How-To: Change Password in a Nested RDP Session

Practicing good IT security is not always convenient. It can be tedious to change passwords without a dedicated password tool, but password rotation is a necessary step.  Even though I don’t have an ideal tool for this task, I will show you how to rotate the local admin password on one of our servers.  So, let’s log in and change it:

The Problem

With previous versions of Windows, this was a bit easier.  However, Server 2012 made some changes from 2008 that require additional steps since it doesn’t have “Windows Security.”  (For the tl;dr on how to do it, click HERE)

From your workstation, you would remote desktop (RDP) to our Jump Box, then remote desktop to the server. Then you click on “Windows Security”:

You can still change it by going to “Computer Management” and then \Local Users and Groups\Users\ right-clicking on the administrative user and selecting “set password”:

However, Server 2012 will present a warning, as this is not the recommended way for a variety of reasons; including encypted file system (EFS) issues

If you press CTRL+ALT+DEL as instructed, you will receive a prompt on our local workstation.

If you press CTRL+ALT+END, as we’ve learned from years of RDP, you will receive a prompt on our Jump Box:

At this point, it seems you are stuck – an unintended consequence of Microsoft’s changes from Server 2008 to 2012. So how do you safely change my local admin password?

The Solution


For tablet and accessibility support, Windows includes an on-screen keyboard (OSK)! Start -> Run -> osk.exe or search for osk:

**NOTE: When you type CTRL+ALT+DEL on the OSK, it also gives a warning!


Hold down CTRL+ALT on your physical keyboard and click DEL on the OSK:


The correct “Change Password” prompt will finally appear:

This may seem more inconvenient since there is not a dedicated tool. But this method addresses the problem without having to utilize a tool, so you can secure your password quickly and move onto other tasks.

Credit for this post should be shared with friend of SealingTech, Tony Pimenta.

Posted in