Net accounts
Upgrade the user account database and modify the password and logon requests for all accounts.
Grammar
NET accounts [/forcelogoff:{minutes | no}] [/minpwlen:length] [/maxpwage:{days | unlimited}] [/minpwage:days] [/UNIQUEPW : number] [/domain]
Parameters
/forcelogoff:{minutes | no}
Sets the number of minutes to wait before ending a user-server session when a user account or a valid logon time expires. The default value of no prevents users from being forced to log off.
/minpwlen:length
Sets the minimum number of characters for the user account password. The number of characters ranges from 0 to 127, with a default value of 6 characters.
/maxpwage:{days | unlimited}
Sets the maximum number of days that a user account password is valid. The value unlimited is set to no time limit. The/maxpwage command line option must be greater than/minpwage. The days range is 1 to 49,710 (that is, the value of unlimited equals 49,710 days) and the default value is 90 days.
/minpwage:days
Sets the minimum number of days before a user can change a new password. The default value is 0 days, so the shortest time is not set. The range is 0 to 49,710 days.
/uniquepw::number
Require the user not to repeat the same password for the number specified when the password is changed. The password changes range from 0 to 24, and the default value is five password.
/domain
Performs an operation on the primary domain controller of the current domain. Otherwise, the operation will be performed on the local computer.
NET HELP command
Displays help for the specified net command.
Comments
The Net Logon service must be running on the computer where you want to change the account parameters. Use net accounts without parameters to display the current configuration of passwords, logon restrictions, and domain information.
You must do the following before you use Net accounts:
Create a user account. Create a user account using User Manager or net user.
Run the Net Logon service on the server that is logged on in all the verifiable domains. Net Logon starts automatically when the system starts.
When you use/forcelogoff:minutes, a warning is sent a few minutes before forcing the user to log off from the network. If some files are open, the user is also notified. If minutes is less than 2, the system warns the user to log off from the network immediately.
Example
To display the current settings, password requirements, and server roles for your server, type:
NET accounts
To set a user account password of not less than 7 characters, type:
NET Accounts/minpwlen:7
To specify that the user can re-use the password only after five password changes, type:
NET Accounts/uniquepw:5
To prevent users from changing passwords within 7 days, and forcing users to change passwords every 30 days, and to force users to log off after the logon time expires with a 5-minute warning, type:
NET Accounts/minpwage:7/maxpwage:30/forcelogoff:5
To ensure that the previous settings only take effect after the computer is logged on to the domain, type:
NET Accounts/minpwage:7/maxpwage:30/domain XOX
Tested with command line, you can change the local password policy under a domain account without having to operate on a domain controller.
In particular, net accounts/maxpwage:999 or net Accounts/maxpwage:unlimite can eliminate the hassle of changing passwords frequently
Another sample of processing files is attached:
Requirements are as follows:
1. Password must meet complexity requirements enable (0 is disabled)
2. Minimum password length of 6 characters
3. Maximum password lifetime 30 days
4. Minimum password retention period 15 days
5, Account lockout policy account lockout time 30 minutes 3 times after the wrong lock
6, mandatory password history n a password to remember
@echo Offecho [Version]>gp.infecho signature= "$CHICAGO $" >>gp.infecho [System Access]>>gp.infecho Minimumpasswordage = >>gp.infecho MaximumPasswordAge = >>gp.infecho Minimumpasswordlength = 6 >>g P.infecho passwordcomplexity = 1 >>gp.infecho lockoutbadcount = 3 >>gp.infecho LockoutDuration = >>GP . inf
echo passwordhistorysize = 0 >>gp.inf
Then execute the command: secedit/configure/db gp.sdb/cfg Gp.inf is in effect
Reference: http://blog.csdn.net/yongping8204/article/details/7471627
Reprinted Yu Tianyu Knight
Net accounts command