Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Password problem - please help

Status
Not open for further replies.
shannanl

shannanl

IS-IT--Management
Apr 24, 2003
1,071
US
We have a domain with about 75 computers. Our policy is to change the password every 30 days which we enforce in group policy, with warning messages that it needs to be changed starting 7 days out from expiration. The problem is that if the user never logs off the computer, they never are prompted to change their passwords and they never receive the warning messages. Windows 2000 server will not just lock the user down and display a "password expired" message when the password expires. They are just denied permission to certain shares. It is very confusing for the user and the tech that tries to diagnosis the problem. I need a way to force the log off of the user after business hours or a way to completely lock the user down if the password expires. Anybody have a suggestion on what I should do.

Thanks,

Shannan
 
Sort by date Sort by votes
Shannan,

Have you tried restricting user logon hours and then enforcing Automatically log off users when logon time expires. I have never actually used this feature of Windows 2000, but I do believe it will log off users once there logon hours that you have specified have expired. For instance you can specify each user can only logon from Monday - Friday 8AM to 5PM. (Although if you close at 5PM you might wanna give them so leway in case they stay late.) Once 5PM rolls around the system should (in theory) automatically log off the user if you turn this feature on. (Be careful with this feature as I dont think any open programs with data will be saved.) Then the user will have to logon again the next day, and thus give your password expiration warning. Not sure if this will solve your problem but maybe it will lead you in the right direction.


Please let me know if this helps you!

Acquisitive_One, MCSA, A+


Acquisitive - 1. Characterized by a strong desire to gain and possess. 2. Tending to acquire and retain ideas or information :)
 
Upvote 0 Downvote
I can't really set logoff hours because we are a hospital and anybody could be called in at any time. However I could set the hours to something like 1:00 am to 1:01 am and that would only lock them out for one minute. That might just do the trick.

I will check into this and let you know how it work.

Thanks,

Shannan
 
Upvote 0 Downvote
This is why I love Microsoft. I find where I can end the session, but where do I set the times for the session? Silly me to think it would be in one neat easy to find package. ha ha

Thanks,

Shannan
 
Upvote 0 Downvote
this server is killing my replies today, will try again.

The hour restriction will not let you specify less than a half hour period in the day.

How about setting each users system to reboot at a given time every day? That will log them off!

Seriously, you need to establish Corporate system security policy (even in, and especially in a hospital) that requires users to log in evey day and log off at night. Anything less is a total security breach, and users will just be too lazy to log in unless they actually have to every day, and none of your group policies, etc., will take effect until they do.

Best Option available include manditory logoff times (which do not have to be the same for everyone). Reason: this is needed to be able to backup critical files on a reliable basis.

This is the best reason is for system backup, because users who are logged on will hold open the files they are accessing and these will not be backed up because they will be locked open. If you have users that stay logged on for days their files will never be backed up. Setting this sends warning messages to the users and generates a log audit trail, and nasty admin messages to the offending user with copies to their boss to follow Corporate log off guidelines will have the desired result (might take a few messages before the boss gets tired of receiving it of steps on the offender). Really this is a user traiing issue, and you must change their bad habits. If you can't, then their boss is the one that must enforce it. Might take a little work, but it will identify the really offending people and do corrective action.

HTH

David
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

ravalos
  • Locked
  • Question
Problem with PDFs in IIS
Replies
1
Views
448
gbaughma
gbaughma
Abdullah Al Maruf
  • Locked
  • Question
Telnet help for
Replies
2
Views
223
gbaughma
gbaughma
rzammit82
  • Locked
  • Question
Windows Server 2016 - DNS/AD problem
Replies
1
Views
292
suncit
suncit
Mohamed-IT
  • Locked
  • Question
Windows server 2019 password locked
Replies
1
Views
77
strongm
strongm
Fireksf
  • Locked
  • Question
Avaya IPOCC not generate Report, Please any body if you a have any idea help me.
Replies
1
Views
108
MarkSweetland
MarkSweetland

Part and Inventory Search

Sponsor

Back
Top