How-To: Change Password in a Nested RDP Session
Practicing good IT security is not always convenient. It can be tedious to change passwords without a dedicated password tool, but password rotation is a necessary step. Even though I don’t have an ideal tool for this task, I will show you how to rotate the local admin password on one of our servers. So, let’s log in and change it:
With previous versions of Windows, this was a bit easier. However, Server 2012 made some changes from 2008 that require additional steps since it doesn’t have “Windows Security.” (For the tl;dr on how to do it, click HERE)
From your workstation, you would remote desktop (RDP) to our Jump Box, then remote desktop to the server. Then you click on “Windows Security”:
You can still change it by going to “Computer Management” and then \Local Users and Groups\Users\ right-clicking on the administrative user and selecting “set password”:
However, Server 2012 will present a warning, as this is not the recommended way for a variety of reasons; including encypted file system (EFS) issues
If you press CTRL+ALT+DEL as instructed, you will receive a prompt on our local workstation.
If you press CTRL+ALT+END, as we’ve learned from years of RDP, you will receive a prompt on our Jump Box:
At this point, it seems you are stuck – an unintended consequence of Microsoft’s changes from Server 2008 to 2012. So how do you safely change my local admin password?
For tablet and accessibility support, Windows includes an on-screen keyboard (OSK)! Start -> Run -> osk.exe or search for osk:
**NOTE: When you type CTRL+ALT+DEL on the OSK, it also gives a warning!
Hold down CTRL+ALT on your physical keyboard and click DEL on the OSK:
The correct “Change Password” prompt will finally appear:
This may seem more inconvenient since there is not a dedicated tool. But this method addresses the problem without having to utilize a tool, so you can secure your password quickly and move onto other tasks.
Credit for this post should be shared with friend of SealingTech, Tony Pimenta.