Turn off Password never expires on local administrator account

Hello Experts,
we have some servers where the Password Never Expires flag is checked , and I am trying to find out a scripting way to uncheck these option so that password expires on the Local administrator account(Not AD Account).
There are -bor 0x10000 (https://social.technet.microsoft.com/Forums/en-US/e4e96a5e-3b28-4673-8c61-d4abdf8f2426/win-7-setting-the-option-password-never-expires-for-a-specific-local-user?forum=winserverpowershell)
which turn this option ON.
But , what is need is exact opposite. I want to turn off the option so that , the password gets expired.
Thanks,
-Prashant Girennavar.
MCSA|MCITP SA|Microsoft Exchange 2003 Blog - http://prashant1987.wordpress.com Disclaimer: This posting is provided AS-IS with no warranties/guarantees and confers no rights.

PowerShell example:
$ADS_UF_DONT_EXPIRE_PASSWD = 0x10000
$admin = [ADSI] "WinNT://$Env:USERDOMAIN/$Env:COMPUTERNAME/Administrator,User"
$flags = $admin.UserFlags[0]
if ( ($flags -band $ADS_UF_DONT_EXPIRE_PASSWD) -ne 0 ) {
$flags = $flags -band (-bnot $ADS_UF_DONT_EXPIRE_PASSWD)
$admin.UserFlags = $flags
$admin.SetInfo()
Retrieve UserFlags (bit array), and if the bit is set, clear it. Reassign UserFlags with cleared bit, and write the change.
-- Bill Stewart [Bill_Stewart]

Similar Messages

  • Can't turn off password protected sharing - Windows 7

    When I turn off password protected sharing in the network and sharing center's advanced settings, I save settings but when I go back in, it's turned on again.  Turning it off doesn't stick.
    This is what seess to be forcing a password and prevents me from setting up a backup to a network share drive.
    Any ideas?

    I noticed there is loads of stuff about problems with Networking Win 7 and XP/2000 PCs etc.  I also couldnt get Password Protected sharing OFF to stick and had problems with Win 7/XP machines loosing sight of each other, when a Win 7 PC was added to a Network.
    I saw some comments about the Guest Account - needs to be about with blank password but the password prot off may not like that
    So, I enabled it, set a blank password on it but turned it Off!!.
    And, as if by magic, Password Protected Sharing OFF engaged OK. 
    First, Using the console.   
    Windows Start - type   mmc   in search box, select mmc.exe which appears at top of Start Window. 
    On the console window do File - Add/remove Snap ins - select Local Users and groups - Add - Local computer.
    Add other snap ins if you wish then OK.  File Save to save your console setup with a 'name'.msc - use the 'name' in the Windows Start search box next time.
    In the console window.
    Expand Local Users and groups, select User folder, Select Guest Acct, Rt Click - Properties
    Ticked - User Cannot Change Password and Password Never Expires
    Unticked - User must change password, Account is disabled, Account is locked out
    Apply then OK
    Select Guest Account - Rt Click - Set Password - Proceed - ensure password fields are blank - OK
    Windows Start - Control Panel - User Accounts - Add or Remove User Account
    Select the Guest Account and Turn it Off
    Control Panel - Network and Sharing Center - Change Advanced Sharing Settings  
    Expand Home or Work
    Network Discovery ON
    File and printer sharing ON
    Public Folder Sharing ON
    Media Streaming Off
    Enable file sharing 40-56 encryption machines (if XP/2000 etc PCs in workgroup)
    Password Protected Sharing OFF 
    Hope this helps; I could however be wrong about the logic but lets see what the experts say (please modify/delete as appropriate)!!
    I must admit the 'connectivity' on my Network has improved; PCs not loosing each other.
    Good Luck
    Steve
    Regards Steve

  • How to set password never expires for a user?

    Hello,
    I can't seem to find in the Administrative Console a place to enable "Password never expires".
    I know that if I edit the USR_PWD_NEVER_EXPIRES field in the OIM DB and put the value '1' it will work.
    However, I'd like to know how and if it is possible to activate this option on a user via OIM.
    Thanks in advance,
    Tomic

    Hi,
    Now I got it.Try this one.
    In FormMetaData.xml you will find.
    <Attribute name="-13" variantType="String" dataLength="1" map="Users.Password Never Expires" />
    Modify it to.
    <Attribute name="-13" variantType="String" dataLength="1" displayComponentType="CheckBox" map="Users.Password Never Expires" />
    Add this in.
    <Form name="3">
    <AttributeReference editable="true" optional="true">-13</AttributeReference>
    I never need this but I hope above will work.
    About disabling the resource I have few suggestion for you.
    1.You can have your password policy consistent across the resources you are integrating in OIM.
    2.Write an entity adapter so that when ever password is expired then can disable all provisioned user.
    3.Alternatively you can also write a schedule task which will check for password expire date and disable the resource.
    4.You will also need to enable the resources when password is changed.You can catch change password event through event handler or entity adapter.
    Please let me know if you have fllow up questions.
    Regards
    Nitesh

  • How do I turn off password generator in Mavericks?

    How do I turn off password generator in Mavericks

    Hey, Jpwhre
    Welcome to Apple Support Communities.
    Unfortunately there is no way of doing so, do you have Automatic download activated?
    I hope this helps you. Let me know if it does. If not feel free to give me a shout. Best of luck.

  • How do I turn off password to send photo in iPhoto.

    How can I turn off password requirement when trying to send photo by iPhoto.?
    Appreciate any help..

    there is no password requirement for iPhoto - you probably are seeing an incorrect password for your email - in the iPhoto preferences ==> accounts delete and rented your email account
    LN

  • HT4061 Screen went blue . Phone turned off and never turned back on

    SCreen went blue. Phone turned off and never turned back on

    What to do if your iPhone will not turn on

  • How do I turn off password protection for apps and keep them from downloading on all my apple devices

    How do I turn off password protection for apps on my Iphone4 and keep them from loading on all other devices?

    What do you mean by "password protection for apps"?
    To keep apps from downloading on a device automatically, go to Settings> Store> and turn off the things you don't want downloaded automatically.

  • How turn off passwords

    I want to get MacBook Pro serviced. How do I turn off passwords so it is easy for the technician?

    The only way to turn off the password completely is to create a new user account for the technician without any password. Open System Preferences > Users & Groups, press the + button and create a user account. However, I do not recommend you to do this.
    Instead, I just recommend you to disable your login password to let the technician use your Mac. To do this, open System Preferences > Users & Groups > Login Options (you may need to press the padlock at the bottom right corner of the System Preferences window), and choose your user account next to "Automatic login". He/she may not need to install any application, so this is enough.

  • Impact UnCheck the Password Never Expires option in domain Users

    Hi,
    What will be impact if i uncheck the password never expires option in Domain Users ? All users are having different different password age. 
    Normally we will create user account with Password Never Expires checked. But we need to uncheck for password policy.
    Ex: ID - 1234, 1234 Password Never Expires is checked, if i unchecked that what will be impact ?? 1234 ID will prompts to reset the password again after unchecked Password Never Expires ? 
    Regards, Hari Prasad.D

    > If my Password age is 7days as per policy and my user Age as below, how
    > the prompt will come and how it will work ? Which are the users will get
    > prompt ?
    Start thinking...
    > 1234 - Password age is 4
    No Prompt. Info tip in Notification Area "password will expire in 3 days".
    > 4567 - Password age is 8
    Password expired, must change now.
    > 9874 - Password age is 1
    No Prompt. Info tip in Notification Area "password will expire in 6 days."
    > 5678 - Password age is 15
    Password expired, must change now.
    Martin
    Mal ein
    GUTES Buch über GPOs lesen?
    NO THEY ARE NOT EVIL, if you know what you are doing:
    Good or bad GPOs?
    And if IT bothers me - coke bottle design refreshment :))

  • My iphone 4s suddenly turned off and never turned on, was that a malfunction? why did the phone turned of suddenly?

    My iphone 4s suddenly turned off and when i tried to turn it on, the power button didn't work. I just wondering if it was normal or maybe there were a defect on my phone. this is the 4th day since i bought it and this is the first time that it turned off and never turned on. should i need to replace it or ask an assistance?

    See Here for
    Frozen or unresponsive iPhone
    Try this First... You will Not Lose Any Data...
    Turn the Phone Off... ( if it isn’t already )
    Press and Hold the Sleep/Wake Button and the Home Button at the Same Time...
    Wait for the Apple logo to Appear and then Disappear...
    Usually takes about 15 - 20 Seconds... (But can take Longer...)
    Release the Buttons...
    Turn the Phone On...
    http://support.apple.com/kb/ht1430

  • DLU and local "Administrator" account

    I have another network admin that has given me some information of the
    subject heading that I don't quite understand...
    They are using ZEN 3.2 with DLU on a Citrix server. This way, when a
    student logs in via Citrix and gets logged in, ZEN policies restrict
    them to what they can and cannot do on the local machine. Since they
    need elevated rights to the registry (for whatever reason), they use
    the "Administrator" account and are members of the "Administrator"
    group on the local machine.
    I simply don't understand it...When I use DLU (on workstations mind
    you), I have the following for the policy...
    ================================================== =======
    Enable DLU
    Manage Existing User Account (if any)
    Use eDirectory Credentials
    Nothing underneath for the username, but they are members of "Users"
    ================================================== =======
    His configuration is as follows...
    ================================================== =======
    Enable DLU
    Manage Existing User Account (if any)
    Username: Administrator
    Member of: Administrators, Users
    ================================================== =======
    He tells me that with this config when a student logs in, they
    automatically use the local "administrator" account. That's what I
    don't get.
    My config makes a new user on the workstation if they haven't logged
    into the machine before. I thought at times it would be handy to make
    3 accounts locally, such as "Staff" "Student" and "Administrator" for
    instance, but didn't realize this config he talks about could make it
    happen. Can it? I still don't get it at this point. I'm reading my
    manuals and what-not and am not yet convinced.
    What I'm hung up on is the password syncing. If I am logging in as
    "bbinder" with a password of "hello" (NDS credentials) but the local
    "administrator" password is "goodbye", why wouldn't it prompt me for
    the administrator password since it's not the same as mine? There
    isn't an "existing account" to manage in his config. This (I assume)
    means it uses the account specified in the name field you can type in.
    In his case, this is "administrator" as typed in above. But since the
    passwords aren't the same, how does it use the local "administrator"
    account? Does it overwrite the password? Does it create a new
    administrator account and call it "administrator.001" ??? Not quite
    getting it yet.
    Anyone want to try and help me with this? Some people think there
    would be some big benefits by having everyone use the local
    "administrator" account, for instance because it has full rights to
    the registry and file system. Plus, GP's will still be in effect, so
    they would be locked out of the parts of the workstation you want to
    lock them out of anyway.
    Other advantages would include a "pre-made" user profile that has
    already been secured and populated with the various things deemed
    acceptable by the company's/school's policies.
    Also, no delay on login when a new local account has to be created.
    Since they are all using the same account being specified in the
    policy, it would be nice and fast to login to.
    Finally, no more prompting new users to enter in their names and
    initials when MS Office apps run for the first time under a user
    account. Maybe this could be avoided with a policy, but this would
    suffice as well.
    Sorry it's so long, but I appreciate any help you guys can offer to
    clear this up for me.
    Brian

    Craig,
    I'm sorry - I thought I replied on this post but I didn't.
    Just wanted to say thanx for taking the time to explain this to me.
    Brian
    On Fri, 20 Aug 2004 10:46:44 GMT, Craig Wilson
    <[email protected]> wrote:
    >DLU simply changes the "Administrator" accounts password in this instance.
    >
    >How do you know what the current "Administrator's Password"? You don't
    >and you just pray DLU or something does not break.
    >
    >Instead of using the "Administrator's Account", just use any other name of
    >an account that does not exist like "SQUAREPANTS".
    >
    >DLU will create the account and put it in the administrators group.
    >All users will share the same profile so you get all the benefeits of the
    >other system, without the risk of losing access to the box.
    >
    >I actually never give user's local admin rights nor do I have user's share
    >profiles, but .............

  • Apply password period expire policy to resource accounts

    Hi! In IDM 7.1 I know can apply Password Period Expire Policy to Lighthouse account. It's simple and It works so well.
    But, I ' d like to know how can I apply a password period expire policy to resource accounts to synchronize as Lighthouse as resources accounts (i.e. LDAP accounts, etc.).
    I knew in previous versions of IDM wasn't possible.
    Thanks.

    Figures the solution form my own Q....
    I had pass through configured with LDAP to a login module group - which had the following as the order.
    1. LDAP
    2. IDM
    As LDAP resource adaptor does not support expiry, we have to look for the IdM Expiry. so i reversed the order so that IdM takes precedence in resolving the value of 'loginwarning" on the end user dashboard.
    Anyways in my environment, All password resets are handled from IdM so the Pass through wont hurt.

  • I need help, How could I add Aliases to Local Administrator account via terminal commands???

    I need help, How could I add Aliases to Local Administrator account via terminal commands???
    I want to use commands to add alias for existing administrator account remotly by using ARD.
    Thanks.

    Hi,
    a Windows Domain Controller does not have any local user or groups. So you might add the user to the admin group at Domain level.
    B RGDS,
    Gregor
    Edited by: Gregor Gasper on Jan 9, 2009 1:44 PM

  • How to unlock local administrator accounts

    Hi all,
    I have a XP machine that is a member of Win2008 domain and the local
    administrator account is locked out
    whenerver i restart xp machine automaticaly locked out admin accounts.
    how to unlock the xp or windows 7 machines local admin accounts over gpo.
    Regards,
    Udaiyar

    How to unlock local administrator account
    Using CMD (Adminstrator)First
    you’ll need to open a command prompt in administrator (Ctrl + X + A in Windows 8).
    Then, run the following command to unlock the account.
    net user administrator /active:yes
    Then, log out and you’ll now see the Administrator account as a choice.
    To lock this account again, type
    the following command:
    net use administrator /active:no
    http://www.suctips.com/2014/02/how-to-enable-local-administrator.html

  • How do I turn off password at login for all users?

    I want to keep separate users but I don't want a password requirement to login for any user. How do I turn off the password requirement at login altogether?

    Its not only a matter of other people, but also any software-based threats or even mishaps. For instance, there are some Terminal commands that can be executed by a program, script, or even another user that require authentication. If you do not have a password set then these can be executed directly with administrative privileges. Some of these can be disastrous to the system if used incorrectly.
    I agree for the most part if your system is fairly isolated then this is not much of an issue, but there is the rare possibility of malware or simple user mistakes that a good password helps guard against.

Maybe you are looking for