Month: March 2015

Last week I got a new loginname and password for an environment based on Windows Server 2012 R2. Also in the mail I got the request to change my password at first login. Good practice so no problem with that!

To get to the environment I first needed to connect via MSTSC to a server based on Windows Server 2008 R2. Then connect via MSTSC to the environment based on Windows Server 2012 R2.

Normal steps to change your password are using CTRL + ALT + DEL and choose Change A Password.

ChangePasswordServer2012R2.PNG

The problem I was facing was that CTRL + ALT + DEL does not work in a MSTSC session​. There is a solution for that. You can use CTRL + ALT + END to send a CTRL + ALT + DEL to the server you are connected to. So when I did exactly that I got a bit surprised by the view I got:

ChangePasswordServer2008R2.png

This is the result of CTRL + ALT + DEL on a computer based on Windows Server 2008 R2, not the result you would expect when connected to a Windows Server 2012 R2 machine. It seems that the CTRL + ALT + END is only used on the first session of MSTSC. So what now? Next I tried to change the password via my user account tile on the start menu.

ChangeAccountPicture.PNG

When you choose Change Account Picture and then Sign in Options you get to the new style of programs from Windows.

Accounts.png

To my surprise the option Change to change the password was greyed out…

After some searching on the Internet my collegue Willem found a wonderful workaround (or possible security bug?) to change the password.

  1. Go to the start menu
  2. Type OSK
  3. Start the On Screen Keyboard
  4. Press on your Physical keyboard CTRL + ALT
  5. Press on the On Screen Keyboard DEL
  6. Remove the On Screen Keyboard
  7. Click on Change A Password
  8. Change your password

ChangeAPasswordServer2012R2.PNG

Why the option is greyed out by default is a bit strange. In Windows Server 2012 R2 it is mandatory to change your password every 42 days. The days the management of servers was done on the physical console of the server is a long time ago by my standards… And why, if this default is not permitted, it can be done in this way makes it even more strange.

Of course there is always the option to change the password via the command prompt… IF you have domain Admin rights…

So if anyone has a better option (Powershell?) please share.

Update 2014-10-19: I got a link via Twitter from SystematicADM how to change your password via Powershell. And also a link how to change other AD user’s passwords via Powershell. Thanks to SystematicADM for the response!