0

I'm trying to script / psuedo-automate credential updates.

My goal is to be able to change a User Password without being logged in as the user and doing CTRL+ALT+DEL, without losing access to the Credential Manager Secrets that are wiped when a users password is changed any way except through the CTRL+ALT+DEL password change.

My idea is this :

  • On an admin account remotely trigger a Powershell/Command Prompt.
  • Utilize "RunAs" to Run the "net user USERNAME PASSWORD" command as that user.
  • See if this maintains the Credential Manager and Secrets that are associated with the user account.

However, when I am on the admin account and try to trigger something like

  • "Start-Process powershell -Credential USERNAME"

I always get "The service cannot be started, either because it is disabled or it has no enabled devices associated with it."

Google is failing me as most of the services I see that need to be enabled are.

Jibril
  • 967
  • 2
  • 11
  • 29
  • 1
    Ensure the `Secondary Logon` service is running on the target machine (`Get-Service seclogon`). – Mathias R. Jessen Aug 16 '22 at 13:18
  • Perfect, this actually let me launch the Powershell. Thank you! Do you happen to know, relatedly before I post it as a separate question (Google fails me here, but I have to imagine its possible) if it is possible to *remotely* change a Users Password on Windows WITHOUT the Credential Manager and associated secrets being destroyed? – Jibril Aug 16 '22 at 13:23
  • 1
    I'm afraid I don't know the exact decision-making logic for purging credential manager entries on password change, no :) – Mathias R. Jessen Aug 16 '22 at 13:28

0 Answers0