PowerShell password expiration pop-up

Last week I got a question about some old VB script which create a popup when the password of the Windows user is going to expire. They couldn’t use the old VBScript because they make use of both methods, fine-grained password policies and default domain policies.

Created a login script for creating pop-ups. The script checks if a domain user is member of a security group. If not then use the default domain policy.

I know the script can have some improvements but, it can give you an idea how to create such PowerShell pop-up scripts. If you post your improvements in the comments below, I will add them. For now it’s just about the functionality.

#You can add more groups by adding names and values like below.
$PoliCys = @{"PassWordPolicyGroup1"="90";"PassWordPolicyGroup2"="120"}

#If not in the groups above, the default password experiation policy is used
$DefaultP = 180

#Show popup if possible experation is going below the following day count
$WarnDays = 14

$Searcher = [adsisearcher]::new()
$Searcher.Filter="SamAccountName=$($env:USERNAME)"
$object = $Searcher.FindOne().Properties

$Properties = @{
                    "Name" = $Object.name -as [string]
                    "PWLastSet" = $([datetime]::fromfiletime($object.pwdlastset[0]))
                    "MemberOf" = $Object.memberof
                    "CurrDate" = $(get-date)
                }
                
                # Output the info
$a = New-Object -TypeName PSObject -Property $Properties
$i = $null


$PoliCys.getEnumerator() |  foreach {
    
    If($a.MemberOf -match $_.name ){

        $PopupSet = 1
        $DaysLastPWSet = $a.CurrDate - $a.PWLastSet
        $DaysLeft = $_.Value - $DaysLastPWSet.Days
        $popuptext = "Your windows password will expire in about $Daysleft days. On $($a.PWLastSet.AddDays($_.Value)). `n`nUse CTRL + ALT + DEL and select 'Change Password... `n "
            If($i -eq 1) {
            
                $wshell = New-Object -ComObject Wscript.Shell
                $wshell.Popup("More than one password Policys detected, ask the IT Helpdesk for more Info.",0,"Change WindowsPassword",0x1)
            

            }

            If($DaysLeft -le $WarnDays -and $i -ne 1){
                $wshell = New-Object -ComObject Wscript.Shell
                $wshell.Popup($popuptext,0,"Change WindowsPassword",0x1)
                $i = 1
            } 

 
    }
}

If(!$PopupSet){

    $DaysLastPWSet = $a.CurrDate - $a.PWLastSet
    $DaysLeft = $DefaultP - $DaysLastPWSet.Days
    $popuptext = "Your windows password will expire in about $Daysleft days. On $($a.PWLastSet.AddDays($_.Value)). `n`nUse CTRL + ALT + DEL and select 'Change Password... `n "
        
     If($DaysLeft -le $WarnDays -and $i -ne 1){
         $wshell = New-Object -ComObject Wscript.Shell
         $wshell.Popup($popuptext,0,"Change WindowsPassword",0x1)
         $i = 1
     }
 }

The post PowerShell password expiration pop-up appeared first on Rob V IT.