Forcing Password Changes for Non-Interacitve Logons
|
View:
New views
5 Messages
—
Rating Filter:
Alert me
|
 |
Forcing Password Changes for Non-Interacitve Logons
by GrowlieGirl
::
Rate this Message:
I have googled and googled but cannot find the answer to this one, hoping you can help.
We have ADS password policy enforced whereby the user has to change their password every 60 days. If they have not changed their password after this time their account is locked. Unfortunately the users with non-interactive accounts do not get the notification to change their password nor can they get to the change password facility that the interactive logon users can use. Is there any way to notify the users and have them carry out a password change? |
|
|
Re: Forcing Password Changes for Non-Interacitve Logons
by Mark Holmes-2
::
Rate this Message:
Hi,
We have a similar issue at my place - not all users are joined to the domain, so don't do an interactive logon. I use a vb script which runs nightly and checks AD for users whose password is due to expire, it sends email reminders 14 7 3 and 2 days before expiry via email (pulls the users address from AD). They then go to a secure page on our intranet to change their password. Cheers, Mark On 20 Jul 2009, at 23:32, "GrowlieGirl@..." <GrowlieGirl@...> wrote: > I have googled and googled but cannot find the answer to this one, > hoping you can help. > We have ADS password policy enforced whereby the user has to change > their password every 60 days. If they have not changed their > password after this time their account is locked. Unfortunately the > users with non-interactive accounts do not get the notification to > change their password nor can they get to the change password > facility that the interactive logon users can use. Is there any way > to notify the users and have them carry out a password change? On 20 Jul 2009, at 23:32, "GrowlieGirl@..." <GrowlieGirl@...> wrote: > I have googled and googled but cannot find the answer to this one, > hoping you can help. > We have ADS password policy enforced whereby the user has to change > their password every 60 days. If they have not changed their > password after this time their account is locked. Unfortunately the > users with non-interactive accounts do not get the notification to > change their password nor can they get to the change password > facility that the interactive logon users can use. Is there any way > to notify the users and have them carry out a password change? > |
|
|
Re: Forcing Password Changes for Non-Interacitve Logons
by Kurt Buff
::
Rate this Message:
On Wed, Jul 15, 2009 at 21:23, <GrowlieGirl@...> wrote:
> I have googled and googled but cannot find the answer to this one, hoping you can help. > We have ADS password policy enforced whereby the user has to change their password > every 60 days. If they have not changed their password after this time their account is locked. > Unfortunately the users with non-interactive accounts do not get the notification to change > their password nor can they get to the change password facility that the interactive logon > users can use. Is there any way to notify the users and have them carry out a password > change? Not directly as far as I'm aware, but there are a ton of free tools in the world that will allow you to filter your user base according to the age of their password - check, for instance, joeware.net, and google for netpwage.exe, among many others. Wrap that up in a script with one of my favorite tools - blat.exe - to send each person an email for several days before it expires, and Bob's yer uncle. There are probably commercial tools as well, but I don't know that space well at all. Kurt |
|
|
Re: Forcing Password Changes for Non-Interacitve Logons
by Kosala Atapattu-2
::
Rate this Message:
Care to share the script :).
Kosala On Tue, Jul 21, 2009 at 1:55 AM, Mark Holmes<mark.holmes@...> wrote: > Hi, > > We have a similar issue at my place - not all users are joined to the > domain, so don't do an interactive logon. I use a vb script which > runs nightly and checks AD for users whose password is due to expire, > it sends email reminders 14 7 3 and 2 days before expiry via email > (pulls the users address from AD). They then go to a secure page on > our intranet to change their password. > > Cheers, > > Mark > > > On 20 Jul 2009, at 23:32, "GrowlieGirl@..." > <GrowlieGirl@...> wrote: > >> I have googled and googled but cannot find the answer to this one, >> hoping you can help. >> We have ADS password policy enforced whereby the user has to change >> their password every 60 days. If they have not changed their >> password after this time their account is locked. Unfortunately the >> users with non-interactive accounts do not get the notification to >> change their password nor can they get to the change password >> facility that the interactive logon users can use. Is there any way >> to notify the users and have them carry out a password change? > > On 20 Jul 2009, at 23:32, "GrowlieGirl@..." > <GrowlieGirl@...> wrote: > >> I have googled and googled but cannot find the answer to this one, >> hoping you can help. >> We have ADS password policy enforced whereby the user has to change >> their password every 60 days. If they have not changed their >> password after this time their account is locked. Unfortunately the >> users with non-interactive accounts do not get the notification to >> change their password nor can they get to the change password >> facility that the interactive logon users can use. Is there any way >> to notify the users and have them carry out a password change? >> > -- Kosala -------------------------------------------- Disclaimer: Views expressed in this mail are my personal views and they would not reflect views of the employer. -------------------------------------------- blog.kosala.net www.linux.lk/~kosala/ www.kosala.net |
|
|
RE: Forcing Password Changes for Non-Interacitve Logons
by Mark Holmes-2
::
Rate this Message:
Hi,
Sure - see http://www.nuffield.ox.ac.uk/users/holmes/reportpasswordchange.zip There are three files, the .vbs, which you will need to edit to suit your environment, a text file which is the text that will be included in the email sent to the user, and a .bat file which just calls the script - this batch file should be run as a scheduled task in the context of a user with read access to AD. I have edited out much of the config for security reasons, you will need to have a look at the .vbs and change settings where appropriate - ie your domain, the password expiry no of days etc - it's all pretty straightforward. You will need to create a secure password reset page, we use a .NET control to achieve this. Note the page will need to run in the context of a user with *write* access to AD. There are other scripts out there that do this, just Google 'password expiry script' or similar. Regards, Mark -----Original Message----- From: Kosala Atapattu [mailto:kosala.atapattu@...] Sent: 21 July 2009 04:48 To: Mark Holmes Cc: GrowlieGirl@...; focus-ms@... Subject: Re: Forcing Password Changes for Non-Interacitve Logons Care to share the script :). Kosala On Tue, Jul 21, 2009 at 1:55 AM, Mark Holmes<mark.holmes@...> wrote: > Hi, > > We have a similar issue at my place - not all users are joined to the > domain, so don't do an interactive logon. I use a vb script which > runs nightly and checks AD for users whose password is due to expire, > it sends email reminders 14 7 3 and 2 days before expiry via email > (pulls the users address from AD). They then go to a secure page on > our intranet to change their password. > > Cheers, > > Mark > > > On 20 Jul 2009, at 23:32, "GrowlieGirl@..." > <GrowlieGirl@...> wrote: > >> I have googled and googled but cannot find the answer to this one, >> hoping you can help. >> We have ADS password policy enforced whereby the user has to change >> their password every 60 days. If they have not changed their >> password after this time their account is locked. Unfortunately the >> users with non-interactive accounts do not get the notification to >> change their password nor can they get to the change password >> facility that the interactive logon users can use. Is there any way >> to notify the users and have them carry out a password change? > > On 20 Jul 2009, at 23:32, "GrowlieGirl@..." > <GrowlieGirl@...> wrote: > >> I have googled and googled but cannot find the answer to this one, >> hoping you can help. >> We have ADS password policy enforced whereby the user has to change >> their password every 60 days. If they have not changed their >> password after this time their account is locked. Unfortunately the >> users with non-interactive accounts do not get the notification to >> change their password nor can they get to the change password >> facility that the interactive logon users can use. Is there any way >> to notify the users and have them carry out a password change? >> > -- Kosala -------------------------------------------- Disclaimer: Views expressed in this mail are my personal views and they would not reflect views of the employer. -------------------------------------------- blog.kosala.net www.linux.lk/~kosala/ www.kosala.net |
| Free embeddable forum powered by Nabble | Forum Help |
