Password Change Reminder PowerShell Script Updated!

powershell2xa4Back in 2012 i wrote a script to help me remind users about their password expiry, to reduce the number of calls i got on the helpdesk. I decided to share it and published it on the TechNet Gallery,

It has been quite popular since then, with over 8,000 downloads!

Throughout that time i have received a number of questions about how to tweak the script to do various things or fix bugs and errors that people have found.

I have been tweaking it as i go, without much notification to anyone. I have just finished quite a big change, so i thought i would put up a post here, to let people know.

Read more of this post

SBS 2011 Essentials Password Policy

sbse-conA question in the forum came up about how to change the password policy, it seemed that the Dashboard option was greyed out.

As i mentioned in my post about Office 365, in order to allow Password Sync between Essentials and Of365, passwords for users needed to be updated to meet the requirements of the Office 365 service.

This has the unhappy side effect of also blocking you from lowering the requirements if you wish to do so in your environment when you are not using Office 365.

So what do we need to do? Well the answer is simple, remove the Office 365 module.

Firstly open the Dashboard and go to the Office 365 addin tab. You should see an option on the right hand side to Uninstall.


Follow this little wizard through and complete the process.




Next, move to an elevated command prompt, and enter the following. WUSA /UNINSTALL /KB:2569105


You will be asked if you really want to uninstall, and in this case you do.


You should then be prompted to reboot your server.

After a reboot you can then open the Dashboard, go to the Users tab, and click Set the Password Policy, and you should find your slide bar is now working.


The question in the forum related to changing the expiry age from 180 days (the Default) to a different value.

This cannot be done through the Dashboard, even with the Of365 module uninstalled.

You can do this using PowerShell (other ways as well, but i like PowerShell) You can launch the ‘Import System Modules’ shortcut from the QuickLaunch PowerShell icon.


Then run this command to set the expiry to 30 days.

Set-ADDefaultDomainPasswordPolicy –identity sbs.local –MaxPasswordAge “30.00:00:00”


Then run this command to confirm your setting.



If you then go and use the Dashboard to set a different selection for the Password Policy, then it will change the Max Password Age back to it’s default value of 180 days.

Quick Fix : Uninstall Symantec Endpoint Protection (SEPM) 11 Without Uninstall Password

So i have a clients laptop (XP SP3) which is bluescreening on startup with a NAVEX15.sys error.

(This from Nirsoft – Blue Screen View)

The system would boot into safe mode with networking, but not full windows.

I tried all sorts to clear this, System Restore, msconfig – disabling all non MS services and everything not in c:\windows from the startup tab.
I also uninstalled the NAVEX and any Symantec devices from Device Manager, (look for show hidden devices)

This didnt help.

I then searched the registry for navex15.sys and deleted the related keys from the registry.

This allowed me to boot up.

I then uninstalled symantec.. but wait it asked me for a password, and i dont remember that (like i ever knew it!)

Enter this great little tip from of all places, the symantec forums..


Specifically this entry from reza akhlaghy:

“..Hi Richard,

There’s an easy way, when password prompt opens, run task manager and END
task called MSIEXEC that runs under your user account (not system). The password
go away and uninstall continues !!

So far this trick works both for SEP and older versions…”

Bingo. Symantec now uninstalled.

I am using to update all web related apps on this system, and then, unfortunatley, i have to reinstall Symantec. :(

%d bloggers like this: