I was performing a security audit on a Windows 2003 member server that had many local user accounts. One of my tasks was to identify which accounts had passwords that never expire.
I decided to use WMIC to enumerate the user accounts. The command I executed was:
wmic path Win32_UserAccount where PasswordExpires=”false”
Many accounts were identified, so I decided to save the output to the noexpire.cvs file:
wmic /output:noexpire.csv path Win32_UserAccount where PasswordExpires=”false”
WMIC is included in Windows XP, Windows 2003 and newer operating systems. You can use these platforms to remotely query a Windows 2000 system as well.
I could have scanned the server with MBSA to find the non-expiring passwords, but the scan would have been extremely evident in the server’s log files.