Would you like to see the site in a different language?

English
English Español Italiano Português do Brasil Português Français Русский 日本語 Polski 简体中文 繁體中文 Türkçe 한국어 Čeština العربية Bahasa Indonesia Tiếng Việt Nederlands ไทย Magyar Slovenčina Svenska Ελληνικά Română فارسی Dansk Български Suomi Hrvatski Norsk bokmål Bahasa Melayu हिन्दी Tagalog English (UK)
Change language
Table of Contents

Method 1: Change Password in RDP Using Ctrl + Alt + End

Overview

One of the most direct and Microsoft-recommended ways to change a password during an RDP session is by using the Ctrl + Alt + End key combination. Unlike Ctrl + Alt + Del, which is intercepted by the local OS, this alternative is passed to the remote session, enabling access to the Windows Security screen.

How It Works Technically

When an RDP session is launched, keyboard inputs like Ctrl + Alt + Del are not sent to the remote machine because they’re captured by the local operating system for security reasons. Microsoft introduced Ctrl + Alt + End as a way to simulate the Secure Attention Sequence (SAS) on the remote desktop session.

Step-by-Step Instructions

  1. Connect to the target system using Remote Desktop Connection (mstsc.exe).
  2. On your local physical keyboard, press: Ctrl + Alt + End
  3. The Windows Security screen will appear on the remote machine.
  4. Click Change a password.
  5. Enter your current password, then the new password (typed twice).
  6. Press Enter or click the arrow button to confirm.

Common Issues and Solutions

  • End key missing (e.g., compact keyboards): Use On-Screen Keyboard or rebind with scripting tools.
  • No response on Ctrl + Alt + End: Verify that RDP session is in focus and not layered beneath local UAC prompts. Verify that RDP session is in focus and not layered beneath local UAC prompts.

This method remains the quickest and most reliable option for interactive RDP sessions with basic access rights.

Method 2: Use the On-Screen Keyboard to Bypass Hotkey Limitations

Overview

Some environments (e.g., thin clients, nested RDP sessions, custom keyboards) may fail to transmit Ctrl + Alt + End correctly. In these cases, the Windows On-Screen Keyboard (OSK) allows you to simulate keypresses, including the Secure Attention Sequence.

Why This Works

The OSK, when used inside the RDP session, triggers events within the remote OS, bypassing local keyboard restrictions. This makes it a reliable alternative to hardware key combinations.

Step-by-Step Instructions

  1. Inside the RDP session, open Run: Windows + R
  2. Type: Press Enter to launch the On-Screen Keyboard.
  3. Hold Ctrl + Alt on your physical keyboard.
  4. On the OSK, click Del.
  5. The Windows Security screen will appear.
  6. Click Change a password and follow prompts.

Caveats

  • The OSK must be launched inside the RDP session, not on the local host.
  • Some group policies may restrict execution of osk.exe for security.

Use this when physical keyboard combinations are blocked or passed to the local system instead of the remote host.

Method 3: Change RDP Password Using net user in Command Prompt

Overview

The net user command provides a fast, scriptable way to change or reset user passwords, both local and domain. It's ideal for administrators with elevated permissions who need to enforce password policies or recover access for end-users.

Syntax & Function

This command directly replaces the password for the specified local or domain user account.

Use Case Scenarios

  • Resetting passwords on a standalone machine
  • Updating credentials for non-interactive service accounts
  • Integrating into logon scripts or provisioning workflows

Examples

Change password for local user jdoe:

If you don’t want the password to appear in plain text:

You'll be prompted to enter the new password securely.

Limitations

  • Requires local administrator rights.
  • Doesn't work across non-trusted domains without additional context (e.g., net use with credentials).
  • Cannot be used on expired accounts without prior unlocking.

Ideal for administrators who need a quick way to update passwords during maintenance or remote access support.

Method 4: Reset RDP Password Using PowerShell

Overview

PowerShell provides both local and Active Directory password management options. It’s ideal for sysadmins automating credential lifecycles, supporting remote operations, or applying policies at scale.

For Local Accounts – Using Set-LocalUser

powershell: Set-LocalUser -Name "username" -Password (ConvertTo-SecureString -AsPlainText "new_password" -Force)

  • Requires PowerShell 5.1 or higher.
  • Best used on non-domain joined machines.
  • Must run as Administrator.

For Domain Accounts – Using Set-ADAccountPassword

powershell: Import-Module ActiveDirectory ; Set-ADAccountPassword -Identity "username" -Reset -NewPassword (ConvertTo-SecureString -AsPlainText "NewP@ssw0rd!" -Force)

  • Works only if RSAT tools are installed.
  • Requires domain admin or delegated permissions.
  • Use "-Reset" to change the password without needing the old one.

Security Best Practices

  • Avoid hardcoding passwords in scripts; use "Read-Host -AsSecureString" or vaults.
  • Always log password resets via audit tools or security event logs.

PowerShell enables repeatable, auditable processes ideal for scripting password resets in enterprise environments.

Method 5: Change RDP Password via Computer Management

Overview

This method is suitable for local account password changes and is often used when onboarding new users or managing non-domain endpoints via RDP.

Step-by-Step Instructions

  1. Open Computer Management: Press Windows + R, type compmgmt.msc, press Enter.
  2. Navigate to: System Tools > Local Users and Groups > Users
  3. Right-click the target account.
  4. Select Set Password > Proceed.
  5. Enter the new password (twice), then click OK.

Considerations

  • This bypasses the need to know the old password.
  • It triggers Event ID 4724 in the Security Log for auditability.
  • Disabled by default in domain environments unless enabled via Group Policy.

This is a practical choice for GUI-based system admins managing local users on RDP-accessible endpoints.

Method 6: Use Control Panel (Interactive User Sessions Only)

Overview

Control Panel is still present in Windows Server and older Windows clients. It's the most user-friendly method for standard users, but it requires the current password.

Procedure

  1. Open Control Panel (control.exe).
  2. Navigate to: User Accounts > Change your password
  3. Enter the current password, then the new password twice.
  4. Click Change Password.

Limitations

  • Cannot be used to reset forgotten or expired passwords.
  • Not accessible if user privileges are restricted or the system is domain-joined with Group Policy overrides.

This method is most useful for non-admin users needing to update their credentials during routine access.

TSplus Remote Access for Centralized RDP Management

TSplus Remote Access offers IT administrators a secure, efficient way to manage and scale RDP access across any infrastructure. With web-based portals, session control, 2FA, Active Directory integration, and seamless user provisioning, it simplifies remote desktop deployments without the complexity of traditional RDS. Ideal for SMBs and enterprises alike, TSplus enhances security, centralizes control, supports multi-user environments, and reduces the operational overhead of managing remote systems at scale.

Conclusion

Changing a password in an RDP session is a common administrative task, but one that requires context-specific techniques. Whether you're dealing with interactive user sessions, domain-managed identities, or automation workflows, the methods covered here give you the flexibility and control needed in professional IT environments.

TSplus Remote Access Free Trial

Ultimate Citrix/RDS alternative for desktop/app access. Secure, cost-effective, on-premises/cloud

Start a Free Trial

Share :

Facebook Twitter LinkedIn

Your TSplus Team

Further reading

back to top of the page icon