We get it, changing your Active Directory password regularly is a bit of a pain. Wouldn’t it be much easier to have just one password for everything, instead of having to remember a new one every few months?
Unfortunately, you simply cannot afford to allow password complacency to become a habit. That is exactly what attackers are looking for.
As an IT Administrator, it is your job to ensure you have an appropriate means of reminding users when their passwords are due to expire.
In this article we will take you through the steps needed to remind users when their passwords are due to expire using the native method.
Steps to Enable Password Expiry Notification using GPO
Step 1: Open Group Policy Objects Editor Console
To do this, simply go to Start – Run and then type in gpedit.msc and click Ok.
Step 2: Explore Security Options
In the Group Policy Objects editor, go to Computer Configuration – Windows Settings – Security Settings – Local Policies – Security Options.
Step 3: Choose the Policy for Password Notifications
Now you need to select the policy named “Interactive Logon: Prompt user to change password before expiration”. The current security setting is enabled to a default figure of 14 days.
Step 4: Modify the Security Setting
Right click on the policy and modify the setting accordingly. You can adjust the number of days to your own liking.
Once complete, users will get a warning message that will say something similar to the following whenever they connect to the domain:
“Your password will expire in 5 days. Do you want to change it now?”
The Drawbacks of Native Password Reminders
Annoyingly, these types of password reminders are only useful if you have users that regularly log out of their accounts. If users prefer to lock their accounts and unlock them when they use them, they will not see the warning messages and their password may expire without their knowledge.
It would be much simpler if you could remind your users that their passwords are due to expire by email…
How Lepide Helps
Lepide Password Expiration Notification tool can send fully customizable, automated emails to users that notify them when their password is due to expire. Follow-up notifications can be sent if your users fail to change their passwords the first time.
You can also use the Lepide Password Expiration Notification tool to limit the number of helpdesk calls due to expired passwords by generating a list of users with soon-to-expire passwords. You can then follow up with those users manually to ensure they change their passwords on time.
Comprehensive reports on soon-to-expire passwords, logon failures, password changes, and more can be viewed from one consolidated platform – the simplest way to automate password expiration notifications.
