How do I set windows password using a KeePass generated password?

I want to set my windows password using a KeePass generated password. I cannot change the password through the control panel. In order to change my windows password, I have to go to Ctrl+Alt+Delete > Change password. However, this screen does not allow copying and pasting which makes entering a complicated generated password pretty difficult.

I have also tried the net user command in shell, but my user profile does not appear.

The only solution I have right now is to generate the password, write it down on a piece of paper, and handtype it in to the ctrl+alt+delete > change password screen.

Is there a more elegant way to do this?

Devin Trowbridge

Posted 2017-06-19T15:25:42.113

Reputation: 33

How are you going to log in to the computer? Will you be referencing KeePass on a different computer or mobile device to retrieve the password? Also, you should research WHY your username does not show up using the NET USER command. – music2myear – 2017-06-19T15:42:55.407

There are several applications on my enterprise network that require the windows login information. To log in to the computer I use a smart card. – Devin Trowbridge – 2017-06-19T16:57:50.403

Am I correct to assume this computer is on a domain and your account is a domain account? Have you checked with your IT staff for their recommendations? – music2myear – 2017-06-19T17:03:51.677

That's correct. From what I understand net only pulls up accounts on the local machine, which is why I'm not seeing my domain account. I have checked with them, but unfortunately they didn't have any solutions for me. – Devin Trowbridge – 2017-06-19T17:09:18.630

I figured out that net user MyUserName * /domain will find my domain username and prompt me to change my password. However, due to the privileges on my network, I don't have access to change my password this way, i.e. I get System error 5 has occurred. Access is denied.. Unless there is some other way besides ctrl+alt+delete, control panel, and the cmd line. I don't think this is possible, at least not without administrative privileges. – Devin Trowbridge – 2017-06-19T17:28:32.880

Yes, in testing my answer below I had the same error, and googling it indicated that CMD must be run as Admin (as you're running a command against the domain you'll need domain admin) for it to work. – music2myear – 2017-06-19T17:30:21.430

Answers

In a domain environment you have to use the domain tools to change domain accounts: https://serverfault.com/a/642180/76309

Because domain accounts are all "local" ONLY on the Domain Controller (DC), you'd have to be on the DC in order to use NET USER.

As you're not on the DC, you'll have to use something else, but you'll probably have problems:

dsquery user -samid *username* | dsmod user -pwd *new_password*

-OR-

net user *username* *new_password* /domain

The problem you'll have is that both of these commands require the console be run as Administrator, likely Domain Administrator, and it's unlikely your account has these permissions.

The other method would be to ask one of the techs to allow you to open your KeePass database on their computer and use the AD Users and Computers console on their computer to paste your password in. Personally, I'm not sure I'd do that for one of my users because, frankly, there are better, easier, ways to get a secure password.

The better way: Use a passphrase.

Unless your enterprise has some weird settings, your password has been able to have spaces for a long time. This means that sentences are a viable password option. Sentences are both easy to recall and can be very, VERY secure quite easily. Just a few words together with proper capitalization and punctuation will meet the requirements of all but the oddest security setup while still being easy to recall and enter.

music2myear

Posted 2017-06-19T15:25:42.113

Reputation: 34 957

Very late answer but I found a way to do this so I'm adding this for future users. On the keepass website there are instructions to add a custom toolbar button that only types your password (Note : at the bottom of the paragraph from that link there is an xml file provided that automatically creates the button in keepass).

With this button you can on the security dialog auto-type your old password, then change it in keepass and then auto-type the new one. One warning : make very sure that when you switch to keepass to click on the button the security dialog was the last window to have focus. I had some trouble as I use a Remote Desktop Connection Manager that for some reason sometimes stole the focus of the remote desktop window itself.

Also, to be not dependent on the link from the keepass website I'm pasting the instruction to create the toolbar button here :

Sometimes you only need to type the password, to unlock a previously used web page for example. This trigger provides a toolbar button to auto-type the password of the currently selected KeePass entry.

Auto-Type password button.

Open KeePass and navigate to 'Tools' → 'Triggers...'.

Add a trigger.

Call it something meaningful, like 'Auto-Type password only Toolbar Button'.

Tick the 'Enabled' and 'Initially on' boxes.

Navigate to the 'Events' tab and add an event.

Select 'Application started and ready'. Don't bother with the comparison or filter.

Navigate to the 'Actions' tab and add an action.

Select 'Add custom toolbar button'.

Give it an ID, e.g. 'AutoTypePwOnly' and a name, e.g. 'Pass', for password – we don't want the button to be too long.

Set the description to something meaningful, like 'Auto-Type password only'. This will show when you hover over the button.

Add another trigger.

Call it something meaningful, like 'Auto-Type password only Action'.

Tick the 'Enabled' and 'Initially on' boxes.

Navigate to the 'Events' tab and add an action.

Select 'Custom toolbar button clicked'.

Give it the same ID as step 9 above.

Navigate to the 'Actions' tab and add an action.

Select 'Perform autotype with selected entry'.

Set the 'Sequence' to '{PASSWORD}'

To enter only a password, select the password field in your application/browser, switch to KeePass and highlight the required entry, then press the 'Pass' button. KeePass will drop to the background and type your password.

SemVanmeenen

Posted 2017-06-19T15:25:42.113

Reputation: 111