Change User Password in an RDP Session on Windows | Windows OS Hub

In this article, we ’ ll prove how to change a user password in an RDP seance on a outback Windows calculator. As a remote control host, you may have either Windows Server with the configure Remote Desktop Services function ( RDSH ), or a window 10 workstation with one or multiple RDP connections are allowed .

The main problem users come across is that you can not open a criterion password change dialogue using the Ctrl + Alt + Delete key combination in a distant Desktop ( RDP ) session. This shortcut is not passed to the RDP session, as it runs on your local anesthetic manoeuver system.

In Windows Server 2003/2008, you could change a drug user password in RDP by clicking the Start push button and selecting Windows Security – > Change Password .
Using Windows Security dialog to change password in RDP session on Windows Server 2008
In later versions, including Windows Server 2016/2019/2022 and Windows 10/11, there is no Windows Security item in the Start menu, so this method acting of changing user password is not applicable .

Change User Password in RDP with CTRL + ALT + END

In current Windows versions, you must use the Ctrl + Alt + End key combination to open the Windows Security dialogue in an RDP session. The shortcut is the same as Ctrl + Alt + Delete, but works in an RDP window only. Select Change a password in the menu .
Change a password in RDP session via Ctrl+Alt+End
You can now change your password in the standard dialogue box ( enter your current password and set a new one doubly ). change user password in remote desktop

Changing Password Using the On-Screen Keyboard

If you are connected to a Remote Desktop of the Windows host through a chain of RDP sessions, you won ’ deoxythymidine monophosphate be able to use CTRL+ALT+END to change a drug user password. The foremost RDP window will intercept the keyboard shortcut. In these cases, you can use the built-in Windows On-Screen Keyboard to change the user ’ sulfur password .

  1. Run the On-Screen Keyboard in the target RDP session (it is easier to do it by typing osk.exe in the Start menu); run the On-Screen Keyboard on Windows
  2. You will see the On-Screen Keyboard;
  3. Press CTRL+ALT on your physical (local) keyboard (this should be displayed on the screen) and then click Del button on the On-Screen keyboard;On-Screen Keyboard - pressing key combination to change password in RDP
  4. So the Ctrl+Alt+Del key combination will be sent to the remote RDP session, and a standard Windows Security dialog box will appear where you can change a password.

Remember that when you change a drug user ’ mho password, it must meet your local anesthetic or world password policy requirements. If your new password does not meet them, you will see the message below :

Unable to update the password. The value provided for the new password does not meet the length, complexity, or history requirements of the domain.

Unable to update the password. The value provided for the new password does not meet the length, complexity, or history requirements of the domain.
note that if a Minimum password age is configured in the domain policy ( or in the close-grained Password Policies – PSO ), this may prevent a drug user from changing their password more frequently than it is specified in the GPO set up.
You can view when a exploiter password expires using PowerShell :
Get-ADUser -Identity jsmith -Properties msDS-UserPasswordExpiryTimeComputed | select-object @{Name="ExpirationDate";Expression= {[datetime]::FromFileTime($_."msDS-UserPasswordExpiryTimeComputed") }}

VBS/PowerShell Script to Change Password in RDP Session

You can call a Windows Security dialogue corner in an RDP seance using the built-in Windows tools : VBScript, PowerShell, or a Shell shortcut .
For model, create a WindowsSecurity.vbs text file with the following VBScript code on your background :

set objShell = CreateObject("shell.application")

If you double-click the VBS file, you will see a standard shape to change your password .
You can place this VBS file on the shared background on your RDS host ( %SystemDrive%\Users\Public\Desktop\ ) or replicate file to user desktops using GPO .
vbs script to run WindowsSecurity window and change RDP password
In the same means, you can open a password change windowpane from PowerShell. Use the command below :
New-Object -COM Shell.Application).WindowsSecurity()
powershell command to open WindowsSecurity in order to call the change password dialog
There is an option to create a Windows File Explorer shortcut with the follow link :
C:\Windows\explorer.exe shell:::{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}
file explorer shortcut to change password

Changing Passwords via the Remote Desktop Web Access (RDWEB)

If you access your RDP servers through a host with the Remote Desktop Web Access ( RDWA ) role, you can allow to change the expired password on the RDWA login page ( it is described in detail here ).
RDWeb - change password page

CredSSP NLA & Password Change in RDP

There is an important feature of speech of changing an expired exploiter password in RDP related to Network Level Authentication ( NLA ) and Credential Security Support Provider ( CredSSP ) protocol. By default, CredSSP with NLA for RDP is enabled on Windows Server 2012/Windows 8 and newer. NLA protects the RDP server by authenticating the exploiter before establishing an RDP session with the host .
If a drug user password has expired or an AD administrator has enabled the userAccountControl choice “ User must change password at next logon ” ( the most often it is enabled for raw AD accounts ), you will see the follow error when logging on using RDP :

Remote Desktop Connection

You must change your password before logging on the first time. Please update your password or contact your system administrator or technical support.

You must change your password before logging on the first time
As a solution, a user can not connect to a server using RDP and change the password.

In this encase, to allow distant users to change their passwords, you can :

  • Configure RDWA role with the password change page as described above;
  • Disable NLA on your RDP host (not recommended!!! since it significantly reduces the security level of RDP connections) and use a .rdp file with the line enablecredsspsupport:i:0 for connections;
  • Use a separate RDP host to change user passwords. You don’t need to install the Remote Desktop Session Host role on this host or add users to a local Remote Desktop Users group, but you have to disable NLA. Then users will be able to change their passwords, but won’t be able to logon server via RDP; disable NLA for Remote Desktop
  • A user can change their password remotely using PowerShell (if they have network access to a domain controller).
source :
Category : Tech

About admin

I am the owner of the website, my purpose is to bring all the most useful information to users.

Check Also


Manage participants in a zoom meeting webinar

Call the people who attend the meet as follows Alternate host host Who scheduled the …

Leave a Reply

Your email address will not be published.