![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
252 questions
Hello
Thank you for posting in Microsoft Community forum.
The WDAGUtilityAccount is a system-managed account that is used for Windows Defender Application Guard (WDAG) scenarios. It’s not intended to be managed by users or administrators.
The “User must change password at next logon” property is typically controlled by the pwdLastSet attribute in Active Directory. Setting this attribute to zero will force the user to change their password at the next logon.
User Must Change Password at Next Logon (LDAP Provider) - Win32 apps | Microsoft Learn
However, it’s unusual for this property to change without any administrative action. There could be a few reasons for this:
Automated Policies: Check if there are any automated policies or scripts running that might have triggered this change.
System Updates: Sometimes, system updates or patches might cause changes to system accounts.
Potential Security Concerns: Unexpected changes could potentially indicate unauthorized access or other security concerns. It’s recommended to investigate these changes to ensure the security of your system.
If you continue to see unexpected changes, it might be a good idea to reach out to your IT department for further assistance. Please remember to monitor your system regularly for any unusual activity.
Best Regards,
Wesley Li