Hi Raoul
"VB script look at last logon date and if it is more than 60 days
before the current day then you can have it disable the account. "
This is exactly what I want . Would be great help if I can get the script.
On 12/20/06, Raoul Armfield <armfield@amnh.org> wrote:
Noaman Khan wrote:
> Hello,
>
> Depends on if system is part of AD or not. If so ensure that your
> domain security policy is set to Maximum password age for 60 days.
> Also verify your local security policy.
>
> Thanks
It sounds like he already has the 60 day policy in place. What he is
looking for is the ability to prevent someone from logging on after 60
days of inactivity.
OP:
You can probably script something like that by having a VB script look
at last logon date and if it is more than 60 days before the current day
then you can have it disable the account. This will force the user to
contact the admin to reenable the account.
I can probably dig up a quick script that will do this if you need/want it.
Raoul
>
> Noaman
>
> On 12/20/06, dubaisans dubai <dubaisans@gmail.com> wrote:
>> I want to ensure that Windows 2000 domain users who are not logging in
>> for 60 days cannot login after that without admin intervention.
>>
>> In Windows NT 4.0 I used to enable the checkbox "User must login to
>> change password" and had a password expiry of 60 days. So if somebody
>> did not change password in 60 days and came later he could not login.
>> administrator had to reset his expired password
>>
>> In Windows 2000 how do I achieve this ? I donot see this option "User
>> must login to change password" anywhere. I have set the password
>> expiry for 60 days. But somebody who logs in after 90 days also can
>> use his old password , immediately change to new one and login
>> successfully.
>>
>> or is there a better way in Windows 2000 to automatically disable
>> inactive accounts ?
>>
>
--
Raoul Armfield
rarmfield at amnh dot org
