Credssp blocking expired and "change on next login" passwords

No matter what I've tried we run into an issue where if a user is trying to log into a Terminal Server it will ask them for a long before connect. Problem is, if the password expired or has "change at next log in" checked it just errors out and says contact administrator. NLA is turned off. I can manually turn off all enable credssp on each computer .rdp file but that's not really practical. Is there anyway around this? Thanks! Mainly seems to affect Windows 2012 servers



add a routine that informs the user PRIOR to the password expiring to change their password

i.e. run this powershell script on logon
http://blogs.msdn.com/b/adpowershell/archive/2010/02/26/find-out-when-your-password-expires.aspx



add a routine that informs the user PRIOR to the password expiring to change their password

i.e. run this powershell script on logon
http://blogs.msdn.com/b/adpowershell/archive/2010/02/26/find-out-when-your-password-expires.aspx



Get-XADUserPasswordExpirationDate.ps1



Thanks for the reply, sorry for the delay but I wasn't in the office for the weekend. Is there anyway around beyond that? The issue here is people ignore that still so they still get that message without editing the rdp file. Which can bypass that.



Basically I am looking for a way to make the computer stop asking for a log in to a terminal server on the client. When I open RDP and connect I want it to go to the server and ask for a login which will allow me to change the password. Otherwise, if I enter the info in the pop up it will just say it expired and to contact administrators.



I think I asked this question wrong, however your soultion may work for some so I am going to reask but I will accept your solution. Thanks for taking your time to write that up for me! :)

Share this

Related Posts

There was an error in this gadget