Re: Resetting "Password never expires" for all

From: Steven L Umbach (n9rou_at_nospam-comcast.net)
Date: 11/22/05 

Date: Tue, 22 Nov 2005 16:33:24 -0600

If you have a Windows 2003 domain controller you can do multiple accounts at
one but since this is a Windows 2000 newsgroup I assume that is not the
case. If you have a Windows XP Pro domain computer that you could use as a
secure admin workstation you could install admikpak for Windows 2003 on it
which is a free download from Microsoft and use the AD command line tools to
do what you want with the dsquery and dsmod command line tools. Below is an
example of how you could do it by changing all the user accounts in a
particular OU as an example by piping the results of dsquery user to dsmod
.

http://www.microsoft.com/downloads/details.aspx?FamilyID=c16ae515-c8f4-47ef-a1e4-a8dcbacff8e3&displaylang=en
--- adminpak for W2003
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/ServerHelp/46ba1426-43fd-4985-b429-cd53d3046f01.mspx
 ---- AD command line tools

F:\Documents and Settings\administrator.UMBACH1.000>dsquery user
OU=nyt,dc=mydomain,dc=com | dsmod user -pwdneverexpires no
dsmod succeeded:CN=john,OU=nyt,DC=mydomain,DC=com
dsmod succeeded:CN=ray,OU=nyt,DC=mydomain,DC=com
dsmod succeeded:CN=hal,OU=nyt,DC=mydomain,DC=com
dsmod succeeded:CN=fox,OU=nyt,DC=mydomain,DC=com
dsmod succeeded:CN=fred,OU=nyt,DC=mydomain,DC=com

"MP" <MP@discussions.microsoft.com> wrote in message
news:CC201081-30F3-464B-B7E3-A1515512C7BB@microsoft.com...
> Hello,
>
> Reviewing my security policies and I'm looking to use domain wide password
> expiration, with the exception of service accounts. Unfortunately when the
> users were set up using a template, all of them have the checkbox
> "Password
> never expires" checked". My understanding is this will override the
> policy,
> so how can I uncheck this for all the users without having to touch every
> account?

Relevant Pages

  • Re: User Accounts not Appearing on Welcome Screen
    ... I need to get into windows somw how to fix this. ... There are three user accounts: ... hit the Ctrl + Alt + Del keys twice to bring up the ... Go to Start -> Run and enter cmd.exe in the Open box to launch a Command ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Group password reset
    ... the dsmod is my best bet but I still need the LDAP info for each user ... that I want to change so my command line would be about 500 rows long. ... > you have a Windows 2000 domain you still can use the AD command line tools ... > Windows XP Pro domain computer and logon as a domain administrator or use ...
    (microsoft.public.security)
  • Re: password never expires script
    ... If you have a Windows 2003 ... > domain controller you can do all the user accounts at one time by ... > an example of what command to use and what it shows. ... >> password age policy on all users. ...
    (microsoft.public.windows.group_policy)
  • Re: User Accounts not Appearing on Welcome Screen
    ... They are all running Windows ... There are three user accounts: ... child), which do not require a password. ... Go to Start -> Run and enter cmd.exe in the Open box to launch a Command ...
    (microsoft.public.windowsxp.security_admin)
  • Re: User Accounts not Appearing on Welcome Screen
    ... They are all running Windows XP Pro. ... There are three user accounts: ... hit the Ctrl + Alt + Del keys twice to bring up the ... Go to Start -> Run and enter cmd.exe in the Open box to launch a Command ...
    (microsoft.public.windowsxp.security_admin)