An administrator can prevent users from changing their account password on Windows. It is possible to either hide the password change dialogue box or completely disable the ability to manually change a password for user accounts.
The default security settings in Windows require the user to change their password regularly. If the password has expired, a message will be displayed the next time the user logs on to Windows Your password has expired and must be changed. The user can change the password here.
In the account settings, you can disable password expiration and prevent certain users from changing their passwords.
- Open the local users and groups management snap-in (
lusrmgr.msc) - Expand Users
- Open the specific user’s properties and enable the options User cannot change password and Password never expires
- Save changes.
Get-LocalUser user123| Set-LocalUser –PasswordNeverExpires $True -UserMayChangePassword $FalseIf you want to disable password expiration for all local Windows users, change the default password policy settings.
- Open the local GPO editor console (
gpedit.msc) - Go to Computer Configuration -> Windows Settings -> Security Settings -> Account Policies -> Password Policy
- Change the Maximum password age value from 42 days (default) to 0.
Or list the local Windows password policy settings by using the command:
net accounts
Disable password expiration for local users:
net accounts /maxpwage:unlimited
If autologon is enabled on Windows or the machine is used in Kiosk mode, we recommend you hide the Change a Password button on the Windows Security screen, which can be accessed by pressing Ctrl+Alt+Del.
The password change button can be hidden via the Group Policy. Open the GPO editor and enable the policy option Remove Change Password under User Configuration -> Administrative Templates -> System -> Ctrl+Alt+Del Options.
Or disable the password change dialogue box via the registry:
reg add "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System" /v DisableChangePassword /t REG_DWORD /d 1 /f
As a result, Windows users will no longer be able to change their passwords.