Hey all, I have seen this question internally a few times – how can I configure a user account that I add to my XP Embedded image to have a non-expiring password? This topic has been added to the XP Embedded SP2 documentation, but in the meantime I thought I would go ahead and post the information here for anyone who needs it in the meantime:
By default, when you add user accounts to your image, the user is prompted to change the password 15 days before it will expire. In some types of deployments, it is not feasible or desirable for end-users to change passwords. You can create a custom security template that turns off password expiration and add it to your image so that it runs during First Boot Agent.
Note Weak passwords are a potential security vulnerability and can allow hackers access to your system. It is always advised to configure all user accounts with strong passwords.
To remove password expiration from User Accounts
- Create a custom security template. For more information, see Creating a Custom Security Template Using the MMC Snap-in.
- In the MMC main window, under the new security template node, expand the Account Policies node.
- Expand the Password Policy node.
- In the right pane, right-click Maximum Password Age Policy.
- Select the Define this policy setting in the template checkbox.
- Set Password will not expire to 0 days.
- Click OK and save the template.
- Create a component for this security template and add it to your image, by following the steps to Create a Component for a Custom Security Template and to Include a Custom Security Template in your Runtime Image