How do I change the password of another user without having to sign in as them?

Here's a quick trick: You are signed in as yourself, but you need to change the password for another account, say, a service account. You could change the account by doing this:

  • Add the account to your machine.
  • Sign in as that user.
  • Change the password.
  • Sign out.
  • Sign back in as yourself.

But that's a lot of work, and it adds the account to your machine just to change its password.

Here's the trick: You can change the password directly from the password change dialog.

  • Hit Ctrl+Alt+Del.
  • Select Change a password.
  • On the Change a password screen, focus defaults to the Old password edit box, but you can go up to the account name box and change the account name to the account whose password you want to change.
  • Enter the account name, the old password, and the new password.

Bingo, you changed somebody else's password without having to sign out or even add them to your local machine.

Comments (29)
  1. shawn says:

    That’s awesome, I had no idea this was available from the security screen.

  2. Jeff says:

    Holy crap. I never realized this. This might be the single most useful tip I’ve ever read!

  3. Nick says:

    Oh that’s why they changed it from “Change Password” to “Change a password.” Makes so much more sense now!

  4. DWalker07 says:

    Or, select Manage Computer. :-)

    1. cheong00 says:

      That will make you lost all access to private keys of e-certificates that stored on that user’s account, unless you use “Manage User” to change it back to the original password.

      In one of my ex-companies, we lose a software contract because one of the component in UAT is not working whenever a backup is restored. And that’s because their DR manual tells them to change the service accounts’ password once the restore process is completed, and the operator changes password with “Manage User”. Too bad I found it out a year after the contract is cancelled, by randomly come across a KB article that targets WinXP but silently applies to Win2003 too.

      1. cheong00 says:

        I do hope that Microsoft can modify that so it triggers the security screen for changing password instead of invoking the current “change password without old password screen”, or add an old password field to there so it’ll do what exactly the “change password” function in security screen do.

        1. cheong00 says:

          Of course, make the “old password” optional but prompt warning about possible lost of data when empty.

        2. Entegy says:

          The manage computer method is like AD. It’s to be used if the password is forgotten and an admin needs to reset it. If you need to change the password and keep the certificates intact, “Change a password” needs to be used.

          1. cheong00 says:

            But the operator didn’t know.

            Operators are supposed to follow the instructions given, they’re not supposed to *think* what are the criteria if multiple way to do a task is possible. They’ll just use any of them, and they used the UI that don’t give them any hint that they should use another UI to do it.

            Even if the dialog prompt the operator the possible lost of access to private keys, the operator does not possess adequate knowledge to judge. Better just direct them to the correct UI, where they’ll promptly enter the information they know (the old password and new password).

  5. What password did you just change? It can’t be a local one, since they’ve not got an account on this box; it must be their domain password. This seems…very broken. Admittedly you need to know their present pwd, but is that the only criterion?

    1. MidSpeck says:

      Yes, it’d be their domain password. And it’s not broken, since it’s no less secure than doing it the “long way.”

    2. Brian says:

      As far as I know, it works both with local accounts (as a local account example, I could change my wife’s password on our home computer). It definitely works on domain accounts – even on other domains (if there’s enough trust, firewall path, etc.). I used it all the time in my last job, where I had access to my accounts in 6 different domains, and all the password expirations where mostly synchronized.

    3. jdf says:

      Objectively, what’s broken about it? If I know the account password, I can (as Raymond pointed out) log in as that user and change their password. This accomplishes the same thing but less disruptively and with fewer steps; it’s a new way to do an old thing.

  6. Rising says:

    I’d always thought it strange that the option was called “Change a password” and not “Change your password”. Now it makes more sense.

    1. I always knew this, actually.

      The thing that I find confusing is that none of my machines have such an option. The only options in Windows Security are: Lock, Switch User, Sign out, and Task Manager. It probably has something to do with Windows 10.

      1. IanBoyd says:

        Windows 10 has the option. Sounds like an over-eager admin, with just enough knowledge to be dangerous, turning on the group policy option **”Remove Change Password”**.

        Or an over-eager admin, with just enough knowledge to be dangerous, marked your account as **”User cannot change password”**.

        1. Chris Iverson says:

          Does that last one actually remove the “Change a password” option from the Ctrl+Alt+Del screen? The user is barred from changing their own password, not someone else’s.

          1. In my case, the causes is either Windows Hello, or the fact that I log in using a Microsoft account. I have no group policy at home.

        2. Anonymous says:
          (The content was deleted per user request)
      2. Neil says:

        Reading this blog usually confirms my ignorance, so I was pleasantly surprised at something I already knew!

      3. AK says:

        It’s on Windows 8.1 too.

      4. Chris Iverson says:

        Wait, are these non-domain-joined PCs? I think the option only comes up if you’re using a domain-joined machine.

  7. Nico says:

    This is one of those delightful little features that feel awesome when you discover it and when you show it to others. Bravo to whoever had the foresight to design it that way.

  8. Somehow I recall doing this in the NT4 days. Haven’t used it in almost 20 years.

  9. Er… Mr. Chen, is there any chance that next time you write about Microspeak, you shed some light on those cryptic update terms like “Security Only Quality Update”, “Security Monthly Quality Rollup” and “Security and Quality Rollup”?

    Of course, I’ve already read KB824684 but it only made things more confusing.

  10. EEgorka says:

    Unless you have an AzureAD-joined Windows 10 machine where this menu entry opens a web browser with the password change page. (And no, username is not editable there.)

  11. Gee Law says:

    I am surprised to know that so many users do not know this feature. By the way, I don’t think you have to add someone to your PC before signing as him/her (given the domain-joined-computer scenario). On Welcome Screen, select Other user and enter DOMAIN\username and the password. You have to add someone to your machine (with control userpasswords2) only if you want to grant non-default local groups to that user.

  12. GL says:

    Hmmm question: why wouldn’t the user be able to change a password without trying to sign in first? (I know you can change a password before you sign in, but that’s only when you “must change password” or have had the password expired.)

Comments are closed.

Skip to main content