I hate the account password expiration feature on XP. But on XPe image it is even worth because your users may get stuck there forever if their account is expired. Giving the fact that your locked down image may not allow to fix the problem with GUI, the person who is administrating the target devices will hate you even more.
So, how to get rid of the account password expiration? Actually, easy. A few way you can accomplish that depending on what's included in your image already:
- Use GUI User Manager at run time to change that flag.
- Run the following command at run time:
net accounts /maxpwage:unlimited
You can automate and launch it during FBA with FBA Generic command, for instance.
- My favorite: use command line version of User Manager - usrmgr.exe tool from 2K or XP Resource Kit. It supports a command line argument to change the password expiration on selected accounts. E.g.:
cusrmgr.exe -u UserName +s PasswordNeverExpires.
-Use Group Policy (GPO) template to reset the security settings of password expiration timeouts. Here is a nice MS KB article explaining how to do that. The option you are looking for is MaximumPasswordAge under [System Access] section. So, you create a similar INF file, where you set the MaximumPasswordAge to -1 - unlimited, and install it during FBA using secedit.exe tool (Security Configuration Engine Command Line Utility component). Here is a simple INF you could create to get rid of the annoying password expiration feature:
MaximumPasswordAge = -1