Do you use blocking policy inheritance on any of your OUs? Have you enforced your Domain Policy? Is the policy in question linked to the domain or OU. (You may need to link it at the domain level otherwise it will only apply to local accounts) Is the computer by any chance in the default "Computers" OU. Run "gpupdate /force" The default domain policy is where the settings have been applied, but it is not enforced. However, the policy itself works, because users have been having to change their passwords every 90 days for several months now -- it's just that I'm not seeing the notifications in Windows 7 in particular. I don't believe blocking of policy inheritance is activated anywhere. The policy is linked at the domain level and the computers are all in a manually created OU -- not the default.

So far everything sounds good. Please check this link out and verify that your domain policy has this setting enabled http://technet.microsoft.com/en-us/library/ee829687(v=ws.10).aspx Symptoms Previously, the default interval that users were notified of password expiration was 14 days before expiration. In Windows 7 and Windows Server 2008 R2, the default password expiry notice occurs 5 days before the password expiration date. Cause This is by design. Resolution Unless specified and enforced by a policy, Windows 7 and Windows Server 2008 R2 users will not received a password expiry notice until 5 days before password expiration. Using gpedit, the group policy to alter this default can be found at: Computer Configuration\Windows Settings\Local Policies\Security Options under Interactive Logon: Prompt user to change password before expiration. Using regedit, the registry entry which controls this can be found at: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon under PasswordExpiryWarning.

Brano, Thanks! That actually fixed the problem. I've heard about the 5 day notification interval before. Guess we never made the notification interval explicit in Group Policy. I rebooted my machine and am now getting the notification as expected.

Hi, We have maximum password age enforced in Group Policy across our network. Any non-Windows 7 system that I remote into (usually Server 2008 Standard) reminds me that I have 14 days (or less, depending on the day) to change my password. However, any Windows 7 machine does not do this. I have tried several machines running Windows 7 and have yet to see the notification. I believe other users are also affected. Any ideas? All of the computers are in the proper Active Directory OU for all policies to take effect as well.

Do you use blocking policy inheritance on any of your OUs? Have you enforced your Domain Policy? Is the policy in question linked to the domain or OU. (You may need to link it at the domain level otherwise it will only apply to local accounts) Is the computer by any chance in the default "Computers" OU. Run "gpupdate /force"