This DEXPack contains Endpoint Automation policy, rules and instructions to notify the end user about their password expiry date and pop-up window to change their password.
The IT department can reduce password reset tickets raised by end users by reminding users to change their password.
- Upload this DEXPack with the help of Product Pack Deployment Tool.
- An Endpoint Automation Policy named ChangePassword Policy will be created.
- An Endpoint Automation Rule ChangePassword Rule will be created in this policy.
- Review the Change Password rule.
- The precondition ensures that the check is performed only on the logged in user.
- Adjust the trigger IntervalHours to notify the user with a prompt. e.g. 24 hours for once daily.
- Adjust the Check days as per your requirement, this will perform the password expiry check based on the specified days.
- Adjust the Fix days and NumOfDaysToForceChange as per your requirement, days will notify the user if their password is going to expire in the specified days with a prompt to change the password and a close button and NumOfDaysToForceChange will not provide a close button and window would only close after the password is changed. NotifyUser to show notification only or show notification with password change window in itself.
- If the fix is not applied password change window notification will not appear on the end user's screen however admins can still view the device state report on Endpoint Automation portal.
- If the device is not connected to the network while evaluating the rule device state will report as unknown.
- The solution uses the NetUserChangePassword protocol to change the password.
- By default, Logo will not appear. Company logo and name need to set for interaction module.
Password Change Window Screenshots
- Password Change Notification with Cancel Button
- Password Change Notification without Cancel Button.
- Password change window.
- New Password and Confirm Password must be equal.
- New Password does not meet the company password policy.
- Password changed successfully.
- Password expiry notification without change password window.
Reports will start generating a few days after policy is deployed and can be viewed in Endpoint Automation application portal. Below is the device state definition information as per their state.
- Compliant state represents user who have changed the password.
- Non-Compliant state is user devices who have deferred the notification.
- Not applicable are devices without any user logged in.
- Unknown are devices yet to report their state.
“Get user account status of the logged in user" instruction provides the results set which contains information of password expiry date and last user logon:
Get logged in user account status and password expiry information.
Get user account status of the logged in user
Check if user password is going to expire in specified days then notify user and forcefully allow user to change password if it is going to expire in some days.
ChangePassword Rule (Rule)
Show notification to logged-in user if his password is going to expire and allow him to change password
Check user account password is going to expire in %days% day(s)
Check user is logged-in to the windows device and DC is reachable
%NotifyUser% to user if his account password is going to expire in %days% day(s). Force user to change password if expiring in %NumOfDaysToForceChange% days.