I'm a DBA whoneeds to test something more OS Admin related but doesn't know how. I see a reference to, "manually setting password expiration on a user account" in a powerpoint presentation that accompanies a webcast by Mike Resnick and Joe Vasil who work for Directory Serivces Support at MS. I would like to force expiration of a test user account so that I can figure out for sure what happens from a user perspective when they attempt to log on when their account is expired.The power point presentation doesn't explain how to do that and I'm failing to successfully narrow my search criteria when using various search engines to find out. In other words, I'm getting thousands of hits that don't have anything to do with this topic. So, I thought I would simply ask a group that would be likely to know.Could one of you provide some guidance for me on how to do this. My test machine is a Windows 2008 Server where I am local admin and I have a local account called Test_User that I've logged in as. I've set values for each item in Local Security Policy -> Security Settings -> Account Policies -> Password Policy and Account Lockout Policy. Under LSP -> SS -> Local Policies -> Security Options I have the defaults.Joe Moyle

You can programatically set the pwdLastSet attribute of the test account to 0. Assuming your test account is given the username "TestAccount": 1 strComputer="." 2 SetobjUser=GetObject("WinNT://"&strComputer&"/TestAccount,user") 3 objUser.Put"pwdLastSet",0 4 objUser.SetInfoYou can change the value of strComputer for that of a remote computer if you want to run this script againts that remote host.Regards,Salvador Manaois III MCSE MCSA CEH MCITP | Enterprise/Server Admin Bytes & Badz : http://badzmanaois.blogspot.com

Thanks for posting the script. I saved it as Expire_User_Password.vbs. I get the following error upon execution.Windows Script HostScript: c:\A_Scripts\VBS\Expire_User_Password.vbsLine: 3Char: 1Error: 0x8000500FCode: 8000500FSource: (null)So, now I'm scrounging around the net for the meaning of that. I found a reference to it on a site by Mark Minasi and will read what those forum users have to say. This is completely outside my experience so if any of you know the meaning of this please feel free to shed some light on my ignorant mind.Joe Moyle

1strComputer="."2SetobjUser=GetObject("WinNT://"&strComputer&"/myadmin,user")3objUser.Put"PasswordExpired",14objUser.SetInfoMy mistake, sorry. The property to be changed is actually "PasswordExpired" as shown above.Regards,Salvador Manaois IIIMCSE MCSA CEH MCITP | Enterprise/Server AdminBytes & Badz : http://badzmanaois.blogspot.com

After reading the thread that contained the error message I was able to make a slight change to the script Salvador submitted that works. strComputer="." SetobjUser=GetObject("WinNT://"&strComputer&"/Test_User,user") objUser.Put"PasswordExpired",1 objUser.SetInfoI used PasswordExpired with the value of 1 instead of pwdLastSet with the value of 0. I was able to test with my test account and it was prompted to change the password. Is that really what I could expect to happen if I set the password policy named Maximum password age to something like 60 days and a user didn't log in for over 60 days. In other words, their password would expire and they would simply be prompted to set a new one. They wouldn't be locked out would they?Joe Moyle

Thanks again Salvador. I see you were replying to me as I was posting the same fix.Joe Moyle