Trying the usual, does not work:
net user username *
gets you an 'Access Denied'
This only seems to work for administrators.
Using ADSI and WMI also gives me 'Access Denied', it seems the Win32 calls to set someone else's password is restricted to administrators.
I like to have standard users to change their password on the command line.
I have currently two use cases for this.
1. I have some standard users on Windows Server Core which sometimes need to log on to do some local troubleshooting. They are not
admins, the should not be admins but they would like to change their password without asking an admin. Sometimes they have the option to press Crtl+Alt+Delete and then change the password, but this does not work when logging in via a remote shell.
2. To implement the use of a one-time password scheme, a batch or PowerShell script needs to set the password for the user it runs under, again this user it not an administrator.
To be clear, this is about local SAM passwords, no Active Directory involved.
Sysinternal's pwpasswd.exe was suggested, but it it using the same API as net user, and does not work for standard users.
It seems for a normal user to change her password, she also has to provide the existing one. This is the case in the Windows UI and the Win32 function 'NetUserChangePassword' takes four parameters: domainname, username, oldpassword and newpassword.
I found a small console program 'passwd.exe' from 1997 which still works fine in Windows 8, to change your password just type:
passwd.exe -p oldpassword newpassword
If you want to hide the passwords during input use:
passwd.exe -i
and type the passwords when prompted.
You can download this program at wwwthep.physik.uni-mainz.de/~frink/passwd/