The message you see when your password is about to expire is not generated by the a domain controller or any user setting. The settings that
affect this notification is handled on the local computer you are logging on to. If you want to modify the behavior of when you are notified by
the system that it is time to change your password, then this summary should be of value to you.
Depending on the operating system, this value may vary. For instance, in Windows XP, the default value is 14 days. However, for Windows 7,
its set to 5 days. This value can be changed. It is stored in the registry so it can be easily modified. If you have a more than one computer
that you would like to change this value on, the best approach is to manage this via a Group Policy Object (GPO).
To deploy this setting via a GPO
- Create and link a GPO to the domain object using GPMC.
- Navigate to Computer Configuration --> Windows Settings --> Security Settings --> Local Policies --> Security Options --> Interactive Login: Prompt user to change password before expiration
- Set the correct value.
- Once the policy refreshes, users will be prompted to change their password xx days prior to the expiration.
To modify the default value on a local computer, use REGEDIT.
- Open the RUN command, type REGEDIT
- Navigation to the following location in the registry:
- HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
- Value Name: PasswordExpiryWarning
- Data Type: REG_DWORD
- Value Data: Number of Days
Simply changing or creating this key will alter the number of days prior to expiry the user will get notified.
Recommended Books & Training Resources