据我了解,Windows 7 用户在登录过程中不会收到密码过期通知 - 它严格来自系统托盘。
我们目前已禁用托盘气球通知,以减少用户的注意力,我希望在登录过程中更改密码的过程比在现有会话中更顺畅。因此,用户将在密码到期时收到更改密码的提示。
用户还连接到终端服务框,但会在那里收到密码过期的高级通知。因此,Windows 7 不会通知,但 TS/RDS 和 XP 框会通知。有配置指南吗?就我个人而言,我会关闭所有过期通知,但我知道大多数用户更愿意看到通知。有什么想法吗?我可能忽略了任何 GPO 或其他设置?下面的交互式登录设置已为我们的 Win7 工作站 GPO 启用。我的想法是气球通知将重新启用 Windows 7,但我想看看是否有人知道替代方案。谢谢。
计算机配置\Windows 设置\安全设置\本地策略 - 安全选项
交互式登录:提示用户在密码到期前更改密码
答案1
这听起来像是这样的情况之一:您做出了一个非常明智的配置选择(禁用气球通知以改善用户体验)。然后出现了与该决定相冲突的事情。此时,您可以妥协(通常最终会陷入一团糟,或者与问题的实际规模相比变得异常复杂)。或者,撤回您的更改。在大多数情况下,我认为最好吸取教训,并撤回先前的决定。
tl;dr 重新启用气球通知。
答案2
这是一篇旧帖子,但我最终更新了脚本以检测并且不响应未过期的密码。
'==========================================
' Check for password expiring notification
'==========================================
' First, get the domain policy.
'==========================================
Dim oDomain
Dim oUser
Dim maxPwdAge
Dim numDays
Dim warningDays
warningDays = 6
Set LoginInfo = CreateObject("ADSystemInfo")
Set objUser = GetObject("LDAP://" & LoginInfo.UserName & "")
strDomainDN = UCase(LoginInfo.DomainDNSName)
strUserDN = LoginInfo.UserName
'========================================
' Check if password is non-expiring.
'========================================
Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000
intUserAccountControl = objUser.Get("userAccountControl")
If intUserAccountControl And ADS_UF_DONT_EXPIRE_PASSWD Then
'WScript.Echo "The password does not expire."
Else
Set oDomain = GetObject("LDAP://" & strDomainDN)
Set maxPwdAge = oDomain.Get("maxPwdAge")
'========================================
' Calculate the number of days that are
' held in this value.
'========================================
numDays = CCur((maxPwdAge.HighPart * 2 ^ 32) + _
maxPwdAge.LowPart) / CCur(-864000000000)
'WScript.Echo "Maximum Password Age: " & numDays
'========================================
' Determine the last time that the user
' changed his or her password.
'========================================
Set oUser = GetObject("LDAP://" & strUserDN)
'========================================
' Add the number of days to the last time
' the password was set.
'========================================
whenPasswordExpires = DateAdd("d", numDays, oUser.PasswordLastChanged)
fromDate = Date
daysLeft = DateDiff("d",fromDate,whenPasswordExpires)
'WScript.Echo "Password Last Changed: " & oUser.PasswordLastChanged
if (daysLeft < warningDays) and (daysLeft > -1) then
Msgbox "Password Expires in " & daysLeft & " day(s)" & " at " & whenPasswordExpires & chr(13) & chr(13) & "Once logged in, press CTRL-ALT-DEL and" & chr(13) & "select the 'Change a password' option", 0, "PASSWORD EXPIRATION WARNING!"
End if
End if
'========================================
' Clean up.
'========================================
Set oUser = Nothing
Set maxPwdAge = Nothing
Set oDomain = Nothing
这是原始答案和脚本
进入您的 GPO 的 VBS 脚本会显示一个弹出窗口,告知用户他们的密码将在 # 天后过期,并且用户必须单击“确定”才能关闭。
它位于 GPO - 用户配置 - 策略 - 管理模板 - 系统 - 登录 - 在用户登录时运行这些程序。您还需要将文件夹位置添加到 IE 受信任的站点,以避免弹出询问是否应运行脚本的窗口。
密码检查工具
'========================================
' First, get the domain policy.
'========================================
Dim oDomain
Dim oUser
Dim maxPwdAge
Dim numDays
Dim warningDays
warningDays = 6
Set LoginInfo = CreateObject("ADSystemInfo")
Set objUser = GetObject("LDAP://" & LoginInfo.UserName & "")
strDomainDN = UCase(LoginInfo.DomainDNSName)
strUserDN = LoginInfo.UserName
Set oDomain = GetObject("LDAP://" & strDomainDN)
Set maxPwdAge = oDomain.Get("maxPwdAge")
'========================================
' Calculate the number of days that are
' held in this value.
'========================================
numDays = CCur((maxPwdAge.HighPart * 2 ^ 32) + _
maxPwdAge.LowPart) / CCur(-864000000000)
'WScript.Echo "Maximum Password Age: " & numDays
'========================================
' Determine the last time that the user
' changed his or her password.
'========================================
Set oUser = GetObject("LDAP://" & strUserDN)
'========================================
' Add the number of days to the last time
' the password was set.
'========================================
whenPasswordExpires = DateAdd("d", numDays, oUser.PasswordLastChanged)
fromDate = Date
daysLeft = DateDiff("d",fromDate,whenPasswordExpires)
'WScript.Echo "Password Last Changed: " & oUser.PasswordLastChanged
if (daysLeft < warningDays) and (daysLeft > -1) then
Msgbox "Password Expires in " & daysLeft & " day(s)" & " at " & whenPasswordExpires & chr(13) & chr(13) & "Once logged in, press CTRL-ALT-DEL and" & chr(13) & "select the 'Change a password' option", 0, "PASSWORD EXPIRATION WARNING!"
End if
'========================================
' Clean up.
'========================================
Set oUser = Nothing
Set maxPwdAge = Nothing
Set oDomain = Nothing