Skip to content
BLOG

How to change local account passwords remotely

Brock Bingham candid headshot
Brock Bingham|March 28, 2024
General grey
General grey
Sections

Changing local account passwords in Windows is super easy — until you realize you need to do it on a thousand-plus computers. While you contemplate handing in your resignation, let me assure you that changing that many local account passwords is easier than you think, and I’ll walk you through the entire process.

How to change a local account password on Windows 10 and Windows 11

Changing the password of a local Windows account is easy with Control Panel. This process hasn’t changed much over the years and works for both Windows 10 and Windows 11 devices.

  1. Enter Control Panel into the Windows search bar, then click the Control Panel app result.

    Open the Control Panel app from the Windows Start menu.

  2. In Control Panel, click User Accounts, then click User Accounts again.

    Navigate to and open the User Accounts administration panel.

  3. Click Manage User Accounts.

  4. Select the account you want to change the password for, then click Reset Password.

    Select the account you want to manage and click Reset Password.

  5. Enter the new password for the account, then click OK.

    Enter a new password for the account and click OK.

If I only need to change the local account password of the computer I’m currently logged into, this is my go-to method. No fancy terminal, script, or program. Just good ol’ reliable Control Panel. However, if we need to manage this process remotely, especially at scale, we’ll need to use a different approach.

How to change remote local user account passwords with PowerShell

PowerShell is the one-stop shop for all your Windows 10 and Windows 11 administration needs. It can simplify complex tasks, including updating local user account passwords on remote devices. It’s like the MacGyver of Windows utilities.

Here’s the script we’ll use to modify the local account passwords on remote devices.

$computers = "<computer1>", "<computer2>" $password = Read-Host 'New password' ForEach ($computer in $computers) { $computer $user = [adsi]"WinNT://$computer/<username>,user"; $user.SetPassword($password); $user.SetInfo(); }
A screenshot of the PowerShell code used to modify local user accounts on remote devices.

When you run this PowerShell script, it asks you to enter a new password to be used for the targeted local account. Then, the ForEach loop goes through each computer, targets the included username, and changes the password accordingly. To use this script, just ensure that you modify the <computer> and <username> entries to match your environment information. You can also add more devices to the $computers variable. Just make sure each entry is formatted correctly and that each entry is separated by a comma.

While this is a fairly basic script, it can be modified to meet the needs of most organizations. You can easily change the $computers variable to accept a .TXT or .CSV file containing a list of computer names, letting you run this script against hundreds or thousands of endpoints. Pretty cool, right? Well, what if I told you there’s an even easier way to manipulate local user account passwords en masse?

How to change local account passwords remotely with PDQ Inventory

PowerShell is amazing, but even it can’t compete with the ease and functionality of PDQ Inventory when it comes to certain tasks. PDQ Inventory allows you to rapidly send remote commands to targeted devices. Here’s how quick and easy it is to remotely change the local account password of multiple Windows devices in PDQ Inventory.

If you don’t have access to PDQ Inventory but want to follow along with the guide, we’ve got you covered. Download a free trial of PDQ Inventory and follow our getting started guide to get up and running in minutes.

  1. In PDQ Inventory, use the Shift or Ctrl keyboard keys to select the target devices.

  2. Right-click on any of the selected devices, then click Tools > Run Command.

    Launch the Run Command tool in PDQ Inventory.

  3. Set the command type to PowerShell or CMD.

    Select the desired command type in the run command window.

  4. For PowerShell, use this command: Set-LocalUser -Name "<username>" -Password (ConvertTo-SecureString -AsPlainText "<new_password>" -Force)

  5. For CMD, use this command: net user <username> <new_password>

  6. When the command has been added, click Execute to run the tool. If the command runs successfully, it returns “The command completed successfully.”

    Click execute to run the command.

The commands should return a successful prompt within a couple of seconds of execution. Just ensure you modify the <username> and <password> placeholders in the commands to match the username and password you need to manage.

To summarize, select the devices, open the run command window, enter the command, then hit Execute. It literally takes me longer to walk to the fridge and grab a Mountain Dew than it does to change the local password on potentially hundreds of devices.

Security risks of passing credentials over remote command

Before we clink our Mountain Dews together in celebration, we need to discuss the risks of transmitting credentials to remote devices using remote commands.

The problem with the above remote methods is that the password is transmitted over the network in plaintext, drastically increasing the risk of a threat actor obtaining the local account credentials. While there are methods to encrypt the information, they are beyond the scope of this article. But here are some resources to get you started.

While the above resources are great for learning how to secure sensitive information using PowerShell, there’s an even better way to manage Windows local administrator accounts.

The best way to manage local administrator accounts in Windows

If you’re looking for the absolute best way to manage local administrator accounts in a Windows environment, then LAPS is your answer. LAPS, short for Local Administrator Password Solution, is a free Microsoft Windows feature that automatically manages local administrator account passwords on Entra- or Active Directory-joined computers. The answer is right there in the name.

LAPS works by randomly generating and regularly rotating local administrator account passwords and storing the information securely in Microsoft Entra ID or Active Directory. You can configure how often the passwords are generated and what users or groups can access the information. It even works seamlessly with PDQ Deploy and Inventory.

If this sounds like the perfect solution for managing your local administrator accounts, that’s because it is. We’ve even got a guide to help you configure LAPS in your environment, which walks you through the entire process.

The coveted art of efficiency

Managing local user accounts manually is tedious, time consuming, and technically outdated. Hopefully, the methods in this article get you started on a path to becoming a more efficient and stress-free sysadmin.

Pro tip: Just because you’ve learned how to be more efficient doesn’t mean you have to tell your boss. I won’t tell if you don’t. 😉

Brock Bingham candid headshot
Brock Bingham

Born in the '80s and raised by his NES, Brock quickly fell in love with everything tech. With over 15 years of IT experience, Brock now enjoys the life of luxury as a renowned tech blogger and receiver of many Dundie Awards. In his free time, Brock enjoys adventuring with his wife, kids, and dogs, while dreaming of retirement.

Related articles

Illustration of computer with shield and lock that represents security

How to read a vulnerability scan report

SECURITY

Security green

What is attack surface management?

SECURITY

Illustration that shows logo of PDQ Connect

PDQ Connect announces custom fields

PRODUCT