If you’re reading this, it most likely means that you’re looking for a way to change your Windows password remotely, i.e. from a Remote Desktop connection [RDP protocol]: this is a typical scenario for remote workers and system administrators who often have to access remote systems [such as Virtual Machines] through another Windows machine.
When such situation arises, the standard CTRL + ALT + DEL key combo cannot be used, because it would be captured by the local OS [the one used by the PC we’re using to access the remote environment], which will prompt its own change password screen: therefore, we would be able to change the local Windows account password instead of the remote one.
Using CTRL + ALT + END
Luckily enough, there is another key combo that we can use to trigger the change password screen on the remote system: CTRL + ALT + END. This command is specifically meant to be the “three-finger salute” equivalent for remote desktop connections and can be safely used to remotely change password, because it won’t be “intercepted” by the local OS in any way.
The END key is usually located close to the CANC key [that’s arguably why it was chosen as replacement hotkey].
Using the On-Screen Keyboard
If you don’t want [or you are unable] to use the CTRL + ALT + END key combo, you can still access the “change password” screen using the Windows On-Screen Keyboard. To activate it, just click to the Start menu, then type “ost” and click to the On-Screen Keyboard icon that will show up.
Now we can press CTRL + ALT using the hardware keyboard and then simultaneously click the third key [DEL / CANC] using the On-Screen Keyboard, thus determining the “three-finger salute” key combo on the remote PC.
What if it’s already too late?
In the unfortunate event that the password expires before you can change it, the remote access tool will give you an error message like this when you connect:
An authentication error has occurred. The Local Security Authority cannot be contacted. This could be due to an expired password. Please update your password if it has expired. For assistance, contact your administrator or technical support.
In this case, all we can do is contact your System Administrator [or IT help-desk support] and request a password reset: once this is done we’ll able to log back into the remote system and change the default password with a personal, secureone.
Why Windows doesn’t warn me?
As you most likely already know, if your Active Directory [or local group policy] has been configured with expiring passwords, all users will receive a dedicated warning some days before the expiration date to remind them about changing their passwords before it’s too late.
However, these warnings will only be shown when the user session is actually opened – i.e., when the user performs the login process.
To put it in other words, you need to “open” your user session to receive that warning: if you connect back to an existing session, you won’t receive such notice.
Unfortunately, when using Remote Desktop, most users don’t perform the logout / disconnect process, they just shut down the RDP client and then re-open it to reconnect whenever they need to: when they do this, the same AD user session is kept open and “recycled” over and over [the remote login process is used to “reconnect to it” instead of open a new session]; for that very reason, the system never get the chance to properly warn them. Such scenario doesn’t occur when those users physically work on their device, because their user session will also end whenever they perform a reboot, power off, or other maintenance activities that frequently occur during their daily activity at the office, yet often avoided when using RDP.
Anyway, the only possible “workaround” for this issue is to force the users to close their user session before closing the RDP client: this can be easily done using the Disconnect command available from the Windows Start menu.
Conclusions
That’s it: we hope that this post will help many Windows users who are looking for a way to remotely change their password through Remote Desktop connection [RDP].
As a regular user of Remote Desktop sessions, you may have been confronted with the case to change your password. Control-Alt-Delete [CTRL-ALT-DEL] doesn’t allow you to change the password in the remote session, but instead gives you a menu on your actual host
Change password in Remote Desktop
There are many ways to change your password. Of course, when you’re working on your physical computer, you may just hit CTRL-ALT-DEL, but this won’t work in an RDP session
CTRL-ALT-END
Sometimes [but not always], CTRL-ALT-END helps you “ctrl-alt-delete” the session to change your password in the remote session. CTRL-ALT-END is the equivalent to CTRL-ALT-DELETE in RDP. However it depends on the OS-version session settings whether this works or not.
On screen keyboard
The On Screen Keyboard [OSK] is a virtual keyboard on your screen. This works in Windows Server 2012 / Windows 7 and higher. To reset your password with the OSK, follow these steps:
- Click Start
- Type osk and hit enter to open the on screen keyboard.
If this doesn’t work, press Windows+R to open your Run Command window. Type osk and click OK - Press and Hold CTRL-ALT keys on your physical keyboard and then click on the DEL key in the virtual keyboard [on screen]
- Minimize the OSK
- Click Change a password.
Run the shell
You can directly launch the shell to get the Windows Security Options displayed. To do so, open the Run-box or open a command prompt and copy-paste:
C:\Windows\explorer.exe shell:::{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}
Run a VBS-script
This one is nice too. Copy paste the lines below to a Notepad and save the file as securityoptions.vbs . Then open/run/execute the VBS. It will launch the Windows Security Options screen to change the password
************************************ Set objShell = CreateObject[“Shell.Application”] objShell.WindowsSecurity
***********************************
ALTGR-END
In case you have a keyboard with the ALTGR-key, you may also use ALTGR+END to simulate CTRL-ALT-DELETE. I believe German keyboards in particuar have this key.
Reset your password in an RDP session
In contrast to changing a password, resetting a password does not require you to remember the current password. Instead you just overwrite the existing password [if any] and set a new password.
Active Directory Users and Computers
When logged on to a computer that has active directory tools installed, you may use Active Directory Users and Computers to reset the password . You need user account privileges to do so, however.
- Open Active Directory Users and Computers from your startmenu [or quicker: Start -> Run -> dsa.msc]
- Localize the account [tip: at top level, right-click and choose Find… ]
- Right-click the account, and choose Reset Password…
Net user
Assuming it’s a local user [so NOT a domain user account], you can use net user to change a users’ password. To do so:
- Click Start -> Run [or press Win+R]
- Type something like “net user $username $password”. I.e. if the user account is named Peter, you could reset its password by typing: net user Peter P@55w0rd.
Powershell: Set-ADAccountPassword
In case of a domain user account, you may use the Set-ADAccountPassword cmdlet in Powershell. Note that the Active Directory module must be loaded.
Set-ADAccountPassword -Identity Peter -NewPassword [Read-Host -Prompt “Provide New Password” -AsSecureString] -Reset
Powershell: Set-LocalUser
In case of a local user, you may use the Set-LocalUser cmdlet in Powershell to reset a local users’ password
Get-LocalUser ‘Peter’ | Set-LocalUser -Password [Read-Host -Prompt “Provide New Password” -AsSecureString]