Self-service password reset for Windows 7, 8, and 10

Self-service password reset for Windows 7, 8, and 10

We've all had to reset a forgotten password at some point in our lives. But have you ever wondered what goes on behind the scenes when you initiate a password reset? Have you considered the security risks that can arise due to poor password management?

Active Directory and password resets

Let's start with the basics. There are multiple ways to reset a Windows Active Directory (AD) password. To list a few:

  • AD Users and Computers (ADUC): This is the most commonly used password reset tool. The admin can to go to ADUC, right-click on the user account, and select Reset Password. If the admin has the required privileges over the account, they'll be able to reset the password.
  • AD Administrative Center (ADAC): ADAC has a reset password option right on the opening screen.
  • PowerShell: The admin can can use the Set-ADAccountPassword cmdlet to reset passwords for users, computers, and service accounts.
  • Command Prompt: Run Command Prompt as an administrator and use the net user command to find and reset the password of the desired account.

What happens during an AD password reset?

When the password reset command reaches the domain controller (DC), the privileges of the account that initiated the password reset are checked first to ensure the account is allowed to do so.

Next comes the password filters. These filters ensure that the new password matches the history, length, and character composition requirements usually defined in the default domain group policy and any applicable fine-grained password policies.

After passing through the AD password filters, the password is checked for third-party password rule compliance. If the password successfully makes it through, it's updated in the corresponding account and the old password is given the pwdlastset attribute for tracking the password history. Once the password is changed, this change is replicated among other DCs in the domain.

Reset passwords for Windows 7, 8, and 10 with ADSelfService Plus

ADSelfService Plus is an integrated AD self-service password management and single sign-on solution. With ADSelfService Plus, you can empower your users to reset their forgotten passwords without troubling the service desk. With ADSelfService Plus, users can reset their passwords from their Windows login screens.

Prerequisites

  1. Download and install ADSelfService Plus.
  2. Configure ADSelfService Plus for your AD domain.
  3. Configure policies for self-service features and ensure user enrollment.
  4. Complete the settings required to enable password reset from the Windows login screen.

How to reset passwords for Windows 7, 8, and 10 with ADSelfService Plus

Let's take a look at how to reset Windows 10 passwords with ADSelfService Plus.

  1. A user clicks the Reset Password/Unlock Account button from the Window's login screen.

    Self-service password reset for Windows 7, 8, and 10

  2. In the ADSelfService portal pop-up, the user needs to click the Reset Password button.

    Self-service password reset for Windows 7, 8, and 10

  3. They'll be asked to enter their username. Once finished, they'll need to click Continue.

    Self-service password reset for Windows 7, 8, and 10

  4. Now they'll be asked to prove their identity through authentication methods that were set up while enrolling in ADSelfService Plus. Admin can choose from 15 advanced authentication methods available to enforce in ADSelfService Plus and can decide how many methods are required to complete the verification. After successfully verifying their identity, users will need to click Continue.

    Self-service password reset for Windows 7, 8, and 10

    Self-service password reset for Windows 7, 8, and 10

    Note: Face ID Authentication and Google Authenticator are two of the many identity verification methods available in ADSelfService Plus. See the full list of methods available.
  5. Now the user can enter a new password. If it meets all the password complexity requirements, it will be successfully reset.
    Note: ADSelfService offers the Password Policy Enforcer, which can restrict commonly used passwords, patterns, and repetition. It can also prevent the use of passwords that were involved in previous data breaches through integration with Have I Been Pwned?

    Self-service password reset for Windows 7, 8, and 10

    Self-service password reset for Windows 7, 8, and 10

  6. The user can close the ADSelfService Plus portal pop-up and log in to their Windows system using the new password.

The steps involved in resetting Windows 7 and Windows 8 passwords with ADSelfService Plus are the same as the steps involved in resetting Windows 10 password with ADSelfService Plus.

Why you should use ADSelfService Plus to reset passwords

  • Multi-factor authentication: Secure password resets with advanced identity verification techniques including biometrics, Google Authenticator, YubiKey, and more.
  • Password reset from anywhere: Allow users to reset passwords from mobile devices, computer login screens, private networks, and the ADSelfService portal.
  • Password reset notification: After a password is reset, notifications are sent to the relevant users and admins as a security measure.
  • Comprehensive reports: Audit password resets, identity verification failures, notification delivery, and much more.

                  New to ADSelfService Plus?

                    • Related Articles

                    • Self-service password reset and account unlock for Chromebook devices

                      The Chromebook is Google's low-cost alternative to traditional laptops. Unlike Windows, macOS, and Linux machines, a Chromebook runs on the Chrome OS. Users can login to their Chromebook using their AD domain credentials, if their device has been ...
                    • ADSelfService Plus self-service password reset configuration: Reset & Unlock tab

                      Reset & Unlock tab The Reset & Unlock tab consists of settings related to the self-password reset and account unlock features. Learn how to configure these settings to suit your requirements. Here are the settings under the Reset & Unlock tab: Unlock ...
                    • Configuring the ADSelfService Plus login agent for machine MFA and password self-service in Linux

                      Securing data and resources on the corporate network is of paramount importance to organizations. In a world where most corporate attacks originate at an endpoint, ADSelfService Plus offers 20 MFA factors to protect endpoints by allowing access only ...
                    • Microsoft 365 password reset

                      The Self-Service Password Reset (SSPR) feature in Azure AD allows users to reset their passwords without going through the help desk. However, changes to users' Azure AD passwords are only synchronized with their on-premises domain accounts when ...
                    • Zendesk password reset

                      Zendesk admins can enable users with the capability to reset their own, should they forget them. To reset their passwords, users have to: Open the Zendesk login page. Click Forgot your password in the login screen. Open the email sent by the Zendesk ...