Share via

New user accounts default to "Password never expires"

Russell Houlton (PSHI) 0 Reputation points
2024-09-09T21:27:58.9133333+00:00

Long time lurker, first time poster...

Windows 10 22H2, with updates though August Patch Tuesday applied. Local machine, no domain, no network. (Security requirement.)

If I create a local user account by going to Settings > Accounts > Family & other users, the new account defaults to "Password never expires".

If I go Control Panel > User Accounts > User Accounts > Manage other account, and "Add a user account", I don't get "Password never expires".

But if I go Windows Explorer, right-click This PC, Manage, Local Users and Groups> Users and create an account, it defaults to "User must change password at next login" and password will expire. This is what I expect/want to happen.

GPEdit seems to be configured correctly with expiring passwords. (Or at least the part under Local Computer Policy > Computer Configuration > Windows Settings > Security Settings > Account Policies > Password Policy.)

This seems like a bug. How do I resolve this? I know how to fix individual accounts after the fact, but I need any new accounts to be configured correctly.

TIA,

Windows 10
Windows 10
A Microsoft operating system that runs on personal computers and tablets.
11,500 questions
0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. S.Sengupta 18,636 Reputation points MVP
    2024-09-10T00:25:59.18+00:00

    Check the Registry Settings:

    Press Win + R, type "regedit" and press Enter

    Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

    Look for a DWORD value named "PasswordExpiryWarning"

    If it doesn't exist, right-click in the right pane, select New > DWORD (32-bit) Value, and name it "PasswordExpiryWarning"

    Set its value to your preferred number of days for password expiry warning

    Reboot.

    Open Command Prompt as Admin and copy-paste the following:

    net user username password /add /expires:never

    Replace "username" and "password" with the desired credentials.

  2. Russell Houlton (PSHI) 0 Reputation points
    2024-09-10T20:08:47.0966667+00:00

    Thanks for responding.

    "PasswordExpiryWarning" is already set to 5, and it does work.

    Using the command line method of creating a user does create one with an expiring password.

    My goal here is to have the method of adding users in "settings" to create a user with an expiring password. It seems to be the most user-friendly method and one we've already documented. We don't want users with non-expiring passwords, nor do we want to tip off the low-level "admins" that there's an option for non-expiring passwords.

    Thanks again

    0 comments
  3. Ian Xue 36,336 Reputation points Microsoft Vendor
    2024-09-11T02:28:02.3933333+00:00

    Hi Russell,

    Thanks for your post. The default password policy differs because system identified different scenarios. For example, system will set people who set password expiration policy for a business, school, or nonprofit. Therefore, when you locate to the settings Family & other users, it will not set the password by default. If you would like to set User must change password at next login" and password will expire, you can set in the Windows Explorer as you mentioned or the registry key as Sengupta mentioned.

    Best Regards,

    Ian Xue

    If the Answer is helpful, please click "Accept Answer" and upvote it.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.