none
Set administrator password never expire RRS feed

  • Question

  • In my Windows Server labs I have long used the following scriptlet to set the local administrator password to never expire.

    $user = [adsi]"WinNT://$env:computername/administrator"
    $user.UserFlags.value = $user.UserFlags.value -bor 0x10000
    $user.CommitChanges()
    

    It appears that Nano does not understand [adsi].  I receive an "Unable to find type [adsi]" when I issue the first command.  How does one go about setting the local administrator password to never expire via a script on Nano Server?

    I do notice via compmgmt that the local administrator password is defaulting to never expire.  Is that the way Microsoft intends to release the product?  Maybe I don't need it on Nano, but it seems that if one of the goals of Nano is a more secure environment, defaulting local admin password to never expire does seem like a security best practice.  Just trying to get an understanding of this change.  And, if that is to be the default, it seems like we will need a way to unset that default for those that do not want that as the default.

    Thanks for the insights.


    . : | : . : | : . tim

    Thursday, December 24, 2015 9:16 PM

Answers

  • Hi Tim,

    Correct, ADSI is not currently supported in Nano Server. You can use WMI to do this today:

    PS C:\> $x = Get-CimInstance Win32_UserAccount -Filter "Name='Administrator'"
    PS C:\> $x.PasswordExpires
    True
    PS C:\> $x.PasswordExpires = $false
    PS C:\> $x.PasswordExpires
    False
    PS C:\>
    PS C:\> Set-CimInstance $x
    PS C:\> net user Administrator

    Where the last command will show the setting.

    There are PowerShell cmdlets in the works for managing local users that will support this as well.

    Hope that helps,

    Andrew

    • Marked as answer by Tim CerlingMVP Wednesday, January 6, 2016 2:01 PM
    Wednesday, January 6, 2016 1:15 AM

All replies

  • Just refreshing this so that it falls closer to the top of unanswered questions. <grin>

    . : | : . : | : . tim

    Tuesday, January 5, 2016 10:45 PM
  • Hi Tim,

    Correct, ADSI is not currently supported in Nano Server. You can use WMI to do this today:

    PS C:\> $x = Get-CimInstance Win32_UserAccount -Filter "Name='Administrator'"
    PS C:\> $x.PasswordExpires
    True
    PS C:\> $x.PasswordExpires = $false
    PS C:\> $x.PasswordExpires
    False
    PS C:\>
    PS C:\> Set-CimInstance $x
    PS C:\> net user Administrator

    Where the last command will show the setting.

    There are PowerShell cmdlets in the works for managing local users that will support this as well.

    Hope that helps,

    Andrew

    • Marked as answer by Tim CerlingMVP Wednesday, January 6, 2016 2:01 PM
    Wednesday, January 6, 2016 1:15 AM
  • Thanks, Andrew.  Just what I needed.

    . : | : . : | : . tim

    Wednesday, January 6, 2016 2:01 PM