3

We have an external user who connects to one of our servers only over Remote Desktop. The server has a local user account set up for him. The account security policy follows our normal conventions, which include a password expiry notification if the expiry date is coming up in less than 14 days.

Unlike our normal users, the remote user does not see the notification bubble when the password is about to expire. It's unclear what is causing this. The server is constantly online.

Are there any specific Group Policy settings, workarounds or known issues that affect notifications being shown over RDP connections?

ILR
  • 73
  • 2
  • 8

2 Answers2

1

Check group policy setting Interactive Logon: Prompt user to change password before expiration in Computer Configuration\Policies\Windows Settings\Security Settings\Local Policies\Security Options

It should work regardless of the type of user session. Please check resulting Group Policy on your RDP host to check that this setting not changed.

KERR
  • 415
  • 5
  • 9
Slipeer
  • 3,295
  • 2
  • 21
  • 33
  • That's the same Group Policy where we've set the 14 day notification period before expiry. Thanks for the suggestion, though. – ILR Jan 25 '17 at 09:26
  • Did you ever find a resolution to this? I've got the same problem with remote desktop services on Windows Server 2019. I have a *sneaking* suspicion this is because the RDS server is also the domain controller (it's a very small set-up). The GP mentioned above is applied and checked via rsop.msc. I've set it both in the OU applied to the server and even in Default Domain Policy but the password change prompt never appears – Rob Nicholson Mar 01 '22 at 21:20
0

I found that we had the GPO setting "Interactive Logon: Prompt user to change password before expiration" was set at the domain level, BUT our servers were in OUs with inheritance blocked.

KERR
  • 415
  • 5
  • 9