diff --git a/password_policy.admin.inc b/password_policy.admin.inc
index 5da115b..9e3e721 100644
--- a/password_policy.admin.inc
+++ b/password_policy.admin.inc
@@ -502,7 +502,15 @@ function password_policy_password_change_settings() {
     '#title' => t('Force users in the following roles to change their password'),
     '#description' => t('Users who are not signed in will be required to change their password immediately upon sign in. Users who are currently signed in will be required to change their password upon their next page click, but after changing their password will be redirected back to the page they were attempting to access.'),
   );
-  
+
+  $form['password_policy_exclude_pages'] = array(
+    '#title' => t('Page Exclusion List'),
+    '#type' => 'textarea',
+    '#description' => t('The user will be able to access these pages without changing their password. The logout page will automatically be excluded regardless of whether or not it is in this list.'),
+    '#default_value' => variable_get('password_policy_exclude_pages', ''),
+    '#wysiwyg' => FALSE,
+  );
+
   $form['actions'] = array('#type' => 'actions');
   $form['actions']['submit'] = array(
     '#type' => 'submit',
@@ -519,6 +527,7 @@ function password_policy_password_change_settings_submit($form, &$form_state) {
   global $user;
   $selected_roles = array();
   variable_set('password_policy_new_login_change', $form_state['values']['password_policy_new_login_change']);
+  variable_set('password_policy_exclude_pages', $form_state['values']['password_policy_exclude_pages']);
   if ($form_state['values']['password_policy_new_login_change'] == 1) {
     watchdog('password policy', t('New user accounts must change password on new login enabled by !admin', array('!admin' => $user->name)), array(), WATCHDOG_NOTICE);
   }
diff --git a/password_policy.module b/password_policy.module
index 0a2b934..4f84873 100644
--- a/password_policy.module
+++ b/password_policy.module
@@ -34,9 +34,17 @@ function password_policy_init() {
 
   // Check password reset status and force a reset if needed.
   $change_password_url = 'user/'. $account->uid .'/'. (module_exists('password_policy_password_tab') ? 'password' : 'edit');
-  if ($account->force_password_change && $_GET['q'] != $change_password_url) {
-    // let users log out
-    if (current_path() != 'user/logout') {
+  if ($account->force_password_change && !in_array($_GET['q'], $change_password_url)) {
+    // Allow access to pages that the admin has excluded.
+    // Compare with the internal and path alias (if any).
+    $path = drupal_get_path_alias($_GET['q']);
+    $pages = variable_get('password_policy_exclude_pages', 'user/logout');
+    $page_match = drupal_match_path($path, $pages);
+    if ($path != $_GET['q']) {
+      $page_match = $page_match || drupal_match_path($_GET['q'], $pages);
+    }
+
+    if (!$page_match) {
       drupal_set_message(t('Your password has expired. You must change your password to proceed on the site.'), 'error', FALSE);
       drupal_goto($change_password_url, drupal_get_destination());
     }