据我了解,Windows 7 用户在登录过程中不会收到密码到期通知 - 它严格来自系统托盘。
我们目前禁用了托盘气球通知以减少用户分心,我希望密码更改过程在登录过程中比在现有会话中更顺畅。因此,用户将在到期时收到更改密码的提示。
用户还连接到终端服务框,但会在那里收到密码过期的高级通知。因此,Windows 7 不会发出通知,但 TS/RDS 和 XP 设备会发出通知。关于配置的任何指导?就个人而言,我会关闭所有到期通知,但我知道大多数用户更愿意看到通知。想法?我可能会忽略任何 GPO 或其他设置?下面的交互式登录设置已经为我们的 Win7 工作站 GPO 启用。我的想法是气球通知将在 Windows 7 中重新启用,但我想看看是否有人知道替代方案。谢谢。
计算机配置\Windows 设置\安全设置\本地策略 - 安全选项
交互式登录:提示用户在到期前更改密码
这听起来像是您做出非常明智的配置选择(禁用气球通知以改善用户体验)的情况之一。然后出现了与该决定相冲突的事情。在这一点上,你可以捏造一个妥协(通常最终会造成大混乱,或者与问题的实际规模相关的荒谬复杂的事情)。或者,取消您的更改。在大多数情况下,我认为最好吸取学习经验,并退出先前的决定。
tl;dr 重新启用气球通知。
小智 7
这是一篇旧帖子,但我最终更新了脚本以检测并不响应未过期的密码。
'==========================================
' Check for password expiring notification
'==========================================
' First, get the domain policy.
'==========================================
Dim oDomain
Dim oUser
Dim maxPwdAge
Dim numDays
Dim warningDays
warningDays = 6
Set LoginInfo = CreateObject("ADSystemInfo")
Set objUser = GetObject("LDAP://" & LoginInfo.UserName & "")
strDomainDN = UCase(LoginInfo.DomainDNSName)
strUserDN = LoginInfo.UserName
'========================================
' Check if password is non-expiring.
'========================================
Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000
intUserAccountControl = objUser.Get("userAccountControl")
If intUserAccountControl And ADS_UF_DONT_EXPIRE_PASSWD Then
'WScript.Echo "The password does not expire."
Else
Set oDomain = GetObject("LDAP://" & strDomainDN)
Set maxPwdAge = oDomain.Get("maxPwdAge")
'========================================
' Calculate the number of days that are
' held in this value.
'========================================
numDays = CCur((maxPwdAge.HighPart * 2 ^ 32) + _
maxPwdAge.LowPart) / CCur(-864000000000)
'WScript.Echo "Maximum Password Age: " & numDays
'========================================
' Determine the last time that the user
' changed his or her password.
'========================================
Set oUser = GetObject("LDAP://" & strUserDN)
'========================================
' Add the number of days to the last time
' the password was set.
'========================================
whenPasswordExpires = DateAdd("d", numDays, oUser.PasswordLastChanged)
fromDate = Date
daysLeft = DateDiff("d",fromDate,whenPasswordExpires)
'WScript.Echo "Password Last Changed: " & oUser.PasswordLastChanged
if (daysLeft < warningDays) and (daysLeft > -1) then
Msgbox "Password Expires in " & daysLeft & " day(s)" & " at " & whenPasswordExpires & chr(13) & chr(13) & "Once logged in, press CTRL-ALT-DEL and" & chr(13) & "select the 'Change a password' option", 0, "PASSWORD EXPIRATION WARNING!"
End if
End if
'========================================
' Clean up.
'========================================
Set oUser = Nothing
Set maxPwdAge = Nothing
Set oDomain = Nothing
这是原始答案和脚本
进入您的 GPO 的 VBS 脚本显示一个弹出窗口,告诉用户他们的密码在 # 天后到期,并且用户必须单击确定以关闭。
它进入 GPO - 用户配置 - 策略 - 管理模板 - 系统 - 登录 - 在用户登录时运行这些程序。您还需要将文件夹位置添加到 IE 可信站点,以避免弹出询问是否应运行脚本的弹出窗口。
PwExpChk.vbs
'========================================
' First, get the domain policy.
'========================================
Dim oDomain
Dim oUser
Dim maxPwdAge
Dim numDays
Dim warningDays
warningDays = 6
Set LoginInfo = CreateObject("ADSystemInfo")
Set objUser = GetObject("LDAP://" & LoginInfo.UserName & "")
strDomainDN = UCase(LoginInfo.DomainDNSName)
strUserDN = LoginInfo.UserName
Set oDomain = GetObject("LDAP://" & strDomainDN)
Set maxPwdAge = oDomain.Get("maxPwdAge")
'========================================
' Calculate the number of days that are
' held in this value.
'========================================
numDays = CCur((maxPwdAge.HighPart * 2 ^ 32) + _
maxPwdAge.LowPart) / CCur(-864000000000)
'WScript.Echo "Maximum Password Age: " & numDays
'========================================
' Determine the last time that the user
' changed his or her password.
'========================================
Set oUser = GetObject("LDAP://" & strUserDN)
'========================================
' Add the number of days to the last time
' the password was set.
'========================================
whenPasswordExpires = DateAdd("d", numDays, oUser.PasswordLastChanged)
fromDate = Date
daysLeft = DateDiff("d",fromDate,whenPasswordExpires)
'WScript.Echo "Password Last Changed: " & oUser.PasswordLastChanged
if (daysLeft < warningDays) and (daysLeft > -1) then
Msgbox "Password Expires in " & daysLeft & " day(s)" & " at " & whenPasswordExpires & chr(13) & chr(13) & "Once logged in, press CTRL-ALT-DEL and" & chr(13) & "select the 'Change a password' option", 0, "PASSWORD EXPIRATION WARNING!"
End if
'========================================
' Clean up.
'========================================
Set oUser = Nothing
Set maxPwdAge = Nothing
Set oDomain = Nothing
| 归档时间: |
|
| 查看次数: |
41846 次 |
| 最近记录: |