Turn on the Password Expiration Notification in Windows 7 and 8

At work since rolling out Windows 7 and 8 we have found that users are not prompted to change their password before it expires. This leads to them being prompted to input a username and password after they have logged in and started working. Then then have to logout, change their password and log back in again which is less then ideal. Since we set this by group policy originally it seemed strange that this would be affected by the Windows upgrade.

After some investigation it appeared that the setting wasn’t defined in Group Policy. This post acts as a reminder for myself and for others to explain how to turn on the password expiration notification in Windows 7 and 8.

  1.  Open up a run dialog on your domain controller by pressing Win Key + [R]. Type in gpedit.msc and press ENTER or click on OK, or if you have the Remote Server Administration Tools (RSAT) installed open up Group Policy Management via Administrator Tools in the Control Panel.

    Run Dialog showing gpedit.msc.

    Run Dialog showing gpedit.msc.

  2.  When the Group Policy Management window appears, right click on your desired Group Policy Object (GPO) or create a new one and then from the right click menu select Edit.

    Right click and edit the GPO.

    Right click and edit the GPO.

  3. Within the Group Policy Management Editor that appears, navigate to Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Local Policies -> Security Options and open “Interactive Logon: Prompt User to change password before expiration”.

    Interactive Logon Password Notification setting.

    Interactive Logon Password Notification setting.

  4. Within the policy window select the Security Policy Setting tab and tick “Define this policy setting”. You can then define your time limit in days for when the prompt appears to the user to inform them that their password will expire. This will count down and prompt each day until the day of expiry when they get the option to change it. We set it for 5 days but others I’ve seen set it to 14, put in you desired prompt limit. Press Apply and OK and close down the Group Policy Management Editor and Group Policy Management windows.

    Set notification interval.

    Set notification interval.

The policy will be applied the next time each machine updates it’s Group Policy settings and users will receive the prompt when their password expiry date hits the trigger we just defined.

Subscribe to my feed either by E-mail or by RSS to receive updates as they happen.

Can you improve on any of the tips I’ve discussed here? If you can let me know in the comments.

Jason Edwards