PsPasswd - CMD

Overview

PsPasswd is a command-line tool primarily used on Windows operating systems for changing account passwords. This utility is part of the PsTools suite from Sysinternals and is effective in both local and remote administration, allowing administrators to update passwords across multiple machines in a network. It can be particularly useful in large organizations for rapid password updates on user or administrator accounts for compliance or security updates.

Syntax

The basic syntax for using PsPasswd is as follows:

PsPasswd [\\computer[,computer2[,...] | @file]] [-u Username [-p Password]] [-s] [Username [OldPassword]] NewPassword
  • \computer : Specifies the remote computer(s). Leave blank for the local system.
  • @file : Specifies a file that contains a list of computers to process.
  • -u Username : Specifies the username with which to log into the remote computer.
  • -p Password : Specifies the password for the username. If omitted, you’ll be prompted to enter it.
  • -s : Run the command as a system account.
  • Username : Specifies the target username whose password will be changed.
  • OldPassword : Old password of the account (required if changing another user’s password on remote systems).
  • NewPassword : New password that will replace the old password.

Options/Flags

  • -u Username : Use this flag to specify a user name for login to the remote computer.
  • -p Password : Use this flag to specify the password for the user account specified with -u. Leave this option out to be prompted for a password.
  • -s : Execute the PsPasswd command under the System account.

Examples

  1. Change Password on a Local Machine:

    PsPasswd Administrator new_password123

    Changes the password of the local Administrator account to new_password123.

  2. Change Password on Remote Machine:

    PsPasswd \\RemotePC -u admin -p admin_password User01 new_password123

    Changes the password for user User01 on RemotePC using the credentials of the admin account.

  3. Change Password on Multiple Machines:

    PsPasswd @computers.txt -u admin -p admin_password User01 new_password123

    Uses the list of computers specified in computers.txt to change the password for User01.

Common Issues

  • Access Denied: Make sure you have administrative privileges on the target machine.
  • Failed Connections: Check network settings, firewall rules, and ensure that the remote machine is accessible.
  • Password Complexity Errors: Ensure the new password meets the complexity requirements of the system or domain.

Integration

PsPasswd can be integrated with scripts to automate password changes. For example, combining with for loops:

for /f %i in (servers.txt) do PsPasswd \\%i -u admin -p admin_password User01 new_password123

This script changes the password for User01 across multiple servers listed in servers.txt.

  • PsExec: Execute processes remotely.
  • PsGetSid: Display the SID of a computer or a user.
  • Net User: Command used for adding, removing, and modifying user accounts on local and remote systems.

Refer to the Sysinternals website for more information and download options for the PsTools suite.