I was beaten by a customer with a poor explanation. Turned out there were handful of users that had that flag set incorrectly, i.e. to 0 instead of -1 (which disables the lock out). Apparently to that admin, that "handful" (which she was in) was "everybody." groan
Don't use a password. Generate a passphrase-less SSH key and push it to your VM.
If you already have an SSH key, you can skip this step…
Just hit Enter for the key and both passphrases:
$ ssh-keygen -t rsa -b 2048
Generating public/private rsa key pair.
Enter file in which to save the key (/home/username/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/username/.ssh/id_rsa.
Your public key has been saved in /home/username/.ssh/id_rsa.pub.
Copy your keys to the target server:
$ ssh-copy-id id@server
id@server's password:
Now try logging into the machine, with ssh 'id@server', and check-in:
.ssh/authorized_keys
Note: If you don't have .ssh dir and authorized_keys file, you need to create it first
to make sure we haven’t added extra keys that you weren’t expecting.
Finally, check to log in…
$ ssh id@server
id@server:~$
You may also want to look into using ssh-agent if you want to try keeping your keys protected with a passphrase.
Best Answer
Do you have Domain Admin rights? or Local admin rights if not in a domain?
You can select the user in either "Active Directory Users and Computers" or "Computer Management". Then you can choose "User must change password at next login".
Or: You can change group policy to force it expired
gpedit.msc..computer config..windows settings..security settings..account policies..password policy