Recently, I was working on a project where I had to manage several local user accounts on multiple Windows machines. One common requirement was to set certain accounts to have passwords that never expire, especially for service accounts where password changes could cause service interruptions.
While you can do this manually through the GUI, it becomes tedious when dealing with multiple accounts or servers. That’s why I always prefer to use PowerShell.
In this tutorial, I’ll show you several ways to set a local user’s password to never expire using PowerShell. By using this, you can avoid hours of repetitive work and can easily incorporate it into your automation scripts.
Let’s dive in!
Method 1 – Using the Set-LocalUser Cmdlet
The Set-LocalUser cmdlet is available in Windows 10, Windows Server 2016, and later versions. It’s the most straightforward way to set a local user’s password to never expire in the Windows OS.
Here are the steps:
- Open PowerShell as Administrator (right-click on PowerShell and select “Run as administrator”)
- Use the following command:
Set-LocalUser -Name "UserName" -PasswordNeverExpires $trueJust replace “UserName” with the actual username you want to modify. For example, if I wanted to set the password to never expire for a service account named “SQLService”, I would run:
Set-LocalUser -Name "SQLService" -PasswordNeverExpires $trueTo verify the change, you can use:
Get-LocalUser -Name "SQLService" | Select-Object Name, PasswordNeverExpiresThis will display the username and confirm whether the password is set to never expire.
Check out Set Password for Local User in Windows 11 Using PowerShell
Method 2 – Using ADSI (Active Directory Service Interfaces)
If you’re working with older Windows versions that don’t have the Set-LocalUser cmdlet, you can use the ADSI approach.
Here is the complete script:
$user = [ADSI]"WinNT://./UserName,user"
$user.UserFlags.value = $user.UserFlags.value -bor 0x10000
$user.CommitChanges()Replace “UserName” with your target username. The hexadecimal value 0x10000 represents the “DONT_EXPIRE_PASSWORD” flag.
For example, to set a local account named “BackupAdmin” to have a password that never expires:
$user = [ADSI]"WinNT://./BackupAdmin,user"
$user.UserFlags.value = $user.UserFlags.value -bor 0x10000
$user.CommitChanges()Check out Set the Time Zone Using PowerShell in Windows
Method 3 – Using NET USER Command
PowerShell can also execute the traditional net user command, which has been around since the early days of Windows:
net user UserName /expires:neverTo run this with PowerShell, you can use:
Start-Process -FilePath "net" -ArgumentList "user UserName /expires:never" -NoNewWindow -WaitThis method is simple but doesn’t provide the same level of feedback as the PowerShell native commands.
Check out Update PowerShell on Windows 11
Method 4 – Setting Password Never Expires for Multiple Users
If you need to set multiple local user accounts to have passwords that never expire, you can use a simple loop. Here is the complete PowerShell script.
$users = @("User1", "User2", "ServiceAccount1", "ServiceAccount2")
foreach ($user in $users) {
try {
Set-LocalUser -Name $user -PasswordNeverExpires $true
Write-Host "Successfully set password to never expire for $user" -ForegroundColor Green
}
catch {
Write-Host "Failed to set password to never expire for $user. Error: $_" -ForegroundColor Red
}
}This script attempts to set the password to never expire for each user in the array and provides success or failure feedback.
Check out Get Default Browser Using PowerShell
Method 5 – Remote Computer Management
One of the powerful features of PowerShell is remote management. You can set a local user’s password to never expire on a remote computer:
Invoke-Command -ComputerName "RemotePC" -ScriptBlock {
Set-LocalUser -Name "UserName" -PasswordNeverExpires $true
}Replace “RemotePC” with the name of the remote computer and “UserName” with the target username.
For multiple remote computers, you can use:
$computers = @("Server1", "Server2", "Workstation5")
$username = "ServiceAccount"
foreach ($computer in $computers) {
try {
Invoke-Command -ComputerName $computer -ScriptBlock {
param($user)
Set-LocalUser -Name $user -PasswordNeverExpires $true
} -ArgumentList $username -ErrorAction Stop
Write-Host "Successfully set password to never expire for $username on $computer" -ForegroundColor Green
}
catch {
Write-Host "Failed to set password to never expire for $username on $computer. Error: $_" -ForegroundColor Red
}
}Read Windows PowerShell vs CMD
Important Security Considerations
Before setting a password to never expire, you should consider the below points:
- Security Risk: Setting passwords never to expire contradicts many security best practices. Use this only in exceptional cases, such as service accounts, where regular password changes could cause service disruptions.
- Strong Passwords: If you set a password that never expires, ensure it’s a strong one (long, complex, and unique).
- Regular Audits: Regularly audit accounts with non-expiring passwords to ensure they are still necessary and not compromised.
- Documentation: Maintain a record of which accounts have this setting and the corresponding reasons.
- Administrator Rights: All these methods require administrator privileges to execute.
Troubleshooting Common Issues
Now, let me show you some common issues and the solutions that I faced while setting a password to never expire in PowerShell.
- Access Denied: Ensure you are running PowerShell as an Administrator.
- User Not Found: Verify that the username exists on the system.
- Remote Connection Issues: Ensure PowerShell remoting is enabled on the target computer with
Enable-PSRemoting. - Command Not Found: If
Set-LocalUserisn’t available, you might be using an older Windows version. Try the ADSI method instead.
I hope you now learn how to set the passwords of local users to never expire using PowerShell in Windows. My recommendation is to use the Set-LocalUser PowerShell cmdlet. I hope you found this article helpful! If you have any questions or suggestions, please feel free to leave them in the comments below.
You may also like:
- Install Windows Updates Using PowerShell
- Check for Windows Updates Using PowerShell
- Install RSAT in Windows 11 Using PowerShell
Bijay Kumar is an esteemed author and the mind behind PowerShellFAQs.com, where he shares his extensive knowledge and expertise in PowerShell, with a particular focus on SharePoint projects. Recognized for his contributions to the tech community, Bijay has been honored with the prestigious Microsoft MVP award. With over 15 years of experience in the software industry, he has a rich professional background, having worked with industry giants such as HP and TCS. His insights and guidance have made him a respected figure in the world of software development and administration. Read more.
