Network Administration: Net Accounts Command

This Windows Server Net Accounts command updates user account policies for password requirements. As with all Net commands, you must access a command prompt and be logged on to an account with network administration permissions. Here’s the command syntax:

net accounts [/forcelogoff:{minutes | no}]    
   [/minpwlen:length] [/maxpwage:{days | unlimited}]   
   [/minpwage:days] [/uniquepw:number]
   [/domain]

The following paragraphs describe the parameters for the Net Accounts command:

  • Forcelogoff: Specifies how long to wait before forcing a user off the system when the user’s logon time expires. The default value, no, prevents users from being forced to log off. If you specify a number, the user will be warned a few minutes before being forcibly logged off.

  • Minpwlen: Specifies the minimum length for the user’s password. Length can be from 0 through 127. The default is 6.

  • Maxpwage: Specifies the number of days a user’s password is considered valid. Unlimited means the password will never expire. Days can be from 1 through 49,710, which is about 135 years. The default is 90.

  • Minpwage: Specifies the minimum number of days after a user changes a password before the user can change it again. The default value is 0. You should usually set this value to 1 day in order to prevent users from bypassing the Uniquepw policy.

  • Uniquepw: Indicates how many different passwords the user must use before he or she is allowed to reuse the same password again. The default setting is 5. The range is from 0 to 24.

  • Domain: Specifies that the operation should be performed on the primary domain controller rather than on the local computer.

If you enter Net Accounts without any parameters, the command simply displays the current policy settings.

Here’s an example that sets the minimum and maximum password ages:

C:>net accounts /minpwage:7 /maxpwage:30