Link to home
Create AccountLog in
Avatar of IT Support
IT SupportFlag for United Kingdom of Great Britain and Northern Ireland

asked on

turn off password expiry on newly created user accounts

Hi I hope you are well.

I need to be able to disable password expiry in windows 10 for newly created users (not on a domain, just local pc stuff)

I already run the following after I have finished the initial setup

wmic UserAccount set PasswordExpires=False

which turns off expiry for all existing accounts, but if someone subsequently makes a new account, it has the password expiry set on it.

I would like some reg key to stop that from happening. I guess I could set the script to run on creation of new user, but I'd rather there was some kind of machine wide "dont enforce password expiry for any user"
Avatar of McKnife
McKnife
Flag of Germany image

wmic UserAccount where Name='someuser' set PasswordExpires=False

Open in new window

Avatar of IT Support

ASKER

Hey Mcknife...hope you are well.

i already do this for all existing users. doesnt work for new users that are created after i hand machine to customer....
Is this win10 pro or home?
On pro, use secpol.msc to disable password expiry. It's found below the local security policy, account policy, password policy.
nice for pro, thanks. need it for home too. is there a reg key?
found this....

net accounts /maxpwage:unlimited

not sure if that sets it for future accounts or existing. i have a test rig i can check it on....
the above will change expiry rule computer wide, the optiin can be applied to a single account.

How do you create the account? The question deals with during the count creation you can set all the options that you need.
Wmic has to be run in an elevated command window.
net accounts /maxpwage:unlimited
Will work for for future accounts, too
just confirmed on my test machine:

net accounts /maxpwage:unlimited

changes the password expiry to never for all current users and also all future users, at least ones created using net user (user) /add

this was evidenced by running net (username) to get the details of the account.

in the gui of local users though, it doesn't tick the box next to "password never expires"

this was done on win 10 pro 1909 64 bit. havent tried it on home but suspect results will be the same.
Arnold - i usually use net user (user) /add, but the customer could use the normal windows add account feature. i also can forget when adding a new user to a customer machine months after the fact about the expiry being activated. I'd much rather have this turned off from the get go as it is a right pain in the arse!! 
I am uncertain I understand what you are after, the accounts sets password policy on the computer such that the password expiry on the account will reflect that it is subject to password policy on the system.

The issue you have/are using a n unmanaged environments. Not centrally controlled. As such you could use the group policy object editor on each system to set password policy.

The issue always deals with when the account is created it must follow either use another account as a reference. Or in GUI copy the settings of an account in creating the new one.

I.e. Preconfigure user template accounts ........

Your  question seems to deal with limiting password expiry to new accounts only. Or change at the same and the only way to guarantee this is to make sure there is a uniform way/procedure to create a new user account. Whether command line or via GUI that deals with using a pre-defined user template.
This way all you need to do to alter the settings of new accounts is to update the user template based on the new requirement.

yup, all local stuff on non domain machines.

i just want a simple command that i can run in a script (which sets a few other things as well) to set all existing accounts, and all future accounts, by default, to have no password expiry. the script is what i use after creating images. scripts are better for me as i can taylor them to different os's, and i can copy them from one image to another , i can also run them on machines i have never seen before.

this command works

net accounts /maxpwage:unlimited



Yes, you solved it. Let's move on :)
ASKER CERTIFIED SOLUTION
Avatar of IT Support
IT Support
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
See answer