Expiring passwords when allow password downgrade is set to 0

Expire passwords in syslogins at the end of the password downgrade period.

To configure login passwords to expire, use:

sp_passwordpolicy "expire login passwords"[, "[loginame | wildcard]"

To configure role passwords to expire, use:

sp_passwordpolicy "expire role passwords"[, "[rolename | wildcard]"

To configure stale login passwords to expire, use:

sp_passwordpolicy "expire stale login passwords", "datetime"

To configure stale role passwords to expire, use:

sp_passwordpolicy "expire stale role passwords", "datetime"

Passwords that are not changed since the date you set in the datetime parameter of the sp_passwordpolicy "expire stale login passwords," expire when you execute the command. Users are automatically required to change their passwords after the password downgrade period ends.

You can also lock stale logins or roles; however this requires you to reset the password manually for legitimate users to access their login account again.