How to Change a User's Password in a Batch Script

Changing a user's password from the command line is a common administrative task, essential for automating new user setups, performing scheduled password rotations for service accounts, or creating a password reset utility. The standard, built-in command for all user account management, including password changes, is NET USER.

This guide will teach you how to use the NET USER command to change the password for any local user account on a Windows machine. You will learn the correct syntax, how to handle randomly generated passwords, and the critical importance of running the script with full administrator privileges.

danger

CRITICAL SECURITY WARNING: Changing passwords is a high-privilege operation. This script must be run with full administrator privileges. Furthermore, be extremely cautious about how you handle passwords in your script. Hardcoding a plain-text password is a security risk.

The Core Command: `NET USER`

The NET.EXE utility is a powerful, built-in tool for managing network resources, users, and groups. The USER context is used to add, modify, and delete local user accounts.

Syntax for Changing a Password: NET USER "UserName" "NewPassword"

"UserName": (Required) The name of the local user account you want to modify.
"NewPassword": (Required) The new password you want to assign to the user.

Basic Example: Setting a New Password

This script changes the password for a local user named TempUser.

@ECHO OFF
REM This script MUST be run as an Administrator.

SET "TargetUser=TempUser"
SET "NewPassword=P@ssw0rd123!"

ECHO --- Changing Password for %TargetUser% ---
ECHO WARNING: This will immediately change the user's password.
PAUSE
ECHO.

NET USER "%TargetUser%" "%NewPassword%"

IF %ERRORLEVEL% EQU 0 (
    ECHO [SUCCESS] The password for %TargetUser% has been changed successfully.
) ELSE (
    ECHO [FAILURE] An error occurred. Errorlevel: %ERRORLEVEL%
    ECHO Common causes: Not running as Admin, or the user does not exist.
)

Forcing a Password Change on Next Logon

A very common and secure practice when setting up a new user is to assign a temporary password and then force the user to change it the first time they log in. NET USER has a specific switch for this.

@ECHO OFF
REM Run as Administrator.
SET "NewUser=jdoe"
SET "TempPassword=Welcome123!"

ECHO --- Setting up new user %NewUser% ---
ECHO.
ECHO Creating user and setting a temporary password...
NET USER "%NewUser%" "%TempPassword%" /ADD

ECHO.
ECHO Forcing password change on next logon...
NET USER "%NewUser%" /LOGONPASSWORDCHG:YES

ECHO.
ECHO --- Setup complete ---

Now, when jdoe tries to log in for the first time with Welcome123!, Windows will immediately prompt them to create a new, private password.

Common Pitfalls and How to Solve Them

Problem: "System error 5 has occurred. Access is denied."

This is the number one cause of failure. It means your script does not have the necessary permissions to modify user account information.

Solution: You must run the script from an elevated command prompt ("Run as administrator"). Standard users cannot change the passwords of other users.

Problem: Complex Passwords with Special Characters

If your password contains special command characters like &, |, >, or ^, it can break the NET USER command if not handled carefully.

Solution: Always enclose the password in double quotes. The command NET USER User "My&Pass" will work perfectly, while NET USER User My&Pass will fail. Using quotes is a universal best practice.

Problem: The User is Prompted for a Password

If you want to allow a user to type their own password interactively and securely (without it appearing on screen), you can use an asterisk (*) in place of the password.

Syntax: NET USER "UserName" *

Example of Console Interaction:

C:\> NET USER TempUser *
Type a password for the user:
Retype the password to confirm:
The command completed successfully.

note

This is useful for interactive scripts but is not suitable for full automation, as it will halt the script and wait for user input.

Practical Example: A New User Setup Script

This script automates the full process of creating a new user. It generates a random, complex password, creates the user, adds them to a group, forces a password change on next logon, and then displays the temporary password for the administrator.

@ECHO OFF
SETLOCAL ENABLEDELAYEDEXPANSION
REM This script must be run as an Administrator.

SET "NewUser=TempWorker"

ECHO --- New User Creation Script ---
ECHO.

REM --- Step 1: Generate a random password (simple example) ---
SET "TempPass=Temp%RANDOM%!"
ECHO Creating user '%NewUser%' with temporary password: !TempPass!

REM --- Step 2: Create the user ---
NET USER "%NewUser%" "!TempPass!" /ADD /COMMENT:"Temporary Worker Account"

REM --- Step 3: Add the user to the "Users" group ---
NET LOCALGROUP "Users" "%NewUser%" /ADD

REM --- Step 4: Force password change on next logon ---
NET USER "%NewUser%" /LOGONPASSWORDCHG:YES

ECHO.
ECHO [SUCCESS] User '%NewUser%' has been created.
ECHO Please provide them with their temporary password.

ENDLOCAL

Conclusion

The NET USER command is the standard, built-in tool for managing local user accounts, including changing their passwords.

For secure and reliable scripting:

Always run your script as an Administrator.
Use the syntax NET USER "UserName" "NewPassword".
Always enclose the username and password in double quotes to handle spaces and special characters.
For new accounts, use the /LOGONPASSWORDCHG:YES switch to force the user to set their own private password upon first login.
Avoid hardcoding passwords in scripts whenever possible. Use the * prompt for interactive changes.

The Core Command: NET USER​

Basic Example: Setting a New Password​

Forcing a Password Change on Next Logon​

Common Pitfalls and How to Solve Them​

Problem: "System error 5 has occurred. Access is denied."​

Problem: Complex Passwords with Special Characters​

Problem: The User is Prompted for a Password​

Practical Example: A New User Setup Script​

Conclusion​

Table of Contents