2

Suppose there is a user account named testuser on a windows machine and it belongs to the Users group and the Users group only. The current password of testuser is known. The question is, how to change the password of testuser in a command line prompt (or powershell) on another windows machine in the same LAN? It would be even better if the old/new passwords can be provided in an interactive manner (i.e. can be hiddenly keyed in when asked, instead of explicitly provided as a command line argument).

Tools/Utilities I tried so far mainly provide the ability to remotely "reset" the password of a user account (requiring admin rights but not current password). What I really want is to "change" the password of a user account (requiring current password but not admin rights). The latter can be done in Windows GUI by "CTRL+ALT+DEL" (by providing "hostname\username" in the user name field). I'm just searching for an equivalent approach in command line prompt.

goodbyeera
  • 59
  • 6
  • Is this a stand alone machine, or an Active Directory domain? – Davidw Dec 03 '14 at 01:57
  • @Davidw It's a standalone machine. There is no AD domain. – goodbyeera Dec 03 '14 at 02:04
  • 3
    As mentioned by @yagmoth555 in an answer below, the official MS method is the `net user` command (which can be sent to a remote computer. It does, however, require administrative rights, and I don't know if there is a way to invoke a password change from a command line. It might be helpful if you'd mention what you're really trying to achieve, as there might be an easier or different approach. – HopelessN00b Dec 03 '14 at 02:33

1 Answers1

0

Hi please check that KB https://support.microsoft.com/KB/149427

You can issue a net user username new_password or net user username * to be prompted the password

Only an admin can issue it or of course under the useraccount. A user GPO could be a good way to send the remote script.

If you can't send the GPO, as in a workgroup in example. Please just make a .bat with the net user username * in it, and copy it on the startup menu for that user remotly or remotly manage the computer and copy it as a local user login script in the local GPO policy.

yagmoth555
  • 16,758
  • 4
  • 29
  • 50
  • The question is how to do that remotely, apparently in a non-AD environment. – Sven Dec 03 '14 at 01:57
  • @Sven ok, correcting my answer :) – yagmoth555 Dec 03 '14 at 02:01
  • Sorry, but this is just nonsense. – Sven Dec 03 '14 at 02:13
  • @Sven Oh well, gonna erase the answer then. but the OP want to initiate a password change remotly, so I assume a user got to be in front of the keyboard. The good way to do it is by forcing it in AD or in the local user group, but he want it scripted. – yagmoth555 Dec 03 '14 at 02:14
  • Yago, I think when the OP says "interactively," he means that the guy at the remote machine would get a command-line based prompt to enter the password(s), and *not*, like you suggest, just force it out by putting stuff in a .bat file or script or GPO. – HopelessN00b Dec 03 '14 at 02:29
  • 1
    @HopelessN00b net user username * ask interactively for the password... If the OP create a script, on the user desktop with that, or pushed in any mean (startup script, local gpo, etc..) the command prompt will open and ask the username the password as it's executed in the user login, I told that way as the OP wanted to force the prompt, or it can be a simple .cmd in the desktop for the user to decide. – yagmoth555 Dec 03 '14 at 02:37
  • You'll need to run it from an account with admin privileges on the remote workstation. You might have to create a local account with the same username and password and use psexec with those credentials to the remote machine to issue the net user command. Ugh. – Katherine Villyard Dec 03 '14 at 17:14
  • @KatherineVillyard I thougth in a workgroup, that when a user run the command for himselft, the system let him do it. – yagmoth555 Dec 03 '14 at 17:16
  • The issue is issuing the command as the user remotely in a workgroup. Hence the create local account/psexec/etc. – Katherine Villyard Dec 03 '14 at 17:23
  • @KatherineVillyard Thats why I proposed to dump the script in the start menu folder as you can easily access the c$ remotly if you know an admin username. With psexec It's a better idea !! I didnt thougth at it. In all case it's ugly, it would be more to educate the user to change is password normally – yagmoth555 Dec 03 '14 at 17:33