SegraceW Utility—Check Password Expiry on Windows

Reference Guide › Utilities › segrace Utility—Display User Login Information › SegraceW Utility—Check Password Expiry on Windows

SegraceW Utility—Check Password Expiry on Windows

Valid on Windows

This Windows GUI grace utility checks whether the user's password has expired and/or the user has a grace login count. If it has, SegraceW displays a window in which the user can replace the password.

SegraceW can be executed as a standalone module in a non-CA ControlMinder environment. This enables you to apply this utility on any workstation in a domain.

SegraceW tries to connect first to the primary domain controller (in an NT 4.0 environment). SegraceW looks for backup domain controllers only if the attempted connection fails. In a Windows 2000 or later environment, SegraceW tries to connect to the first domain controller it finds.

Note: If a remote host is specified explicitly in the SegraceW execution options, then SegraceW connects only to the remote host.

The SegraceW utility is designed to be called from login batch files located at Domain Controller's NETLOGON share.

The SegraceW utility checks whether the user password has expired and/or the user has a grace login count.

Note: For segraceW implementation in a domain environment,you must install MS VC++ 2005 Redistributable to the member server. The installation must be equivalent to the CA ControlMinder installation on the remote server.

If the grace login count attribute of the user exists, then:

If the number of remaining grace logins for the user is zero, SegraceW forces the user to change the password.
If the number of remaining grace logins for the user is positive, SegraceW advises the user to change the password.

If the user does not have a grace login count, SegraceW checks password expiration status.

If the password is about to be expired in a time frame larger than the value of the warning days parameter configured at the server side, SegraceW does nothing.
If the password is about to expire in a time frame equal or less than the value of the warning days parameter configured at the server side, SegraceW advises the user to change the password.
If the password has been expired, SegraceW forces the user to change the password.

When changing the password, SegraceW displays a ”change password” message that asks the user to provide the old password, the new password, and confirm the new password.

After passing confirmation check, the password is updated in the domain controller's SAM database.

This command has the following format:

segracew [d] [-s host]

d

Sets the warning days parameter to be different from the default configured in the server.

-s host

Connects to the specified remote or local host to retrieve information.

Note: Before you can connect to a remote host, copy the encryption library from the remote host to the local host and rename it to defence.dll.