Posted by Last week I got a question about some old VB script which create a popup when the password of the Windows user is going to expire. They couldn’t use the old VBScript because they make use of both methods, fine-grained password policies and default domain policies.
Created a login script for creating pop-ups. The script checks if a domain user is member of a security group. If not then use the default domain policy.
I know the script can have some improvements but, it can give you an idea how to create such PowerShell pop-up scripts. If you post your improvements in the comments below, I will add them. For now it’s just about the functionality.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 |
#You can add more groups by adding names and values like below. $PoliCys = @{"PassWordPolicyGroup1"="90";"PassWordPolicyGroup2"="120"} #If not in the groups above, the default password experiation policy is used $DefaultP = 180 #Show popup if possible experation is going below the following day count $WarnDays = 14 $Searcher = [adsisearcher]::new() $Searcher.Filter="SamAccountName=$($env:USERNAME)" $object = $Searcher.FindOne().Properties $Properties = @{ "Name" = $Object.name -as [string] "PWLastSet" = $([datetime]::fromfiletime($object.pwdlastset[0])) "MemberOf" = $Object.memberof "CurrDate" = $(get-date) } # Output the info $a = New-Object -TypeName PSObject -Property $Properties $i = $null $PoliCys.getEnumerator() | foreach { If($a.MemberOf -match $_.name ){ $PopupSet = 1 $DaysLastPWSet = $a.CurrDate - $a.PWLastSet $DaysLeft = $_.Value - $DaysLastPWSet.Days $popuptext = "Your windows password will expire in about $Daysleft days. On $($a.PWLastSet.AddDays($_.Value)). `n`nUse CTRL + ALT + DEL and select 'Change Password... `n " If($i -eq 1) { $wshell = New-Object -ComObject Wscript.Shell $wshell.Popup("More than one password Policys detected, ask the IT Helpdesk for more Info.",0,"Change WindowsPassword",0x1) } If($DaysLeft -le $WarnDays -and $i -ne 1){ $wshell = New-Object -ComObject Wscript.Shell $wshell.Popup($popuptext,0,"Change WindowsPassword",0x1) $i = 1 } } } If(!$PopupSet){ $DaysLastPWSet = $a.CurrDate - $a.PWLastSet $DaysLeft = $DefaultP - $DaysLastPWSet.Days $popuptext = "Your windows password will expire in about $Daysleft days. On $($a.PWLastSet.AddDays($_.Value)). `n`nUse CTRL + ALT + DEL and select 'Change Password... `n " If($DaysLeft -le $WarnDays -and $i -ne 1){ $wshell = New-Object -ComObject Wscript.Shell $wshell.Popup($popuptext,0,"Change WindowsPassword",0x1) $i = 1 } } |