0

I don't think there's any way to do this after looking through Microsoft's password policy documentation, but on the off-chance that someone was particularly clever:

Is it possible to create a policy so that only business days count towards password expiration? The idea being that a password that expired on Saturday would not necessitate a helpdesk call until Monday, and VPN users would be able to continue to get in.

We're Server 2008 R2 here. The best workaround I can come up with is to enable this in Outlook Web Access:

https://technet.microsoft.com/en-us/library/bb684904

But not sure how this will play with our Duo two-factor.

I'm open to third-party stuff if that will work. I don't see this as a PowerShell opportunity, but tell me if I'm wrong.

CC.
  • 1,186
  • 1
  • 10
  • 22
  • 2
    The closest I've come to addressing this is to implement GPOs that pop up password expiration reminders for users when their password will expire soon, and then encouraging our users to change the passwords when the reminder appears, and not wait for it to expire. – Todd Wilcox May 03 '16 at 15:47
  • 2
    Very much thinking outloud but - You might be able to do something with Powershell and scheduled tasks, but it isn't go to be "nice". Run a task each day that gets password age, if its over 90 days old set change at next logon. Run the task only Monday - Friday. – Drifter104 May 03 '16 at 16:22
  • That would be a way around it...I have been thinking of testing this script to email notifications when passwords expire: https://gallery.technet.microsoft.com/Password-Expiry-Email-177c3e27 Not pretty, but would cover the requirements enough. – CC. May 03 '16 at 19:30
  • Drifter104, if you want to pull your comment out as a soution, that's good enough for me. – CC. May 05 '16 at 13:37

0 Answers0