Wednesday, August 28, 2013

Password expiry warning in Windows 7 and Windows 8

Hi all there.

When a domain user logs on, he receives a password expiry notification some time before the password actually expires. In XP and 2003, this was evident because it was integrated into the logon process. In Windows 7 and newer, it is just a taskbar notification that users easily oversee.

Copy the following VBS code to a file of your choice and run that throuhg Group Policy - but NOT as a logon script! Better leverage "Run these programs at user logon":
user configuration
computer configuration

Adjust the values of WarningAge and PWExpiry to your needs. The value of PWExpiry could have been retrieved from AD (Domain Policy or FGPA), but that would have complicated this short script :-)

In the web, there are lots of free or costly solutions, but this one is - at least for this one and only purpose - the fastest...
Const WarningAge = 25   'how old is the pw before the warning shows up?
Const PWExpiry   = 30   'how long is the pw valid at all?

Const MsgTitle = "Password change required!"
Const MsgPart1 = "Your current password expires in "
Const MsgPart2 = " days. Please remember to change your password within time, wich means ultimately at "
Const MsgPart3 = "."

Dim oEnv : Set oEnv = CreateObject( "WScript.Shell" ).Environment( "PROCESS" )
Dim oADS : Set oADS = CreateObject( "ADSystemInfo" )

Dim objUser, strPWDate, intPWAge

strPWDate = GetObject( "LDAP://" & oEnv( "USERDNSDOMAIN" ) & "/" &  oADS.UserName ).PasswordLastChanged
intPWAge = DateDiff( "d", strPWDate, Now )
If intPWAge > WarningAge And intPWAge <= PWExpiry Then
    MsgBox MsgPart1 & PWExpiry - intPWAge & MsgPart2 & strPWDate + PWExpiry & MsgPart3, vbOk + vbInformation, MsgTitle
End If

5 comments:

  1. Ash PoxonApril 08, 2015 4:56 PM

    Looks good, we found that a number of users "missed" the taskbar notifications or "went to make coffee" and missed them. Also, users would be away from office for a while and not realise their passwords had expired.

    We use this script https://red7solutions.wordpress.com/2015/03/30/free-automate-email-password-expiry-reminder/ which sends them an email.

    ReplyDelete
  2. UnknownApril 10, 2015 7:44 AM

    Thanks for sharing this informative resource.
    With the same concern to send password expiration reminders in my work-station, I use an automated solution named Lepide user password expiration reminder tool(http://www.lepide.com/user-password-expiration-reminder/ ) that reminds users when their password is about to expire through customizable email notifications.
    But I would like to bookmark this article for future help.

    ReplyDelete
  3. ZanguneNovember 25, 2015 12:16 AM

    Typo, in line 3:

    Const MsgTitle = "Password change requirede"

    should be

    Const MsgTitle = "Password change required"

    so you should remove the last "e".

    ReplyDelete
  4. Martin BinderNovember 25, 2015 11:07 AM

    Thanks - I decided to replace it with an exclamation mark which seems more appropriate :-)

    ReplyDelete
  5. AnonymousMarch 07, 2016 12:17 PM

    What happens if someone logs on while not connected to the company network? Will the user receive an error? Or will it stay quiet?

    ReplyDelete

Subscribe to: Post Comments (Atom)