Powershell command to require a new password

Question

Hello, I am trying to make a PowerShell script for work to require local users not on a domain to change their password on logon.
I am currently using 'net user $localAccount /passwordchg:yes /logonpasswordchg:yes' which does require them to change passwords on next login, however they can just set their new password to the same as their old password. I was wondering if there was any way to make it so they cant reuse their old password as their new, if anyone happens to know please let me know. Thanks

Answer 1

net accounts /uniquepw:5  

This will make it that users are unable to re-use their last 5 passwords.

----------

Please accept as an answer if this was helpful.

Answer 2

Hello,

Yes, it is possible to prevent users from reusing their old password as their new password when changing it in a PowerShell script. Here are a few different approaches you can try:

1. Use the net user command with the /passwordreq:yes option: This option requires users to set a new password that meets the complexity requirements of the password policy. This can help prevent them from setting their new password to the same as their old password.
2. Use the Set-LocalUser cmdlet with the -PasswordNeverExpires parameter: This cmdlet allows you to set the PasswordNeverExpires property of a user account to $true, which means that the user's password will never expire. This can be useful if you want to prevent users from changing their password, which would also prevent them from reusing their old password as their new password.
3. Use a custom script: You could also create a custom script that checks the user's new password against their old password (or a list of old passwords) and prevents them from setting it to a password that they have used before. This approach would require more work to implement, but it could provide more control and flexibility in enforcing password reuse policies.