Set User Password to never expire
- Thread starter Hypnotix802
- Start date
- Messages
- 3,969
- Reaction score
- 1,664
Tested the Template for password expiry (net accounts /maxpwage:unlimited).
Works fine, net accounts returns Maximum password age: Unlimited
Also doing net user <username> returns for a user created during setup Passwords expire: Never
So that UI checkbox is bugged, confirmed it's not checked, nothing to worry about and it does ring a bell.
If anyone sees differently, let me know how.
Note that Post-setup command must execute, there are 3 modes to do so, SetupComplete mode can be skipped on OEM machines.
Works fine, net accounts returns Maximum password age: Unlimited
Also doing net user <username> returns for a user created during setup Passwords expire: Never
So that UI checkbox is bugged, confirmed it's not checked, nothing to worry about and it does ring a bell.
If anyone sees differently, let me know how.
Note that Post-setup command must execute, there are 3 modes to do so, SetupComplete mode can be skipped on OEM machines.
I use this in setupcomplete.cmd and the UI checkbox get checked 
powershell equivalent since wmic is threatened
Code:
FOR /F "TOKENS=2 DELIMS==" %%A IN ('"WMIC /NAMESPACE:\\ROOT\CIMV2 PATH Win32_UserAccount GET Name /VALUE"') DO (
CALL WMIC /NAMESPACE:\\ROOT\CIMV2 PATH Win32_UserAccount WHERE Name='%%A' SET PasswordExpires=FALSE
)powershell equivalent since wmic is threatened
Code:
powershell -ep bypass -nop -c "Set-CimInstance -Query 'Select * from Win32_UserAccount' -Property @{PasswordExpires=0}"
BadHellie
Member
- Messages
- 85
- Reaction score
- 1
For example I would be one of those. Unfortunately I have always been forced to use a password, otherwise file sharing between different machines in my network won't (apparently) work (ok this might even be a good thing in theory...)
Though it's not generally advised, some users will disable SMB password auth and allow anonymous logons.
BadHellie
Member
- Messages
- 85
- Reaction score
- 1
net accounts /maxpwage:unlimited DOES NOT WORK here, not even if invoked live from the command prompt.
As a fact, if you open lusrmgr.msc you will see that "Password never expires" remains UNCHECKED.
The proper command seems rather (I found it googling):
wmic UserAccount set PasswordExpires=False
I have added it in PostSetup, post-logon (with >NIL to avoid a shell opening) and on boot with lusrmgr.msc I can see the "Password never expires" box correctly *checked* (this at least with Win 10 22H2)
As a fact, if you open lusrmgr.msc you will see that "Password never expires" remains UNCHECKED.
The proper command seems rather (I found it googling):
wmic UserAccount set PasswordExpires=False
I have added it in PostSetup, post-logon (with >NIL to avoid a shell opening) and on boot with lusrmgr.msc I can see the "Password never expires" box correctly *checked* (this at least with Win 10 22H2)
Last edited:
BadHellie
Member
- Messages
- 85
- Reaction score
- 1
Indeed, I prefer to keep this minimal security level, at the cost of having to insert a password at every boot
- Messages
- 3,969
- Reaction score
- 1,664
Have you tried the command:
net user <username>
it returns Passwords expire: Never for net accounts /maxpwage:unlimited
Since they are removing WMIC in the 24H2, I think it's better to keep as is.
I know that UI checkbox is not updated, as stated above.
Will consider abbodi86's Powershell version for those not removing it.
Hello,
I got a few questions...
I am running both of these commands to prevent password expiration on post-setup and after first logon:
Is it fine to run both? Or it's not recommended? Is it a best practice to run them before or after logon?
First I was just running the "net accounts /maxpwage:unlimited" command alone in after logon on post-setup, but in one windows installation right after it finished, it showed me the screen saying that the password for the user had expired and asked me to set a new one.
PS: I am auto-creating the user in Unattended in ntlite without a password, like this:
I got a few questions...
I am running both of these commands to prevent password expiration on post-setup and after first logon:
Is it fine to run both? Or it's not recommended? Is it a best practice to run them before or after logon?
First I was just running the "net accounts /maxpwage:unlimited" command alone in after logon on post-setup, but in one windows installation right after it finished, it showed me the screen saying that the password for the user had expired and asked me to set a new one.
PS: I am auto-creating the user in Unattended in ntlite without a password, like this:
This problem is based on a wrong order of task execution. (Before logon) tasks are obviously run before your first desktop logon.
When unattended mode creates a new user account, an entry is added to the Security Account Manager (SAM) database. This is the same thing as running "net user [logon] [password] /add". Whatever password policy is in effect at the time, is applied to those users.
(After logon) tasks are executed after you have passed the Logon screen. So your changes will be applied on the next logon.
Therefore, the built-in template for "Disable user password expiration" runs "net accounts /maxpwage:unlimited" in (Before logon).
When unattended mode creates a new user account, an entry is added to the Security Account Manager (SAM) database. This is the same thing as running "net user [logon] [password] /add". Whatever password policy is in effect at the time, is applied to those users.
(After logon) tasks are executed after you have passed the Logon screen. So your changes will be applied on the next logon.
Therefore, the built-in template for "Disable user password expiration" runs "net accounts /maxpwage:unlimited" in (Before logon).
