- This topic has 3 replies, 2 voices, and was last updated 14 years, 10 months ago by
.
- Posts
-
What I would like to do is have the password expire set to 0, and the enforcement turned off inside of a custom install, so that I do not need to set these things up after install. I have compared changes to the registry and the files for when I had the security policy at it’s original settings to that of the desired settings, and the only things I noticed that changed were the ntuser.dat, and secedit.sdb (found in Windowssecuritydatabase).
If anyone knows what actually gets changed when the password settings are changed, please let me know.
Some time ago I did try to find out how this can be done using a registry modification using Sysinternals Process Monitor (filter: [Process Name] is [lsass.exe] then [Include]) which was monitoring while I clicked the Apply button of the Group Policy Editor (tutorial). Within the HKLMSAMSAMDomainsAccountF string in the registry some values changed. I expect that this is done by some functioncall but haven’t tried to find that out.
Maybe this helps you any further.
Good luck!
Arris
Well for the time being, I found a workaround for my problem. After some research, I was able to change the settings during the install by inserting a command file in the WindowsSetupScripts folder in the wim. The file itself is labeled ‘SetupComplete.cmd’. I inserted the line: net accounts /maxpwage:unlimited. Alas I was unable to find out how to disable enforcement, but I can live with this. 🙂
Furthermore, I was also able to set some features to be installed automatically as well from the script. I used:
ServerManagerCmd.exe -install feature feature feature -allsubfeatures
shutdown -rWhere each feature is replaced with the feature name. And the shutdown to force a restart after the desktop is reached (to install the features). It may not be the fastest way possible, but it does the job ;P.
- You must be logged in to reply to this topic.
