Suppress Password resets - In the Citrix Presentation Server / XenApp forum on BrianMadden.com

Post a new thread on Brian Madden Forums

Login:

Guest, click here to login.

Subject:

Smile Subject:

Message:

Include my Signature

Related Tags:

Citrix Microsoft Virtualization 64 bits

Find results on our Forums

Search Term:

By Author:

Search in Forum:

Options:

Search only:

Search terms found in:

Time filter:

withinbefore

Return:

Top results that match

Suppress Password resets - June 25, 2008

SE Reply Rating: Votes: 0 rating(s) Score: 0/0	I often have problems when people are forced to change their network password when logging into Citrix remotely (via Web Interface) because it causes their laptop password to now be out of sync. Usually they end up locking themselves out and have to call the helpdesk because they are unclear which password has changed. Is there a way to suppress or postpone password resets when they login to citrix? I would like them to only be forced to change their password when logging in from their laptops on the LAN. A GPO maybe? Thannks for any info you can provide

RE: Suppress Password resets - June 26, 2008

Michael Reply Rating: Votes: 0 rating(s) Score: 0/0	A GPO will be the right way. 1. Computer Configuration/windows Settings/Security Settings/Local Policies/Security Options/ Interactive logon: Prompt user to change password before expiration Set it to '0' 2. User Configuration/Administrative Template/System/control+Alt+Del Options/ Remove Change Password Set to 'Enabled' >Don't forget loopback modus! Hardware is evil and Software is mean!

RE: Suppress Password resets - June 26, 2008
SE Reply Rating: Votes: 0 rating(s) Score: 0/0	Thanks for the reply. Does that GPO also prevent them from having to change their password when it actually expires? the description appears to just stop them from seeing the warnings prior to it actually expiring.

RE: Suppress Password resets - June 26, 2008
jasebert Reply Rating: Votes: 0 rating(s) Score: 0/0	Just remember you are limited to what you are able to provide. It is not a Citrix password that is being changed, it is an AD password that is being changed. Any change to your password policy in AD will subsquently filter to all users (unless you are already using Windows 2008). Cheers Jase

RE: Suppress Password resets - June 27, 2008
Brian Moritz Reply Rating: Votes: 0 rating(s) Score: 0/0	The AD policy would filter down to the users PC if you don't use the loop-back setting Michael mentioned. Set the loop-back and you'll be good to go. Ideally you need the laptop users to log out of the laptop or force them to authenticate so they change there password before they get to the Citrix server in the first place.

RE: Suppress Password resets - June 27, 2008
SE Reply Rating: Votes: 0 rating(s) Score: 0/0	I do have loopback processing enabled so that is not a problem. I still think this isn't the right GPO setting though. From the description this just doesn't display the notification x days before a password is about to expire. However I don't think it actually prevents them from having to change the password WHEN it's already expired. I have set up the GPO settings and it is still prompting me to change my password. I've used the Group Policy Results wizard to make sure the correct GPO's are applied. Any other thoughts?

RE: Suppress Password resets - June 27, 2008
Brian Moritz Reply Rating: Votes: 0 rating(s) Score: 0/0	I don't think you will be able to completely block the prompting. If a users password expires technically they should not be able to login until it's changed. That's the whole point of expiring the password. Otherwise users would never change it. I still think your best bet is to focus on finding a way to get them to change it on there laptop before then enter the Citrix env. That would resolve the issue as well.

RE: Suppress Password resets - June 27, 2008
Alysia Hargus Reply Rating: Votes: 0 rating(s) Score: 0/0	I am in the same boat...hoping for a reasonable option to suppress the password expiration warning prompt when they hit a Citrix resource via WI. I am considering adding in a custom message on the WI page to advise the clients on the proper steps when they get the warning prompt.

RE: Suppress Password resets - June 27, 2008
SE Reply Rating: Votes: 0 rating(s) Score: 0/0	yea unfortunately they only way we have available to change the password on the laptop is for them to be in the office, and this only happens once in awhile. I've modified my TS policy to not have a password expiration (which overrides the default policy of 90 days), however if the password is expired they still get prompted to change it when they login. This leads me to believe that some sort of flag is being set on the account to force the change. Does anyone know if that is true?

RE: Suppress Password resets - July 02, 2008
Alan Osborne Reply Rating: Votes: 0 rating(s) Score: 0/0	Prior to Windows Server 2008, password policy could only be set for the entire domain. Any password policy options selected in a GPO linked to an OU will be ignored. You could trial this software to see if it does what you need: http://www.specopssoft.com/products/specopspasswordpolicy/ It allows you to set password policy on a per OU basis, thus being able to define a different password policy for your CPS server OU (where GP loopback is enabled). Alan Osborne President (MCSE, CCNA, VCP, CCA) VCIT Consulting - Citrix/Terminal Services Remote Desktop Solutions for SMB p: 604-288-7325 c: 778-836-8025 web: http://www.vcit.ca blog: http://www.vcit.ca/wordpress

RE: Suppress Password resets - July 02, 2008
SE Reply Rating: Votes: 0 rating(s) Score: 0/0	Alan, thanks for the reply. Is the spec op software something you have experience with, or was that just a google search that led you to them? Thanks, Sam

Jump to: