How do I set windows password using a KeePass generated password?

Question

I want to set my windows password using a KeePass generated password. I cannot change the password through the control panel. In order to change my windows password, I have to go to Ctrl+Alt+Delete > Change password. However, this screen does not allow copying and pasting which makes entering a complicated generated password pretty difficult.

I have also tried the net user command in shell, but my user profile does not appear.

The only solution I have right now is to generate the password, write it down on a piece of paper, and handtype it in to the ctrl+alt+delete > change password screen.

Is there a more elegant way to do this?

Answer 1

In a domain environment you have to use the domain tools to change domain accounts: https://serverfault.com/a/642180/76309

Because domain accounts are all "local" ONLY on the Domain Controller (DC), you'd have to be on the DC in order to use NET USER.

As you're not on the DC, you'll have to use something else, but you'll probably have problems:

dsquery user -samid *username* | dsmod user -pwd *new_password*

-OR-

net user *username* *new_password* /domain

The problem you'll have is that both of these commands require the console be run as Administrator, likely Domain Administrator, and it's unlikely your account has these permissions.

The other method would be to ask one of the techs to allow you to open your KeePass database on their computer and use the AD Users and Computers console on their computer to paste your password in. Personally, I'm not sure I'd do that for one of my users because, frankly, there are better, easier, ways to get a secure password.

The better way: Use a passphrase.

Unless your enterprise has some weird settings, your password has been able to have spaces for a long time. This means that sentences are a viable password option. Sentences are both easy to recall and can be very, VERY secure quite easily. Just a few words together with proper capitalization and punctuation will meet the requirements of all but the oddest security setup while still being easy to recall and enter.

Answer 2

Very late answer but I found a way to do this so I'm adding this for future users. On the keepass website there are instructions to add a custom toolbar button that only types your password (Note : at the bottom of the paragraph from that link there is an xml file provided that automatically creates the button in keepass).

With this button you can on the security dialog auto-type your old password, then change it in keepass and then auto-type the new one. One warning : make very sure that when you switch to keepass to click on the button the security dialog was the last window to have focus. I had some trouble as I use a Remote Desktop Connection Manager that for some reason sometimes stole the focus of the remote desktop window itself.

Also, to be not dependent on the link from the keepass website I'm pasting the instruction to create the toolbar button here :

Sometimes you only need to type the password, to unlock a previously used web page for example. This trigger provides a toolbar button to auto-type the password of the currently selected KeePass entry.

Auto-Type password button.

• Open KeePass and navigate to 'Tools' → 'Triggers...'.
• Add a trigger.
• Call it something meaningful, like 'Auto-Type password only Toolbar Button'.
• Tick the 'Enabled' and 'Initially on' boxes.
• Navigate to the 'Events' tab and add an event.
• Select 'Application started and ready'. Don't bother with the comparison or filter.
• Navigate to the 'Actions' tab and add an action.
• Select 'Add custom toolbar button'.
• Give it an ID, e.g. 'AutoTypePwOnly' and a name, e.g. 'Pass', for password – we don't want the button to be too long.
• Set the description to something meaningful, like 'Auto-Type password only'. This will show when you hover over the button.
• Add another trigger.
• Call it something meaningful, like 'Auto-Type password only Action'.
• Tick the 'Enabled' and 'Initially on' boxes.
• Navigate to the 'Events' tab and add an action.
• Select 'Custom toolbar button clicked'.
• Give it the same ID as step 9 above.
• Navigate to the 'Actions' tab and add an action.
• Select 'Perform autotype with selected entry'.
• Set the 'Sequence' to '{PASSWORD}'

To enter only a password, select the password field in your application/browser, switch to KeePass and highlight the required entry, then press the 'Pass' button. KeePass will drop to the background and type your password.