26

I am using a .bat file to create a user and password at windows operating system level.

The issue am facing is when i pass EXPIRES:NEVER for password, when the user is created, it doesn't have "Password never expires" checkbox checked (meaning the password never expires is selected for that created user) and the user expires automatically after 90 days.

Net User %1 %2 /COMMENT:"%3" /EXPIRES:NEVER /PASSWORDCHG:NO /ADD

The above is the main line of code, i pass user name and password from a text file and run the .bat file.

Sharpeye500
  • 373
  • 1
  • 3
  • 5

7 Answers7

38

Add this line to the batch file:

WMIC USERACCOUNT WHERE "Name='%1'" SET PasswordExpires=FALSE
Glenn Sullivan
  • 1,368
  • 9
  • 17
  • NB: I believe that this will only work with LOCAL accounts, not DOMAIN accounts. But it appears that is what you need... – Glenn Sullivan Oct 04 '12 at 13:59
  • 2
    The accepted answer will try to change both the local user and domain user, if they both exist with that user name. (Maybe it won't have the rights to change the domain user, and will return "Generic failure" for that part, but at least it will try.) If you only want to change the local user, not a domain user with the same name if it would happen to exist, then use the following: WMIC USERACCOUNT WHERE (Name='%1' and Domain='%computername%') SET PasswordExpires=FALSE – Ronny D'Hoore Feb 15 '18 at 09:54
2

The option /expires is for account, not for password, check the command help.

http://support.microsoft.com/kb/251394/en-us

From the documentation: "Causes the user account to expire if you specify the date."

Fredrik L
  • 3
  • 5
Qkolnek
  • 21
  • 1
  • Whilst this may theoretically answer the question, [it would be preferable](http://meta.stackexchange.com/q/8259) to include the essential parts of the answer here, and provide the link for reference. – Scott Pack Oct 16 '12 at 02:29
  • 1
    The first sentence is IMPORTANT. Should be in accepted answer. – A.D. Feb 05 '15 at 03:04
1

Nowadays we have Powershell, and you can do this by:

New-LocalUser "Login" -Password (ConvertTo-SecureString "P@ssw0rd" -AsPlainText -force) -FullName "Name" -Description "Description" –PasswordNeverExpires

or for Active Directory users:

New-ADUser -Name "ChewDavid" -OtherAttributes @{'title'="director";'mail'="chewdavid@fabrikam.com"} -AccountPassword (ConvertTo-SecureString "P@ssw0rd" -AsPlainText -force) -passThru -PasswordNeverExpires:$true
1

The net user command can be used on local as well as domain accounts. Use the /domain switch for domain accounts.

For example, to see the information for domain user %1, use

net user %1 /domain

The full list of net user options is listed here:

http://support.microsoft.com/kb/251394

jscott
  • 24,204
  • 8
  • 77
  • 99
David Paige
  • 123
  • 5
1

Single AD user

For active directory users, you can use the dsmod command to change it for a single user:

dsmod user "CN=username,OU={User Org Unit},DC... etc" -pwdneverexpires yes

Multiple AD users

If you want to bulk set this property, you can do it for an entire organizational unit (OU) by using a the above in combination with dsquery.

First, to list all the users in a OU (this is safe to run, because it only outputs a list of users):

dsquery user "OU={your target OU},DC={your domain},DC={your domain extension}"

Then, assuming you are happy with the output of the above command, you can pipe it to dsmod like so:

dsquery user "OU={your target OU},DC={your domain},DC={your domain extension}" | dsmod user -pwdneverexpires yes

Some more info, with screenshots, here: http://www.petenetlive.com/KB/Article/0000532.htm

Isak Savo
  • 109
  • 3
0
net accounts /MaxPWAge:unlimited

Makes password to never expire; but for all accounts on the machine - not bad for a home machine or VM

hB0
  • 111
  • 5
-1

As stated above, net user does not appear to allow the otpion to change password expiry only account expiration (through /expires).

This is what I used to remove the password expiration for my account:

wmic UserAccount where Name='username' set PasswordExpires=False

Change 'username' to the username of the account you wish to change.