Noaman Khan wrote:
Hello,
Depends on if system is part of AD or not. If so ensure that your
domain security policy is set to Maximum password age for 60 days.
Also verify your local security policy.
Thanks
It sounds like he already has the 60 day policy in place. What he is
looking for is the ability to prevent someone from logging on after 60
days of inactivity.
OP:
You can probably script something like that by having a VB script look
at last logon date and if it is more than 60 days before the current day
then you can have it disable the account. This will force the user to
contact the admin to reenable the account.
I can probably dig up a quick script that will do this if you need/want it.
Raoul
Noaman
On 12/20/06, dubaisans dubai <[EMAIL PROTECTED]> wrote:
I want to ensure that Windows 2000 domain users who are not logging in
for 60 days cannot login after that without admin intervention.
In Windows NT 4.0 I used to enable the checkbox "User must login to
change password" and had a password expiry of 60 days. So if somebody
did not change password in 60 days and came later he could not login.
administrator had to reset his expired password
In Windows 2000 how do I achieve this ? I donot see this option "User
must login to change password" anywhere. I have set the password
expiry for 60 days. But somebody who logs in after 90 days also can
use his old password , immediately change to new one and login
successfully.
or is there a better way in Windows 2000 to automatically disable
inactive accounts ?
--
Raoul Armfield
rarmfield at amnh dot org
