Script to disable password expiry for local Windows accounts

One of the shortcomings of the net user command in Windows is the inability to set the password never expires flag on an account (account expiry options can be set, but not password expiry and the full syntax is described in Microsoft knowledge base article 251394).

There are 13 flags on an NT SAM/Active Directory user account which may be manipulated using VBScript (for further details of the 13 flags, see Microsoft’s sample scripts or there is some useful information about the object model at the Motobit Software website).

This script can be used to set the password never expires flag on a specified account. I’ve tested it against the local SAM database on a Windows XP PC, but in theory it should work on all versions of Windows NT (2000, XP, 2003 Server, etc.) and also against Active Directory accounts if you run it on a domain controller.

11 thoughts on “Script to disable password expiry for local Windows accounts


  1. The domain option can be set to %computername% to make the script a touch more dynamic. Example: cscript “Desktop\nopwdexp.vbs” /domain:%comput
    ername% /user:florist


  2. The script is excellent. There is an alternative for those who can’t/won’t use this script and are running Windows 2003. Just type:

    wmic useraccount where name=”user_name” set PasswordExpires=FALSE

    In a command prompt. WMIC is included on every Windows 2003 version AFAIK.

    (my 2 Maltese cents for as long as they’re worth something)

Leave a Reply