Hi Raoul "VB script look at last logon date and if it is more than 60 days before the current day then you can have it disable the account. "
This is exactly what I want . Would be great help if I can get the script. On 12/20/06, Raoul Armfield <[EMAIL PROTECTED]> wrote:
Noaman Khan wrote: > Hello, > > Depends on if system is part of AD or not. If so ensure that your > domain security policy is set to Maximum password age for 60 days. > Also verify your local security policy. > > Thanks It sounds like he already has the 60 day policy in place. What he is looking for is the ability to prevent someone from logging on after 60 days of inactivity. OP: You can probably script something like that by having a VB script look at last logon date and if it is more than 60 days before the current day then you can have it disable the account. This will force the user to contact the admin to reenable the account. I can probably dig up a quick script that will do this if you need/want it. Raoul > > Noaman > > On 12/20/06, dubaisans dubai <[EMAIL PROTECTED]> wrote: >> I want to ensure that Windows 2000 domain users who are not logging in >> for 60 days cannot login after that without admin intervention. >> >> In Windows NT 4.0 I used to enable the checkbox "User must login to >> change password" and had a password expiry of 60 days. So if somebody >> did not change password in 60 days and came later he could not login. >> administrator had to reset his expired password >> >> In Windows 2000 how do I achieve this ? I donot see this option "User >> must login to change password" anywhere. I have set the password >> expiry for 60 days. But somebody who logs in after 90 days also can >> use his old password , immediately change to new one and login >> successfully. >> >> or is there a better way in Windows 2000 to automatically disable >> inactive accounts ? >> > -- Raoul Armfield rarmfield at amnh dot org
