Puppet on Windows: set Administrator password to never expires

When maintaining windows server with puppet, it could be interesting to set your Administrator password to never expires.
Since you want to manage your passwords through puppet, and not manually by some hyper active sysadmin, this comes in handy.

Note the fact that it is wise to change passwords now and then 😉

On Windows you can only manage passwords through puppet… not any other expire settings.
You can read here that puppet on Windows does not support manages_password_age.

Therefor, after searching and testing a lot, I came with this class:

You’d think that instead of using WMIC USERACCOUNT, you can use a simple ‘net user administrator /expires:never, but that does not seem to be the case. Although your puppet agent reports that the setting has been modified, it did not… I only got it working with the WMIC command.

Also, when using | in the unless, you need to put the cmd.exe /c in your command. This is intended behaviour because of this:

Exec: Execute external binaries on Windows systems. As with the posix provider, this provider directly calls the command with the arguments given, without passing it through a shell or performing any interpolation. To use shell built-ins – that is, to emulate the shell provider on Windows — a command must explicitly invoke the shell

Leave a Reply

Your email address will not be published. Required fields are marked *