据我了解,Windows 7用户在login过程中不会收到密码过期通知 – 严格来自系统托盘。
我们目前已经禁用托盘气球通知,以减less用户分心,我希望密码更改过程在login过程中比在现有会话中更顺畅。 因此,用户将被提示在到期时更改密码。
用户还连接到terminal服务框,但在那里收到高级密码过期通知。 所以,Windows 7不通知,但是TS / RDS和XP盒子是。 任何configuration这个指导? 就我个人而言,我会closures所有到期通知,但我知道大多数用户更喜欢看到通知。 思考? 任何GPO或其他设置,我可能会忽略? 下面的交互式login设置已经为我们的Win7工作站GPO启用。 我的想法是气球通知将被重新启用Windows 7,但我想看看是否有人知道的替代品。 谢谢。
计算机configuration\ Windows设置\安全设置\本地策略 – 安全选项
交互式login:提示用户在到期前更改密码
这听起来像是你做出一个非常合理的configurationselect(禁用气球通知,以改善用户体验)的情况之一。 然后出现与这个决定相冲突的事情。 在这一点上,你可以做一个妥协(通常最终会有一个大混乱,或者与问题的实际大小有关的荒谬复杂)。 或者,退出您的更改。 在大多数情况下,我认为最好是学习经验,退出早先的决定。
tl; dr重新启用气球通知。
这是一个旧的post,但我终于更新了脚本来检测和不响应非过期的密码。
'========================================== ' Check for password expiring notification '========================================== ' First, get the domain policy. '========================================== Dim oDomain Dim oUser Dim maxPwdAge Dim numDays Dim warningDays warningDays = 6 Set LoginInfo = CreateObject("ADSystemInfo") Set objUser = GetObject("LDAP://" & LoginInfo.UserName & "") strDomainDN = UCase(LoginInfo.DomainDNSName) strUserDN = LoginInfo.UserName '======================================== ' Check if password is non-expiring. '======================================== Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000 intUserAccountControl = objUser.Get("userAccountControl") If intUserAccountControl And ADS_UF_DONT_EXPIRE_PASSWD Then 'WScript.Echo "The password does not expire." Else Set oDomain = GetObject("LDAP://" & strDomainDN) Set maxPwdAge = oDomain.Get("maxPwdAge") '======================================== ' Calculate the number of days that are ' held in this value. '======================================== numDays = CCur((maxPwdAge.HighPart * 2 ^ 32) + _ maxPwdAge.LowPart) / CCur(-864000000000) 'WScript.Echo "Maximum Password Age: " & numDays '======================================== ' Determine the last time that the user ' changed his or her password. '======================================== Set oUser = GetObject("LDAP://" & strUserDN) '======================================== ' Add the number of days to the last time ' the password was set. '======================================== whenPasswordExpires = DateAdd("d", numDays, oUser.PasswordLastChanged) fromDate = Date daysLeft = DateDiff("d",fromDate,whenPasswordExpires) 'WScript.Echo "Password Last Changed: " & oUser.PasswordLastChanged if (daysLeft < warningDays) and (daysLeft > -1) then Msgbox "Password Expires in " & daysLeft & " day(s)" & " at " & whenPasswordExpires & chr(13) & chr(13) & "Once logged in, press CTRL-ALT-DEL and" & chr(13) & "select the 'Change a password' option", 0, "PASSWORD EXPIRATION WARNING!" End if End if '======================================== ' Clean up. '======================================== Set oUser = Nothing Set maxPwdAge = Nothing Set oDomain = Nothing 这是原来的答案和脚本
进入GPO的VBS脚本会显示一个popup窗口,告诉用户密码在#天后过期,用户必须单击“确定”closures该窗口。
它在GPO中 – 用户configuration – 策略 – pipe理模板 – 系统 – login – 在用户login时运行这些程序。 您还需要将文件夹位置添加到IE受信任的站点,以避免popup询问是否应该运行脚本。
PwExpChk.vbs
'======================================== ' First, get the domain policy. '======================================== Dim oDomain Dim oUser Dim maxPwdAge Dim numDays Dim warningDays warningDays = 6 Set LoginInfo = CreateObject("ADSystemInfo") Set objUser = GetObject("LDAP://" & LoginInfo.UserName & "") strDomainDN = UCase(LoginInfo.DomainDNSName) strUserDN = LoginInfo.UserName Set oDomain = GetObject("LDAP://" & strDomainDN) Set maxPwdAge = oDomain.Get("maxPwdAge") '======================================== ' Calculate the number of days that are ' held in this value. '======================================== numDays = CCur((maxPwdAge.HighPart * 2 ^ 32) + _ maxPwdAge.LowPart) / CCur(-864000000000) 'WScript.Echo "Maximum Password Age: " & numDays '======================================== ' Determine the last time that the user ' changed his or her password. '======================================== Set oUser = GetObject("LDAP://" & strUserDN) '======================================== ' Add the number of days to the last time ' the password was set. '======================================== whenPasswordExpires = DateAdd("d", numDays, oUser.PasswordLastChanged) fromDate = Date daysLeft = DateDiff("d",fromDate,whenPasswordExpires) 'WScript.Echo "Password Last Changed: " & oUser.PasswordLastChanged if (daysLeft < warningDays) and (daysLeft > -1) then Msgbox "Password Expires in " & daysLeft & " day(s)" & " at " & whenPasswordExpires & chr(13) & chr(13) & "Once logged in, press CTRL-ALT-DEL and" & chr(13) & "select the 'Change a password' option", 0, "PASSWORD EXPIRATION WARNING!" End if '======================================== ' Clean up. '======================================== Set oUser = Nothing Set maxPwdAge = Nothing Set oDomain = Nothing