How To Change Passwords on Remote Windows Systems Using SyInternals PsPasswd

We all know that a good Administrator will find a way to automate or make boring tasks easy. Changing passwords on Windows systems, usually Administrator accounts, is one of those we least like to do but have to for audit purposes and also when other administrators leave.

Well, here is another tool that can help with changing passwords. The free utility PsPasswd is part of Microsoft’s SysInternal’s PsTools that lets you change an account password on the local or remote systems, to enable admin’s to create batch files that run PsPasswd against the computers they manage to perform a mass change of the administrator password.

And for security, PsPasswd does not send passwords over the network in the clear. You can use PsPasswd to change the password of a local or domain account on the local or a remote computer.

So how does it work?

usage: pspasswd [[\\computer[,computer[,..] | @file [-u user [-p psswd]]] Username [NewPassword]

computer – Perform the command on the remote computer or computers specified. If you omit the computer name the command runs on the local system, and if you specify a wildcard (\\*), the command runs on all computers in the current domain.
@file – Run the command on each computer listed in the text file specified.
-u – Specifies optional user name for login to remote computer.
-p – Specifies optional password for user name. If you omit this you will be prompted to enter a hidden password.
Username – Specifies name of account for password change.
NewPassword – New password. If ommitted a NULL password is applied.

So say we wanted to change the password on a server.

pspasswd \\win2008tst -u myadmin -p myadmpasswd Administrator newpasswd

That’s all. Now say we don’t want to pass the password on the command line, then omit the -p and a popup will prompt you for the password.

Let’s go a step further and make the changes to  a list, no problem with the @file parameter. Create a text file and now use the command.

pspasswd @c:\myservers.txt -u myadmin -p myadmpasswd Administrator newpasswd

Now we have changed the password on multiple servers with one command, sweet!

So there you have it, another tool to add to your box of tricks!

One Response to “How To Change Passwords on Remote Windows Systems Using SyInternals PsPasswd”

  1. S Pop says:

    Is there a way to log the success failure of each machine where the password was changed (or not)?

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.