Changing the Password Expiry Warning Period

Friday, October 28, 2011

The message you see when your password is about to expire is not generated by the a domain controller or any user setting. The settings that affect this notification is handled on the local computer you are logging on to. If you want to modify the behavior of when you are notified by the system that it is time to change your password, then this summary should be of value to you.

Depending on the operating system, this value may vary. For instance, in Windows XP, the default value is 14 days. However, for Windows 7, its set to 5 days. This value can be changed. It is stored in the registry so it can be easily modified. If you have a more than one computer that you would like to change this value on, the best approach is to manage this via a Group Policy Object (GPO).

To deploy this setting via a GPO

  1. Create and link a GPO to the domain object using GPMC.
  2. Navigate to Computer Configuration --> Windows Settings --> Security Settings --> Local Policies --> Security Options --> Interactive Login: Prompt user to change password before expiration
  3. Set the correct value.
  4. Once the policy refreshes, users will be prompted to change their password xx days prior to the expiration.

To modify the default value on a local computer, use REGEDIT.

  1. Open the RUN command, type REGEDIT
  2. Navigation to the following location in the registry:
  • HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
  • Value Name: PasswordExpiryWarning
  • Data Type: REG_DWORD
  • Value Data: Number of Days

password expiry

Simply changing or creating this key will alter the number of days prior to expiry the user will get notified.

Did you find the page informational and useful? Share it using one of your favorite social sites.

Recommended Books & Training Resources

Windows Server 2008 R2 Unleashed MCITP Windows Server 2008 Enterprise Administrator: Training Kit 4-Pack: Exams 70-640 70-642 70-643 70-647