6 Replies Latest reply on Oct 21, 2010 9:24 PM by obelicks

    Password expiration notice not working

      We're using EEPC 5.1.8 and I've had three reports now of users' passwords expiring without warning. We have a notification that starts two weeks out that says "You password will expire in x days. Do you want to change it now?" (something to that effect). Apparently that message isn't appearing when the user logs in. We're using SSO where the user's domain password matches McAfee's EE password. The creds are passed from the pre-boot login to windows so the user doesn't have to enter their info twice. In EEPC Manager under "General" I have all seven boxes checked under "Windows Logon". Maybe I need to uncheck something there? Anyone else run into this problem? Thanks!!
        • 1. RE: Password expiration notice not working
          are you saying they are being forced to change their password without warning, or that they are not getting the warning, or forced change?
          • 2. RE: Password expiration notice not working
            Their password is expiring without warning. Every 90 days our users are forced to change their pw and a warning is supposed to appear on their screens at login starting 14 days out. Apparently this is not happening. One user states that he logged into his laptop and tried to get into email, mapped drives, etc but was denied access to all. That's when he discovered his password had expired. As an added note all encrypted laptops are primarily wireless using a static WEP key. He used a web based tool to change his password. Reading other posts McAfee really doesn't play well with any method of changing a password other than the ctrl+alt+del "change password" way. The user then locked his laptop then selected the McAfee change password check box to sync the two together. At this point windows kept popping the warning balloon about "Windows needs your current credentials". I instructed him to change his password again using the standard ctrl+alt+del method then everything was ok. But the thing that started it all was he was not warned that his password was about to expire. I asked if he reboots his laptop or just suspends it. He says he reboots at least once a day. Sorry for such a long reply!
            • 3. RE: Password expiration notice not working
              you mean then the WINDOWS password warning box did not appear (as an expired EEPC password has nothing to do with network shares etc).

              Probably Windows is accepting the login using the cached profile (which will never give you a password warning message) - this is especially true as you're using a wireless network, most likely the network is not up when the machine logs in.

              This is one of the down sides to cached profiles.

              You can integrate password change with EEPC into your web kiosk, but that's not the problem here - in truth it's nothing to do with EEPC, it's Windows not displaying the warning box because you are logging on with cached credentials, not live to the domain controller.

              remember, you can only change a domain password on a domain controller. You can't change it locally.
              • 4. RE: Password expiration notice not working
                If these systems are on your network, you can enable a GPO that requires that the network stack is loaded before login occurs. Most commonly you're logged in with your cached credentials even if you're on the network because you're logging in before the stack loads.

                This is especially true with SafeBoot/EEPC installed because is logs in much faster than a user normally would. There's a thread around here somewhere with a comment from me about which GPO it is and where to find it, it's pretty recent - last 60 days or so.
                • 5. Re: RE: Password expiration notice not working

                  we're also experiancing this issu. Is there solution to this? registry setting etc?

                   

                   

                  The password expiration Notification not show up after McAfee Endpoint Encryption installed.

                  - This will impact user keep using old password and expired- account dissable because expired.