I want to set my windows password using a KeePass generated password. I cannot change the password through the control panel. In order to change my windows password, I have to go to Ctrl+Alt+Delete > Change password. However, this screen does not allow copying and pasting which makes entering a complicated generated password pretty difficult.
I have also tried the net user command in shell, but my user profile does not appear.
The only solution I have right now is to generate the password, write it down on a piece of paper, and handtype it in to the ctrl+alt+delete > change password screen.
Is there a more elegant way to do this?
Best Answer
In a domain environment you have to use the domain tools to change domain accounts: https://serverfault.com/a/642180/76309
Because domain accounts are all "local" ONLY on the Domain Controller (DC), you'd have to be on the DC in order to use
NET USER.As you're not on the DC, you'll have to use something else, but you'll probably have problems:
-OR-
The problem you'll have is that both of these commands require the console be run as Administrator, likely Domain Administrator, and it's unlikely your account has these permissions.
The other method would be to ask one of the techs to allow you to open your KeePass database on their computer and use the AD Users and Computers console on their computer to paste your password in. Personally, I'm not sure I'd do that for one of my users because, frankly, there are better, easier, ways to get a secure password.
The better way: Use a passphrase.
Unless your enterprise has some weird settings, your password has been able to have spaces for a long time. This means that sentences are a viable password option. Sentences are both easy to recall and can be very, VERY secure quite easily. Just a few words together with proper capitalization and punctuation will meet the requirements of all but the oddest security setup while still being easy to recall and enter.