Category filter
Troubleshoot password policy issues on Windows devices
With Hexnode UEM, IT admins can enforce password policy on Windows devices. However, the policy association might fail due to several device-specific reasons. This document provides insight into some troubleshooting measures which you can adopt to solve issues that might occur while associating a password policy on Windows devices via Hexnode UEM.
1. Password policy not getting associated with the device successfully and returns an error message stating ‘Invalid Payloads’.
Probable cause:
This can be caused if there are any password change restricted users on the device.
Solution:
Try executing the following script to check whether there is a password change restricted user on the device. You can use the Execute Custom Script action to execute a script.
1 2 3 4 |
$changePasswordRestrictedUsers = Get-LocalUser | Where-Object { $_.Enabled -eq $True -and $_.UserMayChangePassword -eq $False } Write-Host "Restricted user count: ", $changePasswordRestrictedUsers.count $microsoftAccounts = Get-LocalUser | Where-Object { $_.Enabled -eq $True -and $_.PrincipalSource -ne "Local" } Write-Host " Other users count: ", $microsoftAccounts.count |
If the code returns an output stating that restricted user accounts are present, then execute the following script. It removes the password change restriction of the users.
1 2 3 4 5 6 |
$changePasswordRestrictedUsers = Get-LocalUser | Where-Object { $_.Enabled -eq $True -and $_.UserMayChangePassword -eq $False } foreach ($user in $changePasswordRestrictedUsers) { $result = net user $user.Name "/PasswordChg:Yes" Write-Host "Password change restriction for user", $user.Name, "is removed." } |