Windows – How do i remove a password expiration policy

active-directorygroup-policypasswordwindows

We had a password expiration policy recently removed from our AD but some users continued to get the "..your password will expire in x days. would you like to change it now?" message.

So we added a reverse/undo policy to correct the local registry settings

Maximum password age = 0 days
Minimum password age = 0 days

This hasn't worked as new users still seem to encounter the above "change password" message sporadically. We have now removed all custom password policy GPOs and are left with the "Default Domain Policy". Still no good.

Can someone point me in the direction to fix this? And an explanation into what i was doing wrong (/how password expiration policies apply) would be useful too. thanks

Environment is 2k3 server with mostly XPsp2 clients.

Best Answer

I can't remember exactly, but from memory, If the user account has already expired they are marked in the AD db as such and need to be reset anyway even if you remove the policy afterwards.

Related Solutions

Windows Server 2003 – Accounts Password Stays Expired After Group Policy Change

Once a password is expired that is it. They will be prompted to change it. Even if you change the group policy. The reason is because the account has a flag get set that says "change password on next login"

You could go into the User & Groups Manager and set the user back to not expired password.

Ssh – How to automate SSH login with password

Don't use a password. Generate a passphrase-less SSH key and push it to your VM.

If you already have an SSH key, you can skip this step… Just hit Enter for the key and both passphrases:

$ ssh-keygen -t rsa -b 2048
Generating public/private rsa key pair.
Enter file in which to save the key (/home/username/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/username/.ssh/id_rsa.
Your public key has been saved in /home/username/.ssh/id_rsa.pub.

Copy your keys to the target server:

$ ssh-copy-id id@server
id@server's password:

Now try logging into the machine, with ssh 'id@server', and check-in:

.ssh/authorized_keys

Note: If you don't have .ssh dir and authorized_keys file, you need to create it first

to make sure we haven’t added extra keys that you weren’t expecting.

Finally, check to log in…

$ ssh id@server

id@server:~$

You may also want to look into using ssh-agent if you want to try keeping your keys protected with a passphrase.

Best Answer

Related Solutions

Windows Server 2003 – Accounts Password Stays Expired After Group Policy Change

Ssh – How to automate SSH login with password

Related Topic