Powershell – Windows: change own password of standard user by using commandline

passwordpowershellscriptinguserswindows-command-prompt

I want to change the password of the current logged in Windows user (no Active Directory) in a scriptable way. The users have the right to change their own passwords and already can change the password via GUI. But I've no way to integrate this in a script.

I've tried net use %user% %newpassword% but that only seems to work if the current user has admin rights.

I've also tried a powershell script:

param (
    [string]$oldPassword = $( Read-Host "Old Password"),
    [string]$newPassword = $( Read-Host "New Password")
)

$MethodDefinition = @'
[DllImport("netapi32.dll", CharSet = CharSet.Unicode)]
public static extern bool NetUserChangePassword(string domainname, string username, string oldPassword, string newPassword);
'@

$NetAPI32 = Add-Type -MemberDefinition $MethodDefinition -Name 'NetAPI32' -Namespace 'Win32' -PassThru

$NetAPI32::NetUserChangePassword('.', $env:username, $oldPassword, $newPassword)

This gives "True" but nothing changes.

Has anyone an idea how I can change the password via script?

Best Answer

I have found the answer:

$oldpw = "oldpassword"
$newpw = "newpassword"
$user = $env:username
$computer = $env:computername
$user = [adsi]"WinNT://$computer/$user"
$user.ChangePassword($oldpw, $newpw)

This worked for me. Thank you for your replies!

Related Solutions

Python – Secure method of changing a user’s password via Python script/non-interactively

You pass the password in the command line you are executing. Those may probably be visible not only in your terminal, but also by other users issuing 'ps' command (that may depend on the system configuration). And the password is plain text.

I don't know Fabric, but if it gives you a possibility to communicate with executed commands via their stdin/stdout (like subprocess.Popen()), then it would be probably a better choice to use that instead of 'echo username:password|...'.

Also, you may chose to create the password hash in your Python script (using the crypt module and "$1$XXXXXXXX$" ("X" are random characters) salt) and pass that to chpasswd -e. The plain text password will never be displayed or logged then.

You generate the password hash with the crypt module like so:

import crypt
p='secretpassword'
print(crypt.crypt(p))

And you can pass the output to chpasswd -e like this:

`echo 'someusername:passwordhash' | chpasswd -e`

How to Change Current User’s Domain Password Without Being Domain Admin

Try this, i dont know if this will work fot you. its VB script

Dim UserName
Dim UserDomain
UserDomain = InputBox("Enter the user's login domain name")
UserName = InputBox("Enter the user's login name")
Set User = GetObject("WinNT://"& UserDomain &"/"& UserName &"",user)


Dim NewPassword
NewPassword = InputBox("Enter new password")
Call User.SetPassword(NewPassword)

If err.number = 0 Then
        Wscript.Echo "The password change was successful."
Else
        Wscript.Echo "The password change failed!"
End if

check this http://technet.microsoft.com/en-us/library/cc780332%28WS.10%29.aspx! domain logon

Related Topic