I have been getting lots of questions from everyone, and that is great
This week I got a question from Charles,
I have a problem, I need to run a VB Script that will tell users that their password needs to be changed in x days. The Windows 7 balloon is not effective, and users miss it. Also, I do not want it to slow down the login. So what options do I have left?”
This is an excellent question. Other versions of windows might not even tell you.
For example: A user could leave their system on for days and days, and then cross the threshold of the password expiration date – suddenly nothing works for them.
You know what that means – another call to the help desk!
I have a good trick to filling all of your requirements. I have translated them to:
1. Make sure the users logon is swift, and not interrupted by a password expiration notice (Especially because windows just told them about it!)
2. While they are using windows, make it clear that their password expired. Don’t depend on Windows to properly notify them.
3. Do all of this from a script, no extra programs required
I think we can make that happen. First, we need a script to see if and when the users password expires. I found one that Microsoft has provided, and I have modified it to suit our needs.
The script has one function – PasswordDaysLeft. You call it, and it returns the number of days left before the password expires. If the function returns 99999 then the password never expires.
For example, if we wanted to know that in 10 days or less the password would expire, we would call it like this:
if (PasswordDaysLeft() <= 10) then MsgBox("Your password will expire in " & PasswordDaysLeft() & " days!") end if
So now we have the ability to check for password expiration. But what about the original request? We don't want it to pop up at startup, but later.
Here is how we can get our script to do that:
We will loop in our script, and only check every 5 minutes. In addition, we will only start checking 20 minutes after the user logs in:
'Sleep for 20 minutes
WScript.Sleep(20 * 1000 * 60)
bRunning = TRUE
'20 minutes is up, check every 5 min to see if password is too old
if (PasswordDaysLeft() <= 10) then MsgBox("Your password is about to expire. Please log off right now and change it") bRunning = FALSE end if WScript.Sleep(5 * 1000 * 60) wend
This will stay running until the password expires, or the user shuts down or logs off. Once the user is notified, it will exit and not bother them again.
Now we have most of what we need:
-A function that tells us how many days before a password expires
-A script to check it.
How do we get it to run in the background?
That is easy. From the users logon bat file we call our VB Script like this:
start wscript \\server\share\PasswordExpires.vbs
This tells the BAT file to fire up our script, but not to wait for it.
So here is what happens:
The user logs in, the script is launched into the background. It silently waits for 20 minutes, and then on 5 minute intervals it checks if the password expired. If it did, then the user gets a notification and it quits.
It think that covers everything. The logon is quick, since it launches our script in the background and lets the user get right to their business.
You can download the zip file with the VBS file, and an example BAT logon script here:
One more thing...Subscribe to my newsletter and get 11 free network administrator tools, plus a 30 page user guide so you can get the most out of them. Click Here to get your free tools