In this article you will learn about the JiJi Password and Account Expiration Notification Tool, a Windows utility designed to reduce support costs by notifying users about impending password and/or account expirations.
JiJi Technologies raffles two licenses (each worth $289.95 USD) of their JiJi Password Expiration Notification tool. The license allows you to use the tool with up to 1500 users for one year. The deadline of this contest is November 17. If you want to have the chance to win one of the licenses please send an email with the subject “JiPEN” to .
By default, Windows Server 2008 R2 notifies users of password expiration 5 days before the password expiration date. If you know human nature (and Windows systems administration) like I do, then you already understand that most of your users will postpone changing their passwords until they have already expired and their domain user accounts have been locked.
JiJi Technologies understands human nature, and to that end they have developed a utility that allows us administrators much better control over password expiration notifications.
The JiJi Password and Account Expiration Notification Tool (called JiPEN henceforth in this article) is a small-footprint application that plugs into Active Directory and will lower your support costs by better managing user notifications of password and account expiration policy.
Moreover, with industry and governmental regulations forcing IT departments to better document their electronic business processes, a tool like JiPEN can enhance your department’s compliance and, let’s be honest, bolster your own job security.
You can download a feature-limited evaluation version of JiPEN from the JiJi Technologies Web site. The licensing model is very flexible—check out their online pricing matrix to see how JiJi breaks it down.
Without further ado, let’s take a look at how we can leverage JiPEN to more efficiently manage user account password policy.
Covering the Prerequisites
I hope that it goes without saying that in order to manage password expiration notifications, we first must have a password expiration policy enabled in Active Directory Domain Services (AD DS) Group Policy.
As you know, we can configure password and account lockout policies either by deploying a Group Policy Object (GPO) or by instituting fine-grained password policies.
Configuring password policy in Active Directory
Here are a couple tutorial links in case you are fuzzy on how to instantiate password policy in Active Directory:
- Tutorial: How to Set Up the Default and Fine-Grained Password Policy
- Configuring Fine-Grained Password Policy in Windows Server 2008
The system requirements for the JiPEN tool are pretty standard: of course you’ll need an Active Directory domain. You’ll also need the .NET Framework 3.5 or higher installed on the domain controller on which you install JiPEN. The JiPEN tool supports Windows Server 2003, Windows XP, Windows Vista, Windows 7 and Microsoft Windows Server 2008 systems.
Installing the Software
Once you have downloaded the JiPEN software, we are ready to conduct the installation. Fire up the installer and click Next to continue.
Agree to the JiJi Technologies license terms and click the 2. Installation Path tab to review the installation path.
Decide where to install the software, and then click Install.
That’s all there is to it! Pretty simple installation.
Configuring the Environment
At first launch, we should set up the JIPEN environment. This involves two primary tasks:
- Configuring a mail server
- Setting program options
Let’s set up the mail server first. Click Configure Mail Server from the toolbar.
The JiPEN user interface
The reason why we need to specify a Simple Mail Transfer Protocol (SMTP) mail server for JiPEN is simple—we need to provide the tool with a mechanism for transmitting user notification messages. Note that in the Mail Server Settings dialog box you can set the notification e-mail messages to be sent with high priority. You can also use Secure Sockets Layer (SSL) encryption.
Click Test Settings to verify connection to your corporate mail server, and then click Save to continue.
Configuring an SMTP server
Once you return to the JiPEN main interface, click Settings.
The main focus here should be the Send the summary report of all notifications to these E-mail IDs option. Click Add and add the e-mail addresses of all administrators who should receive summary reports of all password expiration notifications.
When you have configured the program settings to your liking, click Save to return to the JiPEN main interface.
JiPEN Settings dialog
Our next task is to create a notification policy. Click Create Notification from the toolbar to open the Password or Account Expiration Notifier dialog box.
Creating an expiration notification policy
You can learn about every single component in this dialog box by examining the user manual. For our purposes, let’s just look at the big picture.
Your choices when creating a policy fall along the following lines: First, you decide what type of notification policy you want (your options are password and account).
Next, you determine the scope of the notification policy; your choices here are pretty granular:
- Organizational Unit (OU)
You then can adjust the e-mail message that is sent to targeted users when they reach the preconfigured threshold value (the default is 14 days, with subsequent reminders sent every day thereafter until expiration occurs).
Click Edit Email to invoke the Edit Mail dialog box.
Customizing the notification e-mail
You can toggle the view in the Edit Mail dialog box between plaintext and Hypertext Markup Language (HTML) formats. Note the use of what JiJI calls “macros” here; these are dynamic fields that enable the tool to personalize the message being sent to users.
The Macros button allows you to drop these dynamic fields into the e-mail notification message yourself.
Inserting a macro in the notification e-mail
When you are satisfied with your policy, click Execute and Save to put the policy into effect, save changes, and return to the JiPEN main user interface. You will now observe the policy in the policy list.
Note the icons that precede the policy in the policy list. These allow you to disable, delete, or edit the policy, respectively.
The completed configuration
I hope that you can see how the JiJi Password and Account Expiration Notification Tool can be helpful in reducing support costs and better training your users to observe and respect Active Directory password change policies. Please feel free to leave any feedback in the comments portion of the post; I am sure that I can answer any questions that you have.