none
gpo to run command line to change local password

    Question

  • Hi...

    I have a DC win server 2012 R2 and win 7

    I need to change win 7 local administrator password on logon with command line not with bat file.


    Nagy Anwar

    Thursday, April 20, 2017 2:28 PM

All replies

  • Hi Nagy,

    You should post this on the Win 7 forum as you may get a better response on there, but I'll try and help.

    If you go to a command prompt and type net user then press <ENTER> you'll see a list of all local users.  Then type net user <local user account> * then press <ENTER> you'll be prompted change password and confirm it.  If you get access denied error, ensure you open CLI window with elevated rights.

    Hope this helps.


    • Edited by Stu Cousins Thursday, April 20, 2017 9:59 PM
    Thursday, April 20, 2017 9:57 PM
  • Hi Nagy,
    If you have multiple windows 7 machines which need to change local password, maybe, you could take a look at LAPS, LAPS is a solution to change the local administrator password on all domain joined computers to something complicated, unique, and regularly changed. Please see more details from: https://technet.microsoft.com/en-us/mt227395.aspx?f=255&MSPPError=-2147217396
    Best regards, 
    Wendy

    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Friday, April 21, 2017 9:41 AM
    Moderator
  • hi ....

    I just want to know how to run "net user" command instead of run it from batch file that readable for everyone

    Or

    how encrypt the batch file with the new password


    Nagy Anwar

    Saturday, April 22, 2017 1:21 PM
  • If you have lots of client machines on your network you need to manage/reset the local admin passwords on I'd agree with Wendy about using LAPS.
    Saturday, April 22, 2017 3:37 PM
  • LAPS is currently the most secure available option. It will allow you to create a local admin password per integrated system and you can extract the password through a UI. Of course, you can delegate reading the passwords from the AD attributes. I would strongly recommend doing it that way.

    Another way would be to use Microsoft Orchestrator or psexec through a scheduled task so that you can reset the local admin password without exposing the credentials to end users. Of course, I am referring to run this centrally from a server.

     

    This posting is provided AS IS with no warranties or guarantees , and confers no rights.

    Ahmed MALEK

    My Website Link

    My Linkedin Profile

    My MVP Profile

    Saturday, April 22, 2017 11:39 PM
  • Hi Nagy,

    Just checking in to see if the information provided was helpful. And if the replies as above are helpful, we would appreciate you to mark them as answers, please let us know if you would like further assistance.

    Best Regards,

    Wendy


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Friday, May 5, 2017 12:27 PM
    Moderator