Hi, i am trying to enforce a policy whereby the users are forced to change the passwords.

When they are to login and are prompted to change password they can click cancel button and they are still allowed in - but they have used the last grace login and will be prompted on next login with a "Login Denied. You have not changed your password and your grace login period has expired."

I want them to not be allowed to click cancel and not gain access into the network - but either lock the account or not allow them to continue any further that the login box.

I have tried various options in the test password policy i have setup but do not know how or what i should do to set this configuration up.

Any help appreciated