From this:
To this:
Now I don't know about you, but I find this revolting. I know that an administrator, and savvy users would eventually pick up on the notification in the corner, but why change a good thing?
Anyways, with some googling I have come up with a way to get all of this together with GPP.
Pretty simple really once you get the script going. All we need to do is make sure that the newly created GPO with the preferences is linked to the OU where the Terminal servers are.
The script (received from here: http://community.spiceworks.com/scripts/show/1594-password-expiration-pop-up-for-windows-7)
'==========================================
' Check for password expiring notification
'==========================================
' First, get the domain policy.
'==========================================
Dim oDomain
Dim oUser
Dim maxPwdAge
Dim numDays
Dim warningDays
warningDays = 14
Set LoginInfo = CreateObject("ADSystemInfo")
Set objUser = GetObject("LDAP://" & LoginInfo.UserName & "")
strDomainDN = UCase(LoginInfo.DomainDNSName)
strUserDN = LoginInfo.UserName
'========================================
' Check if password is non-expiring.
'========================================
Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000
intUserAccountControl = objUser.Get("userAccountControl")
If intUserAccountControl And ADS_UF_DONT_EXPIRE_PASSWD Then
'WScript.Echo "The password does not expire."
Else
Set oDomain = GetObject("LDAP://" & strDomainDN)
Set maxPwdAge = oDomain.Get("maxPwdAge")
'========================================
' Calculate the number of days that are
' held in this value.
'========================================
numDays = CCur((maxPwdAge.HighPart * 2 ^ 32) + _
maxPwdAge.LowPart) / CCur(-864000000000)
'WScript.Echo "Maximum Password Age: " & numDays
'========================================
' Determine the last time that the user
' changed his or her password.
'========================================
Set oUser = GetObject("LDAP://" & strUserDN)
'========================================
' Add the number of days to the last time
' the password was set.
'========================================
whenPasswordExpires = DateAdd("d", numDays, oUser.PasswordLastChanged)
fromDate = Date
daysLeft = DateDiff("d",fromDate,whenPasswordExpires)
'WScript.Echo "Password Last Changed: " & oUser.PasswordLastChanged
if (daysLeft < warningDays) and (daysLeft > -1) then
Msgbox "Your password will expire in " & daysLeft & " day(s)" & " at " & whenPasswordExpires & chr(13) & chr(13) & "Press CTRL + ALT + END and select the 'Change a password' option." , 0, "Password Expiration Warning"
End if
End if
'========================================
' Clean up.
'========================================
Set oUser = Nothing
Set maxPwdAge = Nothing
Set oDomain = Nothing
Now just create a GPP, link it to the OU where the Terminal Servers are located and edit the registry like so in the GPP:
Now, notice that this GPO is a user level configuration GPO, but that is the beauty of this GPP. It runs under the registry setting of HKCU. The server is automatically going to process this script no matter who is logging in. I just have to link it to any GPO that I want users that are logging on to be notified that their password is about to expire. Now after gpupdate, I login to my Windows 2008 R2 terminal server and voila:
This message will compliment the notification area password expiration popup, but at least it is something that the users can see.
Enjoy.
