|
Posted by Paul Barrett on January 10, 2007, 11:26 am
If you were Registered and logged in, you could reply and use other advanced thread options
Nevermind - I was looking in the wrong chunk of code.
It's actually using NetUserGetInfo to look up the expiration, and I think I
see a bug. Sorry to post before checking further.
> I'm using the GenClientContext sample code (which calls
> AcceptSecurityContext) to look up the expiration date of a set of
> credentials so we can provide advance warning to the users of our client
> that their password is about to expire. This normally works fine.
> One of our customers though has the users in a group, where the group has
> a password expiration policy of 30 days, but some of the accounts in the
> group override that and have no expiration.
> If a user logs onto the server with one of these non-expiring accounts,
> they don't get the expiration warning from Windows.
> But when they use our client, which looks up the expiration date for that
> same account, it gets a timestamp indicating the credentials are about to
> expire.
>
> Is there any way to look up credential expiration time that won't return
> us a timestamp based on the group policy but instead would honor the
> password-never-expires flag on the account? Or a way of determining that
> flag is set on the account?
>
>
| 
XML site map