On Windows Server 2008 R2, I have a standard (non-administrator) local user (not an Active Directory account, though the server is in a domain) who has access to the server only via PowerShell Remoting. The user cannot login via RDP.
I would like this user to be able to change their password. The 'net user' command requires administrator rights, even if the user is trying to change their own password.
How can a standard user change their password from the command line?
Here's some PowerShell code to do what you're looking for with domain accounts:
The ASDI provider also supports the syntax
WinNT://computername/username
for theChangePassword()
method. TheADSystemInfo
object, however, won't work for machine-local accounts, so just retrofitting the code above withWinNT://...
syntax isn't workable.(Anybody want to suggest an edit w/ code to differentiate between local and domain accounts?)
On a completely different tack, the old
NetUserChangePassword
API will work with local (and domain, provided you specify the domain name in NetBIOS syntax) accounts, too:This code assumes you're changing a password on the local machine (".").
This is actually pretty simple in PowerShell:
I tried both of the answers above to no avail, for changing the password of a local admin that is not domain-joined. Digging through the comments yielded what I needed though.
For the second part of the currently accepted answer, you want to update the signature to use
long
instead ofbool
return value, and these can be troubleshooted over at the system error codes docs. So you end up with:However, that did not work for me. The error codes alternated between 86 and 2221, depending on how I set up the parameters. Was about to give up and dug more into the comments, and finally found success in doing:
Absolutely ridiculous that simple CHANGING of a local admin password is so complicated in Powershell. If you store securestrings at all on your system, then updating the password must be done with supplying the old password, or risk losing ability to properly decrypt those secure strings!