XP User not notified of upcoming domain password expiration

G

Guest

On several laptop XP clients in our domain, the user is not notified of his
upcoming password expiration for the domain.

I have checked these things:
- The user is connected to the corporate network
- The user is not logging on with cached credentials.
- The computer policy is set to 14 days:
\Computer Configuration\Windows Settings\Security Settings\Local
Policies\Security Options\
- The registry on the PC shows the same setting of 14 days:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\passwordexpirywarning



Upon the expiration of the password, the client Event Viewer shows Event
535, "The specified account's password has expired."

Most users in the environment receive password expiration notifications,
beginning 14 days prior to the expiration (so it is not a domain-wide
problem).

Suggestions for how to resolve this problem? (One thing that makes it
difficult to reproduce, is there's no way to set an test Active Directory
account so that it will expire in a few days.)
 
K

Ken Zhao [MSFT]

Hello,

Thank you for using newsgroup!

Based on my experience, if the machine has not been rebooted or the user
account has not been logged off, it will not prompt a notification of
password expiration until you logoff the current user.

Based on the current situation, please help me confirm the RSOP result on
DC is the same as client. Therefore, please follow these steps to run RSOP
on Domain Controller to verify it.

Run an RSoP Query on a Computer Account:

1. Click Start, click Control Panel, double-click Administrative Tools, and
then double-click Active Directory Users and Computers.
2. In the console tree, expand Domain (where Domain is the domain in which
the computer account on which you want to run RSoP exists), and then expand
Computers.
3. Right-click the computer account on which you want to run RSoP, point to
All Tasks, and then click Resultant Set of Policy (Logging) or Resultant
Set of Policy (Planning).

323276: How To Install and Use RSoP in Windows Server 2003
<http://support.microsoft.com/default.aspx?scid=kb;en-us;323276>

Meanwhile, please check the Local Policies\Security Options\Interactive
logon: Prompt user to change password before expiration option to see if it
has been configured to 14 days.

Thanks & Regards,

Ken Zhao

Microsoft Online Support
Microsoft Global Technical Support Center

Get Secure! - www.microsoft.com/security <http://www.microsoft.com/security>
====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.





--------------------
| Thread-Topic: XP User not notified of upcoming domain password expiration
| thread-index: Acd7n+7uWqlrhPqRRD22avgRnnHq9Q==
| X-WBNR-Posting-Host: 68.73.75.192
| From: =?Utf-8?B?Um9iZXJ0IEE=?= <[email protected]>
| Subject: XP User not notified of upcoming domain password expiration
| Date: Tue, 10 Apr 2007 11:42:04 -0700
| Lines: 25
| Message-ID: <[email protected]>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2757
| Newsgroups: microsoft.public.windowsxp.general
| Path: TK2MSFTNGHUB02.phx.gbl
| Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windowsxp.general:65600
| NNTP-Posting-Host: tk2msftsbfm01.phx.gbl 10.40.244.148
| X-Tomcat-NG: microsoft.public.windowsxp.general
|
| On several laptop XP clients in our domain, the user is not notified of
his
| upcoming password expiration for the domain.
|
| I have checked these things:
| - The user is connected to the corporate network
| - The user is not logging on with cached credentials.
| - The computer policy is set to 14 days:
| \Computer Configuration\Windows Settings\Security Settings\Local
| Policies\Security Options\
| - The registry on the PC shows the same setting of 14 days:
| HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
| NT\CurrentVersion\Winlogon\passwordexpirywarning
|
|
|
| Upon the expiration of the password, the client Event Viewer shows Event
| 535, "The specified account's password has expired."
|
| Most users in the environment receive password expiration notifications,
| beginning 14 days prior to the expiration (so it is not a domain-wide
| problem).
|
| Suggestions for how to resolve this problem? (One thing that makes it
| difficult to reproduce, is there's no way to set an test Active Directory
| account so that it will expire in a few days.)
|
 
G

Guest

I have followed your suggestions but there is no change in the situation.


The PC was rebooted the previous night, as part of normal procedure, so I
don't think this tip is applicable.
:

Based on my experience, if the machine has not been rebooted or the user
account has not been logged off, it will not prompt a notification of
password expiration until you logoff the current user.


There is no defined Group Policy Object setting for: "Interactive logon:
Prompt user to change password before expiration." In my experience if
the setting is Not Defined then it will take the default value (which in this
case is 14 days).

I ran the RSOP to determine this. (I also maintain the GPOs so I am aware
of most settings that we have defined.)
Based on the current situation, please help me confirm the RSOP result on
DC is the same as client.


We did check the PC client and this setting is defined as 14 days.
 
K

Ken Zhao [MSFT]

Hello,

Thanks for your response.

From your reply, I am not sure if you have run RSOP on the client to see if
the policy is applying.

If the problem persists, please turn on the following group policy to see
if it can help:
Computer\Administrative Templates\System\logon\Always wait for the network
at computer startup and logon

313194: No Password Expiration Notice Is Presented During the Logon Process
http://support.microsoft.com/kb/313194/en-us

Thanks & Regards,

Ken Zhao

Microsoft Online Support
Microsoft Global Technical Support Center

Get Secure! - www.microsoft.com/security <http://www.microsoft.com/security>
====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.





--------------------
| Thread-Topic: XP User not notified of upcoming domain password expiration
| thread-index: Acd8OZfsNQ/CJJBbSxCVQ0DTp8w/5A==
| X-WBNR-Posting-Host: 207.46.198.15
| From: =?Utf-8?B?Um9iZXJ0IEE=?= <[email protected]>
| References: <[email protected]>
<IaUN2x#[email protected]>
| Subject: RE: XP User not notified of upcoming domain password expiration
| Date: Wed, 11 Apr 2007 06:02:00 -0700
| Lines: 87
| Message-ID: <[email protected]>
| MIME-Version: 1.0
| Content-Type: text/plain;
| charset="Utf-8"
| Content-Transfer-Encoding: 7bit
| X-Newsreader: Microsoft CDO for Windows 2000
| Content-Class: urn:content-classes:message
| Importance: normal
| Priority: normal
| X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2757
| Newsgroups: microsoft.public.windowsxp.general
| Path: TK2MSFTNGHUB02.phx.gbl
| Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windowsxp.general:65928
| NNTP-Posting-Host: tk2msftsbfm01.phx.gbl 10.40.244.148
| X-Tomcat-NG: microsoft.public.windowsxp.general
|
|
| I have followed your suggestions but there is no change in the situation.
|
|
| The PC was rebooted the previous night, as part of normal procedure, so I
| don't think this tip is applicable.
|
| > ""Ken Zhao [MSFT]"" wrote:
| >
| > Based on my experience, if the machine has not been rebooted or the
user
| > account has not been logged off, it will not prompt a notification of
| > password expiration until you logoff the current user.
|
|
| There is no defined Group Policy Object setting for: "Interactive logon:
| Prompt user to change password before expiration." In my experience
if
| the setting is Not Defined then it will take the default value (which in
this
| case is 14 days).
|
| I ran the RSOP to determine this. (I also maintain the GPOs so I am
aware
| of most settings that we have defined.)
|
| > Based on the current situation, please help me confirm the RSOP result
on
| > DC is the same as client.
|
|
| We did check the PC client and this setting is defined as 14 days.
|
| > Meanwhile, please check the Local Policies\Security Options\Interactive
| > logon: Prompt user to change password before expiration option to see
if it
| > has been configured to 14 days.
| >
| >
| >
| > --------------------
| > | Thread-Topic: XP User not notified of upcoming domain password
expiration
| > | thread-index: Acd7n+7uWqlrhPqRRD22avgRnnHq9Q==
| > | X-WBNR-Posting-Host: 68.73.75.192
| > | From: =?Utf-8?B?Um9iZXJ0IEE=?= <[email protected]>
| > | Subject: XP User not notified of upcoming domain password expiration
| > | Date: Tue, 10 Apr 2007 11:42:04 -0700
| > | Lines: 25
| > | Message-ID: <[email protected]>
| > | MIME-Version: 1.0
| > | Content-Type: text/plain;
| > | charset="Utf-8"
| > | Content-Transfer-Encoding: 7bit
| > | X-Newsreader: Microsoft CDO for Windows 2000
| > | Content-Class: urn:content-classes:message
| > | Importance: normal
| > | Priority: normal
| > | X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2757
| > | Newsgroups: microsoft.public.windowsxp.general
| > | Path: TK2MSFTNGHUB02.phx.gbl
| > | Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windowsxp.general:65600
| > | NNTP-Posting-Host: tk2msftsbfm01.phx.gbl 10.40.244.148
| > | X-Tomcat-NG: microsoft.public.windowsxp.general
| > |
| > | On several laptop XP clients in our domain, the user is not notified
of
| > his
| > | upcoming password expiration for the domain.
| > |
| > | I have checked these things:
| > | - The user is connected to the corporate network
| > | - The user is not logging on with cached credentials.
| > | - The computer policy is set to 14 days:
| > | \Computer Configuration\Windows Settings\Security Settings\Local
| > | Policies\Security Options\
| > | - The registry on the PC shows the same setting of 14 days:
| > | HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
| > | NT\CurrentVersion\Winlogon\passwordexpirywarning
| > |
| > |
| > |
| > | Upon the expiration of the password, the client Event Viewer shows
Event
| > | 535, "The specified account's password has expired."
| > |
| > | Most users in the environment receive password expiration
notifications,
| > | beginning 14 days prior to the expiration (so it is not a domain-wide
| > | problem).
| > |
| > | Suggestions for how to resolve this problem? (One thing that makes
it
| > | difficult to reproduce, is there's no way to set an test Active
Directory
| > | account so that it will expire in a few days.)
| > |
| >
| >
|
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top