This script can be used to check if a user’s password is about to expire
and throws a popup windows alerting the user, and explaining to change the password.
By default it will start the popup when its 7 days or less to expire.
The code:
'## WARN ABOUT PASSWORD IS ABOUT TO EXPIRE
'updated by Felipe Ferreira July 2012
option explicit
'On Error Resume Next
Const CEMNANOSEGUNDOS = .000000100
Const DIASEMSEGUNDOS = 86400
Dim dtmValue,dblMaxPwdNano,dblMaxPwdDays,dblMaxPwdSecs
Dim objADSystemInfo : Set objADSystemInfo = CreateObject("ADSystemInfo")
Dim objUser : Set objUser = GetObject("LDAP://" & objADSystemInfo.UserName)
Dim objDomain : Set objDomain = GetObject("LDAP://" & objADSystemInfo.DomainDNSName)
Dim objMaxPwdAge : Set objMaxPwdAge = objDomain.Get("maxPwdAge")
'IF USER HAS SET "Password Never Expires" skipes check and exit script
if (objUser.userAccountControl = 65536 ) then
wscript.echo "AccountControl: DONT_EXPIRE_PASSWORD"
wscript.quit(0)
elseif (objUser.userAccountControl = 512 ) then
dtmValue = objUser.PasswordLastChanged
dblMaxPwdNano = _
Abs(objMaxPwdAge.HighPart * 2^32 + objMaxPwdAge.LowPart)
dblMaxPwdSecs = dblMaxPwdNano * CEMNANOSEGUNDOS
dblMaxPwdDays = Int(dblMaxPwdSecs / DIASEMSEGUNDOS)
'wscript.echo "AccountControl: NORMAL_ACCOUNT"
'wscript.echo "Max Passwd Days: " & dblMaxPwdDays
'wscript.echo "LastPasswdChange: " & dtmValue
If Int((dtmValue + dblMaxPwdDays)- Now) <= 7 Then
MsgBox objUser.Get("givenName") & ", you account will expire on " & DateValue(dtmValue + dblMaxPwdDays) & "." & vbcrlf & "Press CTRL-ALT-DEL and 'Change Password'" & vbcrlf & vbcrlf ",48,"ChangePasswordWarn"
End If
end if
'userAccountControl CODES
'ACCOUNTDISABLE 2
'LOCKOUT 16
'PASSWD_CANT_CHANGE 64
'NORMAL_ACCOUNT 512
'DONT_EXPIRE_PASSWORD 65536
Now, this is something i’m looking for in a while, does this script needs to be executed on the workstation periodicaly with task scheduler?