Windows Plugin

Rotate Windows user passwords with Commander

Keeper has also launched a zero-trust Password Rotation feature with KeeperPAM. This new capability is recommended for most password rotation use cases. The Documentation is linked below:

This plugin allows rotating a windows user's password using the net user command.

Prepare a Record for Rotation

Create a Record for Rotation

Rotation supports legacy and typed records. If using typed record, a 'login' type field is required. Additional fields may be added depending on the rotation type as well. See the instructions below.

See the Troubleshooting section for more information on legacy vs typed records

Set the Login Name

Populate the 'Login' field of the Keeper record with the login to use with this rotation.

This plugin rotates passwords for both local and Active Directory accounts. When rotating Active Directory password use DOMAIN\USERNAME syntax for Login field.

Add the following Custom Fields to the record that you want to rotate within Keeper

Label
Value
Comment

cmdr:plugin

windows

(Optional) Tells Commander to use Windows rotation. This should be either set to the record, or supplied to the rotation command

cmdr:rules

# uppercase, # lowercase, # numeric, # special'

(e.g. 4,6,3,8)

(Optional) Password generation rules

A Keeper Record setup for Windows password rotation

Rotate

To rotate Windows passwords, use the rotate command in Commander. Pass the command a record title or UID (or use --match with a regular expression to rotate several records at once)

rotate "Windows Example" --plugin windows

The plugin can be supplied to the command as shown here, or added to a record field (see options above). Adding the plugin type to the record makes it possible to rotate several records at once with different plugins.

Output

After rotation is completed, the new password will be stored in the Password field of the record

Last updated