Jump to content
Sign in to follow this  

Resetting a local Windows Account on a Workgroup computer

Recommended Posts

This forum post will describe how to set up a Password Record to automatically reset a Local Windows Admin account on a remote server that is in a Workgroup, and not joined to your domain.


Step 1: Ensure you have prerequisites set up for your web server and hosts, as per this forum post (Once off process)

Step 2: Add new Password Record configured as follows


Screen 1: Ensure you configure the below 5 options correctly and enter in the password for the account.  If you configure an Expiry Date it will automatically change the password in Passwordstate and on the Host when that date is reached.  Please note if you do not have functioning DNS to your Workgroup server, you may need to add it into the system as an IP Address instead.  Please see this forum post on how to configure this:  https://www.clickstudios.com.au/community/index.php?/topic/2127-adding-in-a-host-that-does-not-have-functioning-dns/




Screen 2: Ensure the "Reset Windows Password" script is selected under the Reset Options tab, and in this case you do not need to select a privileged Account.  Instead when a password reset process is executed, it will connect to the machine using it's own credentials, and it will then perform the reset for itself.  There are a couple of prerequisites to allow this to happen, which is mentioned at the bottom of this post:



Screen 3: Ensure the "Validate Password for Windows Account" script is selected under the Heartbeat Options tab:




Prerequisites for WorkGroup machines to allow for password resets and heartbeats:


  1. On your Passwordstate webserver, execute the following Powershell command to trust all hosts:  Set-Item WSMAN:\localhost\Client\TrustedHosts -value *  (It's possible to specify your workgroup server instead of the wildcard * if you prefer) 
  2. Ensure you have enabled Powershell Remoting on the Workgroup machine.  To do this open Powershell "As Administrator" and execute enable psremoting -force
  3. On the same Workgourp machine, you must enable remote connections to the server for your Administrator account.  To do this, open Powershell "As Administrator" and execute the command below, which adds a registry key to your system.  This is a Microsoft requirement and you can read more about it in this link:  https://docs.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_remote_troubleshooting?view=powershell-5.1


New-ItemProperty -Name LocalAccountTokenFilterPolicy -Path `HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System` -PropertyType DWord -Value 1







Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Create New...