- 11th May 2009 at 09:45 #43708
What I would like to do is have the password expire set to 0, and the enforcement turned off inside of a custom install, so that I do not need to set these things up after install. I have compared changes to the registry and the files for when I had the security policy at it’s original settings to that of the desired settings, and the only things I noticed that changed were the ntuser.dat, and secedit.sdb (found in Windowssecuritydatabase).
If anyone knows what actually gets changed when the password settings are changed, please let me know.
- 22nd May 2009 at 10:19 #48518ArrisModerator
Some time ago I did try to find out how this can be done using a registry modification using Sysinternals Process Monitor (filter: [Process Name] is [lsass.exe] then [Include]) which was monitoring while I clicked the Apply button of the Group Policy Editor (tutorial). Within the HKLMSAMSAMDomainsAccountF string in the registry some values changed. I expect that this is done by some functioncall but haven’t tried to find that out.
Maybe this helps you any further.
- 27th May 2009 at 09:56 #48519
Well for the time being, I found a workaround for my problem. After some research, I was able to change the settings during the install by inserting a command file in the WindowsSetupScripts folder in the wim. The file itself is labeled ‘SetupComplete.cmd’. I inserted the line: net accounts /maxpwage:unlimited. Alas I was unable to find out how to disable enforcement, but I can live with this. 🙂
Furthermore, I was also able to set some features to be installed automatically as well from the script. I used:
ServerManagerCmd.exe -install feature feature feature -allsubfeatures
Where each feature is replaced with the feature name. And the shutdown to force a restart after the desktop is reached (to install the features). It may not be the fastest way possible, but it does the job ;P.
- 6th June 2009 at 11:56 #48520ArrisModerator
Thanks for this clarification; didn’t know this script and commandline instructions! 🙂
- You must be logged in to reply to this topic.