Jump to content
Sign in to follow this  
support

Reset Windows Password (by Click Studios)

Recommended Posts

Script Name

Reset Windows Password 

 

Description

Reset password for local account on Windows host

 

System Requirements

  • PowerShell 2.0 or above
  • PowerShell Remoting enabled
  • Firewall to allow access

 

Successfully Tested Against

  • Windows Server 2008 & R2
  • Windows Server 2012 & R2
  • Windows 7 Desktop
  • Windows 8 & 8.1 Desktop

 

Failed Testing Against

  • None reported 

 
PowerShell Script

<#
.SYNOPSIS
Connect to a Windows host using the supplied Privileged Account Credentials, and change the password for a local account.
.NOTES
Requires PowerShell Remoting to be enabled
#>
function Set-WindowsPassword
{
	[CmdletBinding()]
	param (
		[String]$HostName,
		[String]$UserName,
		[String]$NewPassword,
		[String]$PrivilegedAccountUserName,
		[String]$PrivilegedAccountPassword
	)
	
	$scriptBlock = {
		param ($HostName, $UserName, $NewPassword)
		
		#Verify account exists before attempting password change
		$colusers = ([ADSI]("WinNT://$HostName,computer")).children | ? { $_.psbase.schemaClassName -eq "User" } | Select -expand Name
		if ($colusers -contains $UserName)
		{
			$account = [ADSI]"WinNT://$HostName/$UserName,user"
			$account.psbase.invoke("SetPassword", $NewPassword)
			$account.psbase.CommitChanges()
			Write-Output "Success"
		}
		else
		{
			Write-Output "UserName does not exist"
		}
	}
	
	try
	{
		#Establish the PowerShell Credentials used to execute the script block - based on the Privileged Account Credentials selected for this script
		$CredPassword = ConvertTo-SecureString $PrivilegedAccountPassword -AsPlainText -Force
		$Credentials = New-Object System.Management.Automation.PSCredential($PrivilegedAccountUserName, $CredPassword)
		
		#Execute the command and put the output in an array.
		$resultsarray = Invoke-Command -ComputerName $HostName -Authentication 'Default' -Credential $Credentials -ScriptBlock $scriptBlock -ArgumentList $HostName, $UserName, $NewPassword 2>&1 #Using 2>&1 to ensure STDERR is piped to STDOUT
		
		if ($resultsarray -eq "Success")
		{
			Write-Output "Success"
		}
		else
		{
			switch -wildcard ($resultsarray.ToString().ToLower())
			{
				"*WinRM cannot complete the operation*" { Write-Output "Failed to reset the local Windows password for account '$UserName' on Host '$HostName' as it appears the Host is not online, or PowerShell Remoting is not enabled."; break }
				"*WS-Management service running*" { Write-Output "Failed to reset the local Windows password for account '$UserName' on Host '$HostName' as it appears the Host is not online, or PowerShell Remoting is not enabled."; break }
				"*cannot find the computer*" { Write-Output "Failed to reset the local Windows password for account '$UserName' on Host '$HostName' as it appears the Host is not online, or PowerShell Remoting is not enabled."; break }
				"*no logon servers available*" { Write-Output "Failed to reset the local Windows password for account '$UserName' on Host '$HostName'. There are currently no logon servers available to service the logon request."; break }
				"*currently locked*" { Write-Output "Failed to reset the local password for account '$UserName' on Host '$HostName'. The referenced account is currently locked out and may not be logged on to."; break }
				"*user name or password is incorrect*" { Write-Output "Failed to reset the local password for account '$UserName' on Host '$HostName' as the Privileged Account password appears to be incorrect, or the account is currently locked."; break }
				"*username does not exist*" { Write-Output "Failed to reset the local password for account '$UserName' on Host '$HostName' as the UserName does not exist."; break }
				#Add other wildcard matches here as required
				default { Write-Output "Failed to reset the local password for account '$UserName' on Host '$HostName'.Error = $resultsarray." }
			}
		}
	}
	catch
	{
		switch -wildcard ($error[0].Exception.ToString().ToLower())
		{
			"*The user name or password is incorrect*" { Write-Output "Failed to connect to the Host '$HostName' to reset the password for the account '$UserName'. Please check the Privileged Account Credentials provided are correct."; break }
			"*cannot bind argument to parameter*" { Write-Output "Failed to reset the local password for account '$UserName' on Host '$HostName' as it appears you may not have associated a Privileged Account Credential with the Password Reset script."; break }
			#Add other wildcard matches here as required
			default { Write-Output "Failed to reset the local Windows password for account '$UserName' on Host '$HostName'. Error = " $error[0].Exception }
		}
	}
}

#Make a call to the Set-WindowsPassword function
Set-WindowsPassword -HostName '[HostName]' -UserName '[UserName]' -NewPassword '[NewPassword]' -PrivilegedAccountUserName '[PrivilegedAccountUserName]' -PrivilegedAccountPassword '[PrivilegedAccountPassword]'

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×