-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathSet-Password.ps1
170 lines (150 loc) · 5.68 KB
/
Set-Password.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
<#
.SYNOPSIS
Changes the password of a local user
.DESCRIPTION
This is different from 'net user username password', that resets the password and potentially destroys data
.PARAMETER userName
The internal name of the user, if missing, the current user is assumed.
.PARAMETER oldPassword
The old existing password for the user
.PARAMETER newPassword
The new password
.EXAMPLE
Set-Password
Sets a new password for the current user and prompts for the old and new passwords.
.NOTES
Author: Peter Hahndorf
Created: August 22nd, 2015
.LINK
https://github.com/hahndorf/hacops
#>
param (
[string]$userName = $($env:userName),
[string]$oldPassword = "",
[string]$newPassword = ""
)
Function PrintErrorMessage([int]$status)
{
[int]$NERR_Success = 0;
[int]$NERR_InvalidComputer = 2351;
[int]$NERR_NotPrimary = 2226;
[int]$NERR_PasswordTooShort = 2245;
[int]$NERR_UserNotFound = 2221;
[int]$ERROR_ACCESS_DENIED = 5;
[int]$ERROR_INVALID_PASSWORD = 86;
[int]$ERROR_INVALID_PASSWORDNAME = 1216;
[int]$ERROR_NULL_LM_PASSWORD = 1304;
[int]$ERROR_WRONG_PASSWORD = 1323;
[int]$ERROR_ILL_FORMED_PASSWORD = 1324;
[int]$ERROR_PASSWORD_RESTRICTION = 1325;
[int]$ERROR_LOGON_FAILURE = 1326;
[int]$ERROR_PASSWORD_EXPIRED = 1330;
[int]$ERROR_NT_CROSS_ENCRYPTION_REQUIRED = 1386;
[int]$ERROR_LM_CROSS_ENCRYPTION_REQUIRED = 1390;
[int]$ERROR_NO_SUCH_DOMAIN = 1355;
[int]$ERROR_CANT_ACCESS_DOMAIN_INFO = 1351;
switch ($status)
{
$NERR_Success{
Write-Host "The command completed successfully."
break;}
$ERROR_ACCESS_DENIED{
Write-Host "The user does not have access to the requested information."
break;}
$NERR_InvalidComputer{
Write-Host "The computer name is invalid."
break;}
$NERR_NotPrimary{
Write-Host "The operation is allowed only on the primary domain controller of the domain."
break;}
$NERR_UserNotFound{
Write-Host "The user name could not be found."
break;}
$NERR_PasswordTooShort{
Write-Host "The password is shorter than required."
break;}
$ERROR_INVALID_PASSWORD{
Write-Host "The specified network password is not correct."
break;}
$ERROR_INVALID_PASSWORDNAME{
Write-Host "The format of the specified password is invalid."
break;}
$ERROR_NULL_LM_PASSWORD{
Write-Host "The NT password is too complex to be converted to a LAN Manager password."
break;}
$ERROR_WRONG_PASSWORD{
Write-Host "Unable to update the password. The value provided as the current password is incorrect."
break;}
$ERROR_ILL_FORMED_PASSWORD{
Write-Host "Unable to update the password. The value provided for the new password contains values that are not allowed in passwords."
break;}
$ERROR_PASSWORD_RESTRICTION{
Write-Host "Unable to update the password because a password update rule has been violated."
break;}
$ERROR_LOGON_FAILURE{
Write-Host "Logon failure{ unknown user name or bad password."
break;}
$ERROR_PASSWORD_EXPIRED{
Write-Host "Logon failure{ the specified account password has expired."
break;}
$ERROR_NT_CROSS_ENCRYPTION_REQUIRED{
Write-Host "A cross-encrypted password is necessary to change a user password."
break;}
$ERROR_LM_CROSS_ENCRYPTION_REQUIRED{
Write-Host "A cross-encrypted password is necessary to change this user password."
break;}
$ERROR_NO_SUCH_DOMAIN{
Write-Host "The specified domain did not exist."
break;}
ERROR_CANT_ACCESS_DOMAIN_INFO{
Write-Host "Configuration information could not be read from the domain controller, either because the machine is unavailable, or access has been denied."
break;}
default{
Write-Host "Undocumented error code $status."
break;}
}
}
if ($oldPassword -eq "")
{
$sOld = Read-Host 'Type in the old password' -AsSecureString
$oldPassword = [Runtime.InteropServices.Marshal]::PtrToStringAuto(
[Runtime.InteropServices.Marshal]::SecureStringToBSTR($sOld))
}
if ($newPassword -eq "")
{
$sNew1 = Read-Host 'Type the new password' -AsSecureString
$newPassword1 = [Runtime.InteropServices.Marshal]::PtrToStringAuto(
[Runtime.InteropServices.Marshal]::SecureStringToBSTR($sNew1))
$sNew2 = Read-Host 'Re-type the new password' -AsSecureString
$newPassword2 = [Runtime.InteropServices.Marshal]::PtrToStringAuto(
[Runtime.InteropServices.Marshal]::SecureStringToBSTR($sNew2))
if ($newPassword1 -ne $newPassword2)
{
Write-Warning "The new password don't match"
exit
}
else
{
$newPassword = $newPassword1
}
}
$MethodDefinition = @"
[DllImport("netapi32.dll", CharSet=CharSet.Unicode, CallingConvention=CallingConvention.StdCall,
SetLastError=true )]
public static extern uint NetUserChangePassword (
[MarshalAs(UnmanagedType.LPWStr)] string domainname,
[MarshalAs(UnmanagedType.LPWStr)] string username,
[MarshalAs(UnmanagedType.LPWStr)] string oldpassword,
[MarshalAs(UnmanagedType.LPWStr)] string newpassword
);
"@
try
{
$NetAPI32 = Add-Type -MemberDefinition $MethodDefinition -Name 'NetAPI32' -Namespace 'Win32' -PassThru
$result = $NetAPI32::NetUserChangePassword('.', $userName, $oldPassword, $newPassword)
PrintErrorMessage -status $result
}
catch [System.Exception]
{
Write-Host "Other exception"
}