Menu
I need to create several users on Windows 2008 servers and modify the password expiration value to "Never". These will be local (not AD) users. I can create them using "net user", it's modifying the pass expiry that is killing me. If I do a "net user username" it lists the field and its value, but there is no switch (at least not one that the help file references) to modify it, and most of the solutions I saw online suggested installing 3rd party tools, however this solution must be native to Windows (ideally using Powershell). Any help is appreciated.
UPDATE
I said if I figured out how to do this in Powershell I would post it here, and I am a man of my word.
Get-WmiObject -Class Win32_UserAccount -Filter "name = 'steve'" | Set-WmiInstance -Argument @{PasswordExpires = 0}
This is a boolean value so if you wanted to set a password to expire just change 0 to 1. This is beautiful to me in its simplicity, and I have tested this method updating other WMI objects and it works every time.
775
With the chage command you can change the number of days between password changes, set a manual expiration date, list account aging information, and more. It's a very handy tool for any admin wanting to ensure their users stay on top of changing their passwords regularly.
Note: To disable password expiration for all user account you'll need to type: wmic UserAccount set PasswordExpires=False, and press Enter. To enable password expiration via Command Prompt type: UserAccount where Name='your account name', set PasswordExpires=False, and press Enter.
A really easy way to tell when an AD user account password expires is to use the Net User command. This command is part of the “net commands” that allows you to add, remove, or modify the user account on a computer.
The simple solution is to create a batch file that issues the following command:
net accounts /maxpwage:unlimited
However, that will set the maximum password age for all accounts on the local machine to unlimited, not just the new accounts that you have created.
If you need a finer level of control (i.e., the ability to set the password expiration values for individual users), you'll need something a little more complicated. The Scripting Guys share an example of a VBScript that will modify a local user account so that its password never expires:
Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000
strDomainOrWorkgroup = "Fabrikam"
strComputer = "atl-win2k-01"
strUser = "KenMeyer"
Set objUser = GetObject("WinNT://" & strDomainOrWorkgroup & "/" & _
strComputer & "/" & strUser & ",User")
objUserFlags = objUser.Get("UserFlags")
objPasswordExpirationFlag = objUserFlags OR ADS_UF_DONT_EXPIRE_PASSWD
objUser.Put "userFlags", objPasswordExpirationFlag
objUser.SetInfo
It would be easy to modify this to work for any user of your choice, or even to create a new user.
Finally, here's an example in C#, which you should be able to port to PowerShell. I'm not much of a PS expert, but considering it uses the .NET Framework, the above code should give you some ideas.
84
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
