Maximum password age windows

When PowerShell is launched, type net accounts and press the Enter key. The net accounts command will allow us to set the policy settings on the local computer such as Account policies and password policies.

Listed will be the current settings that apply to all local accounts such as the "Minimum password length" that will be accepted when creating a local account, etc. The setting that we want to change is Maximum password age days which is currently set to 42 days. This setting will allow us to set the number of days a password will then be considered as expired.

The Maximum password age policy setting determines the period of time in days that a password can be used before the system requires the user to change it.

You can set passwords to expire after a number of days between 1 and , or you can specify that passwords never expire by setting the number of days to 0. If Maximum password age is between 1 and days, the minimum password age must be less than the maximum password age. If Maximum password age is set to 0, Minimum password age can be any value between 0 and days. Note: Setting Maximum password age to -1 is equivalent to 0, which means it never expires.

Setting it to any other negative number is equivalent to setting it to Not Defined. Set Maximum password age to a value between 30 and 90 days, depending on your environment.

This way, an attacker has a limited amount of time in which to compromise a user's password and have access to your network resources. The security baseline recommended by Microsoft doesn't contain the password-expiration policy, as it is less effective than modern mitigations. Password Policy. Follow randyfsmith. All rights reserved. Disclaimer: We do our best to provide quality information and expert commentary but use all information at your own risk. Configure the Maximum password age policy setting to a value that is suitable for your organization's business requirements.

If the Maximum password age policy setting is too low, users are required to change their passwords very often. Such a configuration can reduce security in the organization because users might keep their passwords in an unsecured location or lose them. If the value for this policy setting is too high, the level of security within an organization is reduced because it allows potential attackers more time in which to discover user passwords or to use compromised accounts.

Skip to main content. This browser is no longer supported.