How-To Geek

Change the Length of Time When Users Need to Change their Login Password

If you’re the administrator of a shared computer or a few in the office, you probably want to have the users change their password periodically for enhanced security. Here’s how to do it in Windows 7 & XP.

Note: This uses Local Security Policy which is not available in Home versions of Windows. These are local settings on machines not on a domain. Domain settings will take precedence over local settings.

Changing Password Age in Windows 7

Log in as Administrator and type Secpol.msc into the Search box of the Start Menu and hit Enter.


Local Security Policy opens. Navigate to Account Policies \ Password Policy and double-click on Maximum password age.


Here you can change the Maximum password age to what you want. By default it is 42 days, but you can change it from 1-999 days. When you’re finished, click OK and close out of Local Security Policy Editor.


If you were set it to zero, the password would never expire.


Changing Password Age in XP Professional

While easy in Windows 7, XP gets a bit more tricky. First go to Start \ Run and type mmc and Enter.


The Console opens and you want to go to File then select Add/Remove Snap-in…


Now click on the Add button…


Scroll down and highlight Group Policy Object Editor…then click Add.


Under Group Policy Object make sure it says Local Computer and click Finish.


Now you will need to navigate to Local Computer Policy \ Computer Configuration \ Windows Settings \ Security Settings \ Account Policies \ Password Policy. Then as before double-click Maximum password age.


Then change it to whatever you want it to be.



If you want to make users on your local machine(s) to change their passwords periodically, changing the password age is how to get it done. You should have users change their password regularly and encourage them to use strong passwords as well.

Brian Burgess worked in IT for 10 years before pursuing his passion for writing. He's been a tech blogger and journalist for the past seven years, and can be found on his about me page or Google+

  • Published 07/8/10

Comments (6)

  1. aurelio

    How to restore windows 7 to its factory set-up?

  2. AF

    Windows XP isn’t more tricky. You can access the Local Security Policy window exactly the same way as in Windows 7. Optionally, you can open up the Group Policy Editor (gpedit.msc) instead of manually adding the Group Policy snap-in to a MMC window.

  3. Jose

    You can do the same thing in all version of Windows 7 (and Vista too) using a command to set the maximum password age. Open a command window with admin rights and type (without the quotes) “net accounts /MAXPWAGE:xx” where xx can be anything from 1 to 999. Use /MAXPWAGE:UNLIMITED to completely disable password age expiration checking. Simply entering “net accounts” without any parms will show all the password constraint settings. “net accounts ?” to see all possible command options.

  4. Peter

    You really have to consider the password length when deciding on the maximum password age. If you allow users to use 5 character passwords, you should change them more often than if you require 8 character passwords. You also need to adjust the minimum password age or users will quickly cycle through all their passwords to get back to the one they like/remember.

  5. Roi

    Why does the error: “An attempt was made to reference a token that does not exist” pop up when I type “secpol.msc”?

  6. stefano

    This doesn’t work for Win7 home premium.
    I just want my local user account to never expire but can’t find out how to change the local account password policy

More Articles You Might Like

Enter Your Email Here to Get Access for Free:

Go check your email!