none
Delete RRS feed

All replies

  • You will have to run this under task scheduler at logon or add it as a batch to the public "Startup" folder.

    Also that COM object does not work on all newer Windows versions. It does nothing.


    \_(ツ)_/

    Wednesday, July 25, 2018 6:57 PM
  • i've always preferred to run a script that will e-mail the user @ 30 days 10 days and the day before password expires. 

    i find it to be a cleaner system and add's documented accountability towards the user.

    Wednesday, July 25, 2018 7:01 PM
  • Works beautifully on 2012 R2 and 2016 as I've been testing this on both of those terminal servers, but when I have my lockdown policy, the security dialog screen won't get called.

    So it's not an OS version issue I would think since otherwise it wouldn't work before I lock down the terminals.  And since it works fine as a logon script until I lock down the terminal with that GPO then I don't know why I should have to add it to some public startup or task scheduler?

    Unless there's something "obvious" that as a non scripter I"m missing that you assume I should know, which is entirely possible. ;)


    John

    Wednesday, July 25, 2018 7:02 PM
  • We don't want to do that, many users have no email and those who do may see the email and just ignore it until it's too late anyway.  This way at least it was in their face ON THE SYSTEM that they need to call up the security window to change the password, so we can't make it any easier for them (other than setting passwords to not expire which I won't do on this system). ;)


    Thanks!


    John

    Wednesday, July 25, 2018 7:03 PM
  • By default Windows 10 is "locked down" and will not run that com object. 

    Post in GP forum for help with adapting GP to your needs if it is possible.  It is not  scripting issue.


    \_(ツ)_/

    Wednesday, July 25, 2018 7:05 PM
  • Sorry, I thought maybe scripting people would know offhand which GP object might block this functionality.  Sorry for intruding.  Just delete this then and I'll go elsewhere.


    John

    Wednesday, July 25, 2018 7:08 PM
  • I tested on Win7 and WS2006r2 and the COM works.  It will not liely work during logon as logon scripts run to soon.  The GP forum will help you adjust this but that will slow down all logons.

    A scheduled task didtributed by GP will run after the UI is complete and will show for the user.

    Most of us use emails.  The emails are sent days ahead and warn the user.  The system will force the user to change passwords when the password expires.


    \_(ツ)_/

    Wednesday, July 25, 2018 7:09 PM
  • Sorry, I thought maybe scripting people would know offhand which GP object might block this functionality.  Sorry for intruding.  Just delete this then and I'll go elsewhere.


    John

    That is why I posted to post in the GP forum.  The question is a GP question and not a scripting question.

    An Admin will move this to the GP forum.

    Be patient.


    \_(ツ)_/

    Wednesday, July 25, 2018 7:11 PM
  • I love this.  Impatient non-technical users who want to demand an answer then just disappear when they do not get instant gratification.  Not very professional.


    \_(ツ)_/

    Wednesday, July 25, 2018 7:14 PM
  • he re-posted; linking this meow.
    Wednesday, July 25, 2018 7:41 PM
  • I was told to go elsewhere, so I did.  "Non technical"  - LOL.


    John

    Wednesday, July 25, 2018 7:44 PM
  • he re-posted; linking this meow.

    Deleting the banner post is not helpful.  Even incomplete solutions are useful to others.

    \_(ツ)_/

    Wednesday, July 25, 2018 7:49 PM
  • I was told it didn't belong here so that was the best I could do since I have no option to delete the thread I created.  There weren't even incomplete solutions in here.  Just incorrect facts (doesn't work on new operating systems) or people putting opinion in, not answers (you should send an email that's what I do).


    John

    Wednesday, July 25, 2018 7:53 PM
  • I was told it didn't belong here so that was the best I could do since I have no option to delete the thread I created.  There weren't even incomplete solutions in here.  Just incorrect facts (doesn't work on new operating systems) or people putting opinion in, not answers (you should send an email that's what I do).


    John

    Nothing incorrect in that.

    You issue is either GP (post in GP forum) or requires relaxing restrictions.  Windows 10 will not run that code.  Win 7 and WS2008r2 will if their are no restrictions on COM and on specific COM objects.

    There are also some bugs in the April update that will disable some COM objects on some OSs.

    None of this rally has anything to do with scripting.  As you posted the script runs on some systems and not others.  That may not solve your problem but it is useful information for others.

    Most of the issues require an in-depth understanding of Windows technologies and experience in breaking down and troubleshooting  a problem in NT.  Impatience will not gain you this experience.

    I hope you find a resolution that suits your needs.   You are not the first one to post here with the old "I want to do passwords in my own way" kind of question.  In the end most return to using the built-in Windows password notification settings in AD/GP that do al of this for you.


    \_(ツ)_/

    Wednesday, July 25, 2018 8:04 PM
  • Here is one GP and W8.1/W10 issue that will affect the execution of your code.  The following is an MS support KB article:

    https://support.microsoft.com/en-us/help/2895815/logon-scripts-do-not-run-for-five-minutes-after-a-user-logs-on-to-a-wi


    \_(ツ)_/

    Wednesday, July 25, 2018 8:37 PM