We can use the Get-LocalUser cmdlet to get local user account details and use the Set-LocalUser cmdlet to update local account information. In this post will share powershell commands to reset local user password and steps to force user to change password at next logon.
Note: Open the Powershell console with Run as administrator privilege.
Run the below command to list specific user details.
Get-LocalUser -Name "testuser" | FL
Change Password
We have to pass the new password text as Secure String password for the parameter Password in Set-LocalUser cmdlet. The below command reset password for the user “testuser”, you can copy the command and replace your own username and new password text.
$SecurePassword = ConvertTo-SecureString "P@ssword!" -AsPlainText -Force $UserAccount = Get-LocalUser -Name "testuser" $UserAccount | Set-LocalUser -Password $SecurePassword
Force user to change password at next logon
We can’t use Set-LocalUser cmdlet to set the flag User must change password at next logon and we can use the native interface (ADSI WinNT Provider) to set this flag. Actually we need to expire a user’s password to force the user to change the password at the next login. The below command sets value for passwordExpired property as 1 to make the user’s password to expire state.
$user=[ADSI]'WinNT://localhost/testuser'; $user.passwordExpired = 1; $user.setinfo();