Password Expiration

Forums Desktop Info Password Expiration

Tagged: ,

Viewing 13 reply threads
  • Author
    Posts
    • #3155
      AvatarArvis
      Participant

      Anyone know why this doesn’t work or could provide an alternative? I searched the forums and saw the vbs, but we would prefer not to use that if possible.

      WMI=active:1,namespace:root\CIMV2,query:Win32_NetworkLoginProfile,display:%PasswordExpires%

      0
    • #3156
      GlennGlenn
      Keymaster

      Seems to be throwing an access violation. I’ll look into it.

      0
    • #3158
      AvatarArvis
      Participant

      Thank you! We got it to work with Sysinternals BGInfo using “SELECT PasswordExpires FROM Win32_NetworkLoginProfile” but we prefer desktopinfo

      0
    • #3159
      GlennGlenn
      Keymaster

      Found it. Fixed in the next release. It seems the bug was mangling any wmi query with a date/time field.

      0
    • #3194
      AvatarArvis
      Participant

      The date comes back correctly now, but for some reason when is displays it does so twice, the first time as null. Do I have the correct query?

      WMI=active:1,text:Password Expires on, namespace:root\CIMV2, query:Win32_NetworkLoginProfile,display:%PasswordExpires_month%/%PasswordExpires_day%/%PasswordExpires_year%

      0
      • #3196
        GlennGlenn
        Keymaster

        Most likely there are multiple accounts, such as system account. Add “row-text:%Caption%” to see the account names.

        You could also add a where clause to reduce the accounts returned:
        query:Win32_NetworkLoginProfile where UserType=”Normal Account”

        0
    • #3198
      AvatarArvis
      Participant

      Win32_NetworkLoginProfile where UserType=”Normal Account” did the trick. Thank you so much!

      +1
    • #3210
      AvatarArvis
      Participant

      To create a threshold for the line above I added threshold1:21 33025716 0000ff
      Using WMI explorer, I think PasswordAge is threshold 21 and PasswordExpires is 22 in the list. It returns the number of seconds, so for testing I put in a number lower my current passwordage result.

      I also tried to do this by setting a variable using a similar wmi query to then do a comparison and show a message if an account is nearing expiration.

      We have a lot of users that are unaware their password is about to expire and would like to either make the text red, or have a message added “Your password will expire in X days”, but only display when it is nearly expired.

      What’s the best way to go about this?

      0
    • #3211
      AvatarArvis
      Participant

      This is probably a lot more complicated than it needs to be, but I achieved the desired result with this:

      WMI=namespace:root\CIMV2,query:Win32_NetworkLoginProfile where UserType=”Normal Account”,display:%PasswordAge_day%,Hidden:1,set:age
      Set=key:expire,value:{{90-%age%}}
      IF=value1:%age%,value2:85,comparator:gt
      CONTROL=type:1,color:#FF6347,font-size:125%,display:Your password will expire in %expire% days!

      +1
      • #3212
        GlennGlenn
        Keymaster

        Looks good. I don’t know that there’s a simpler way, you could probably put the %expire% expression directly in the control display option. What are you using the CONTROL to do? Does it link to a windows function?

        0
    • #3213
      AvatarArvis
      Participant

      I’m using CONTROL to create a hyperlink to our password reset portal.

      +1
    • #3300
      Avatarbrett magee

      anyone know how to actually get password expiry date to work
      i cant get it at all

      0
      • #3302
        GlennGlenn
        Keymaster

        If you’re using the above query as a starting point, I discovered WMI doesn’t like the quote character. So when you do a copy/paste, change the quote characters around “Normal Account” to standard double quotes.

        +1
    • #3303
      Avatarbrett magee

      thanks for the reply, i already sussed that bit but, it blips in red then disappears
      what am i doing wrong

      0
    • #3304
      GlennGlenn
      Keymaster

      post your code.

      0
    • #3305
      AvatarArvis
      Participant

      This is what I ended up using and it works great for us!

      # Create and define variable for Password Age “age”
      WMI=namespace:root\CIMV2,query:Win32_NetworkLoginProfile where UserType=”Normal Account”,Hidden:1,interval:60,display:%PasswordAge_day%,set:age
      Set=key:expire,value:{{90-%age%}}

      # Create and define variable for Password Expiration Date “pwdate”
      WMI=color:#FFFB00,hidden:1,interval:60,font-size:115%,text:Password Expires, namespace:root\CIMV2,query:Win32_NetworkLoginProfile where UserType=”Normal Account”,display:%PasswordExpires_month%/%PasswordExpires_day%/%PasswordExpires_year%,set:pwdate

      # Display message if user is not connected to network or VPN
      If=value1:%pwdate%,value2:0,comparator:lt
      COMMENT=color:#FFFB00,font-size:125%,text:Connect to VPN to see your password expiration date

      # Display password expiration date if connected to city network or VPN
      If=value1:%pwdate%,value2:0,comparator:gt
      TEXT=color:#FFFFFF,font-size:125%,text:Password Expires on,display:%pwdate%

      # Display message if password is close to expiration date with a link to password reset portal
      IF=value1:%expire%,value2:7,comparator:lt
      COMMENT=color:#FF6347,font-size:125%,text:Your password will expire in %expire% days!,style:b

      +1
    • #3309
      Avatarbrett magee

      # page 1 date/time
      COMMENT=active:1,color:eeeeee,font-size:140%,style:wb,text:Nottingham University Hospitals,lid:banner
      DATETIME=active:1,interval:10,color:#42c8f4,display:%1[ddd] %2[1.0d] %3[mmm] %4[yyyy]\, %5[1.0a]:%6[2.0d] %5[2.0p]
      USER=active:1,set:username,hidden:1
      HOST=active:1,text:Host/User,display:%1/%username%
      REG=active:1,value:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ReleaseId,set:releaseid,hidden:1
      WMI=active:1,color:#42c8f4,text:Windows,namespace:root\cimv2,query:Win32_OperatingSystem,display:%caption% %releaseid%|
      BOOTTIME=display:%9 %10,set:boottime,hidden:1
      UPTIME=interval:60,text:Boot Time,display:%boottime% (Up:%1 days %2 hrs %3 mins),threshold1:1 14 0000f0
      WMI=namespace:root\CIMV2,query:Win32_NetworkLoginProfile where UserType=”Normal Account”,display:%PasswordAge_day%,Hidden:1,set:age
      Set=key:expire,value:{{1-%age%}}
      IF=value1:%age%,value2:85,comparator:gt
      CONTROL=type:1,color:#FF6347,font-size:125%,display:Your password will expire in %expire% days!

      0
      • #3316
        GlennGlenn
        Keymaster

        Hard to say. It could be because the wmi query is returning multiple rows. Set hidden to 0 and see how many rows it returns. You might be seeing what I see here which is a non-user account is getting included. I solved that by adding ” and Privileges>0″ to the where clause.

        I note you are using the PasswordAge rather than PasswordExpires that we used above. That’s ok, the logic is kind of reversed.

        Let’s say your policy says the maximum password age is 85 days. You want to show a warning when the age gets to within 7 days of expiry.

        The WMI gets the current password age, the SET calculates the days remaining, the IF checks if that’s less than 7 days and the CONTROL displays the warning.

        
        WMI=namespace:root\CIMV2,query:Win32_NetworkLoginProfile where UserType="Normal Account" and Privileges>0,display:%PasswordAge_day%,Hidden:1,set:age
        SET=key:expires,value:{{85-%age%}}
        IF=value1:%expires%,value2:7,comparator:lt
        CONTROL=type:1,color:#FF6347,font-size:125%,display:Your password will expire in %expires% days!
        
        • This reply was modified 5 months ago by GlennGlenn.
        0
Viewing 13 reply threads
  • You must be logged in to reply to this topic.
Do NOT follow this link or you will be banned from the site!