Targeting Windows passcode policy to specific local accounts onlySolved

Hello,

Thanks for reaching out to Hexnode Connect.

Hexnode passcode policies for Windows are enforced at the device level rather than the user level. Because of how the Windows OS handles these configurations, any passcode or password reset policy configured from the portal will natively apply to all local accounts present on that device. Currently, there is no built-in UI toggle to exempt specific local accounts from a device-wide password policy.

However, your idea to use a custom script is a suitable recommended workaround for this exact scenario.

While the Hexnode policy enforces the password reset rules device-wide, you can deploy a PowerShell script via the Execute Custom Script remote action to explicitly configure the IT administrator account so its password never expires. For example, a command like Set-LocalUser -Name YourAdminName -PasswordNeverExpires $true will successfully override the expiration requirement for that specific admin account. Meanwhile, the standard user account will continue to be prompted for password resets based on the schedule defined in your Hexnode policy.

We highly recommend testing the script independently on a single machine to validate the execution context and local account configuration before deploying it to your entire fleet.

I hope this helps. If you find any more issues or need further assistance feel free to reach out.

Best regards,
George,
Hexnode UEM