Enforcing Users to Change Passwords after Specific Time Duration

Password expiration is the process in which operating system does not allow users to use their passwords to log on to the computer. By default, when a user account is created, the default password age for the created user account is 42 days, after which the password expires and the user is prompted to provide a new password in order to get authenticated while logging on.

In many organizations and home environments, administrators also disable password expiration process by checking ‘Password never expires’ checkbox that is available in the interface of ‘New User’ box. When this checkbox is checked, the default nature of password expiration is overridden and the password never gets expired, hence allowing the user to continue using the same password for the indefinite time period.

Importance of Password Expiration Feature

In many production environments, where sensitive data is always stored on the computers and security becomes a major concern, it might be inappropriate and risky to use the same password for long durations. The reason behind this is, that if the same password is always used, there are chances that anyone can guess the password or a smart observer can read the finger movements to guess the password and can then steal the sensitive information from the computer system. On the other hand, if the password is changed frequently, it is unlikely that anyone can read the finger moments to guess the password.

Duration (in days) after which passwords get expired can be manually specified by the administrators of a computer through group policies. This configuration must be done on every computer individually if the computer is used in a workgroup network environment. If a computer is used in a domain-based network setup, a domain wide group policy object can be created and configured accordingly to enforce the password expiration duration configuration on every computer that is a member of the domain.

How to Enforce Users to Change Their Passwords after a Specific Time Duration?

Administrators of a Windows 7 computer must follow the steps given below to enforce users to change their passwords after the specified duration:

  1. Log on to Windows 7 computer with administrator account.
  2. Click Start button, and from the bottom of the menu in the search box type GPEDIT.MSC and press Enter key.
  3. On the opened Local Group Policy Editor snap-in, from the left pane under Computer Configuration, locate and click to select Windows Settings > Security Settings > Account Policies > Password Policy.
  4. From the right pane, double-click Maximum password age and on the opened Maximum password page Properties box, under Password will expire in field specify the duration in days after which the password will automatically expire and the users will be prompted to provide a new password before they can log on to the computer.

    Set Password Expiration Duration

  5. Once done, click OK button to save the changes, and if required, restart the computer to allow the changes to take effect.
Author: Vivek Nayyar

Works as Systems Admin in Siskin Technologies, India. Corporate trainer on Microsoft and Cisco platform. Specialized in Virtualization Technology. LAN Consultant for some local organizations.