Set "Password Never Expires" for a local user in the AutoUnattend.xml file

Lieven De Prycker 20 Reputation points
2023-08-17T08:51:32.0633333+00:00

In the AutoUnattend.xml file there is a section for pass 7, oobeSystem.

In that section, the user is created and the password is set to "never expire" in the FirstLogonCommands.

This does not work because the firstlogonCommands are executed before the user is created. Any advice how to fix this? How can I run the command after the user is created? 

	<settings pass="oobeSystem">
		<component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
	        <UserAccounts>
        	    <LocalAccounts>
             	    <LocalAccount wcm:action="add">
						<Password>
							<Value></Value>
							<PlainText>true</PlainText>
						</Password>
                	    <Description>Elaut User</Description>
                    	<DisplayName>elaut</DisplayName>
	                    <Group>Administrators</Group>
        	            <Name>elaut</Name>
                	</LocalAccount>
	            </LocalAccounts>
        	</UserAccounts>
			<AutoLogon>
				<Password>
					<Value></Value>
					<PlainText>true</PlainText>
				</Password>
				<Enabled>true</Enabled>
				<Username>elaut</Username>
			</AutoLogon>
			<FirstLogonCommands>
				<SynchronousCommand wcm:action="add">
					<Order>1</Order>
					<RequiresUserInput>false</RequiresUserInput>
					<CommandLine>cmd /C wmic useraccount where name="elaut" set PasswordExpires=false</CommandLine>
					<Description>Password Never Expires</Description>
				</SynchronousCommand>
			</FirstLogonCommands>
		</component>
	</settings>
Windows for IoT
Windows for IoT
A family of Microsoft operating systems designed for use in Internet of Things (IoT) devices.
381 questions
0 comments
Accepted answer
  1. Sean Liming 4,511 Reputation points
    2023-08-18T16:33:52.97+00:00

    As the system logs into the Administrator account, the Pass 7 sync commands will run. The disable-password solution used here should disable the password timeout for the account. If you run the command manually after setup is complete, does the command work?

    I don't use this password expiration solution when I build an image. Instead, I create a custom security policy and have the policy imported with a Pass 7 sync commands. It works every time:

    Secedit.exe /configure /db temp.sdb /cfg c:\setup\mysecurity.inf

    mysecurity.inf is the custom security that gets created with MMC snap in.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest