drew

 

[null]

I am configuring closed systems with highly restricted access.
Part of the certification is to establish that all of the passwords expire.
Here is the situation:
On a non-networked Windows XP SP2 workstation.
I set the expiration of the the ADMINISTRATOR's password to 45 days. Then I
change the time to be 46 days in the future and logoff. When I log back on,
as ADMINISTRATOR, it informs me that my password has expired and "...would I
like to change it".
If I answer "YES", it allows me to change the password and continues to my
desktop.
If I answer "NO" it takes me to the desktop as well (re-asking the question
every time I log on).
HOW do I configure the system to NOT ALLOW me to continue to the desktop
unless I change the ADMINISTRATOR Password when it has expired?

TO restate the question: I need the system to NOT allow the administrator
(or any account for that matter) to be able to continue to the desktop after
the password is expired UNLESS THEY CHANGE THE PASSWORD.

thanks,
- Drew

Don't you have the following option?

'User must change password at next logon'

--
The reader should exercise normal caution and backup the Registry and
data files regularly, and especially before making any changes to their
PC, as well as performing regular virus and spyware scans. I am not
liable for problems or mishaps that occur from the reader using advice
posted here. No warranty, express or implied, is given with the posting
of this message.

 

[Guest]

Don't you have the following option?

'User must change password at next logon'

- - -
Yes, I have the option but that is neither the question nor the problem..

AT LOGON
IF an admin's password has expired

THEN the dialog box asks them if they want to change it.
IF they answer YES it gives them the dialog to change the password and
continues on to the desktop once the password change scenario is complete.
ELSE they answer NO and it continues to the desktop.

I want to configure it so that IF they answer NO, THEN it does NOT continue
until they answer YES.
Effectively enforcing that they MUST change their password if it has expired.

I don't think it's possible in the Windows World...
- Drew

 

[Darrell Gorter[MSFT]]

Hello Drew,
Try looking at this article:
885119 How to set account lockout policies in Windows 2000 and Windows
Server
http://support.microsoft.com/?id=885119

Thanks,
Darrell Gorter[MSFT]

This posting is provided "AS IS" with no warranties, and confers no rights
--------------------
<Thread-Topic: When ADMIN PASSWORD has expired - stop ability to bypass
chang
<thread-index: AcXOupVb5fG8HGcARbGQDrDwzh35Hg==
<X-WBNR-Posting-Host: 69.148.72.109
<From: "=?Utf-8?B?ZGhhcmFrYWw=?=" <[email protected]>
<References: <[email protected]>
<[email protected]>
<Subject: Re: When ADMIN PASSWORD has expired - stop ability to bypass chang
<Date: Tue, 11 Oct 2005 16:22:01 -0700
<Lines: 45
<Message-ID: <[email protected]>
<MIME-Version: 1.0
<Content-Type: text/plain;
< charset="Utf-8"
<Content-Transfer-Encoding: 7bit
<X-Newsreader: Microsoft CDO for Windows 2000
<Content-Class: urn:content-classes:message
<Importance: normal
<Priority: normal
<X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
<Newsgroups: microsoft.public.windowsxp.setup_deployment
<NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
<Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
<Xref: TK2MSFTNGXA02.phx.gbl
microsoft.public.windowsxp.setup_deployment:142406
<X-Tomcat-NG: microsoft.public.windowsxp.setup_deployment
<
<> dharakal wrote:
<>
<> > I am configuring closed systems with highly restricted access.
<> > Part of the certification is to establish that all of the passwords
expire.
<> > Here is the situation:
<> > On a non-networked Windows XP SP2 workstation.
<> > I set the expiration of the the ADMINISTRATOR's password to 45 days.
Then I
<> > change the time to be 46 days in the future and logoff. When I log
back on,
<> > as ADMINISTRATOR, it informs me that my password has expired and
"...would I
<> > like to change it".
<> > If I answer "YES", it allows me to change the password and continues
to my
<> > desktop.
<> > If I answer "NO" it takes me to the desktop as well (re-asking the
question
<> > every time I log on).
<> > HOW do I configure the system to NOT ALLOW me to continue to the
desktop
<> > unless I change the ADMINISTRATOR Password when it has expired?
<> >
<> > TO restate the question: I need the system to NOT allow the
administrator
<> > (or any account for that matter) to be able to continue to the desktop
after
<> > the password is expired UNLESS THEY CHANGE THE PASSWORD.
<> >
<> > thanks,
<> > - Drew
<>
<> Don't you have the following option?
<>
<> 'User must change password at next logon'
<>
<- - -
<Yes, I have the option but that is neither the question nor the problem..
<
<AT LOGON
<IF an admin's password has expired
<
<THEN the dialog box asks them if they want to change it.
<IF they answer YES it gives them the dialog to change the password and
<continues on to the desktop once the password change scenario is complete.
<ELSE they answer NO and it continues to the desktop.
<
<I want to configure it so that IF they answer NO, THEN it does NOT
continue
<until they answer YES.
<Effectively enforcing that they MUST change their password if it has
expired.
<
<I don't think it's possible in the Windows World...
<- Drew
<