You can think of the computer password the same as a user account password, its used to authentication the computer and allow it to read and write to the AD. Like a user account, the computer account also has a password policy which defines it's age, there are no settings for complexity as it uses a complex password by default. The computer account password age is controlled by the Domain Member: Maximum Machine account password age policy setting, setting to zero, the password will never expire:
The password is not changed separate at the workstation, its changed the same as a user account, when the computer authenticates to the AD, if the password is out of date, then the AD will trigger the workstation to change the password as part of the authentication request. If the workstation is switched on but is disconnected from the AD for longer than the password age, the password stored on the workstation is not changed, it's only changed when the workstation tries to authenticate to the AD.
While the ADUC doesn't include the simple option to change the UserAccountControl attribute like the user properties, it can be change via the Attribute Editor tab or with any AD/LDAP editor.
I would have to do some testing, as I'm not sure what impact setting the ADS_UF_DONT_EXPIRE_PASSWD option on the UserAccountControl attribute of the computer object has on the password change policy.
Computer object uses a slightly different password management policy, than that of user accounts, AD remembers the last two passwords that have been set for the computer account, and either of them can be used to authenticate. This is same policy that is used for the KBTTGT account.
Gary.