Windows 11: Enforcing password resets for local group users


Admins can force users to reset their respective passwords during their next Windows 11 login by making a few simple changes on a difficult-to-find configuration screen.

Image: Mark Kaelin/TechRepublic

Regardless of the size of your organization, following best practice security procedures are fundamental to your operation and should never be dismissed. One of these fundamental security procedures is the period resetting of a strong login password — a security task that users are understandably reluctant to participate in.

SEE: Use this checklist from TechRepublic Premium to secure your Windows 11 systems.

In Windows 11, administrators of local user accounts can force members to reset their respective passwords on their next login by making a simple change on a specific configuration screen. Navigating to this screen requires a few steps and may involve a less-than-intuitive flip of more than one switch, but doing so will force you users to reset their Windows 11 login passwords.

Force users in a local group to reset their passwords in Windows 11

For better or worse, Microsoft has decided to make navigating to the correct configuration screen for this process much more difficult than it should be. For example, you cannot reach the proper setting through Settings, and typing “user control” into the Windows 11 desktop search box will not reveal the proper settings area either. Instead, we must rely on an old, but useful, configuration wizard.

To open the configuration tool, press the keyboard combination of Windows Key + R, and type “netplwiz” into the command text box. This will open the User Accounts control panel (Figure A).

Figure A

A red arrow pointing to the Advanced tab in the User Accounts menu in Windows 11
Access the User Accounts control panel via the Windows 11 command line.

Click the Advanced tab in the User Accounts pop-up, and then, click the Advanced button under the Advanced user management section (Figure B).

Figure B

A red circle around the Advanced button in the Advanced user management section of the User Accounts Advanced settings in Windows 11
Navigate to the Advanced user management settings in Windows 11, and click Advanced.

Clicking the Advanced button reveals the Local Users and Groups manager (Figure C). Click on the Users folder to reveal the list of local users. This screen is where we will make our settings changes to force users to reset their passwords.

Figure C

Windows 11 Local Users and Groups manager open with the Users folder selected
From the Windows 11 Local Users and Groups manager, select the Users folder.

Right click a username from the list, and select Properties from the dropdown context menu, which will open the Properties screen for that specific user (Figure D). We are interested in the set of checkboxes at the bottom of this screen.

Figure D

User must change password at next logon and Password never expires circled in red in the LocalMark Properties pop-up
Configure local users’ Properties so that Password never expires is unchecked and User must change password at next logon is checked.

We want to place a check in the first checkbox, which is labeled User must change password at next logon. But, in many cases, that setting may be grayed out and unavailable. To make it available, first uncheck the box labeled Password never expires.

When the change to settings is complete, click Apply and then OK to finish the process. Perform this task on other users from the list as you see fit, and when you have finished, you can exit both the Local Users and Groups manager and the User Accounts control panel.

Now, the next time a user logs in to Windows, they will be asked to reset their password following the standard rules for password creation.

There are other methods for forcing individuals to reset their Windows 11 login passwords, which involve administrative tools found in Azure. These tools are designed for organizations with more than a few users and require more in-depth tutorials.



Source link