Last active
January 31, 2021 13:17
-
-
Save neil-sabol/c2a809f7c5a84c333852e24855f384d7 to your computer and use it in GitHub Desktop.
See https://blog.neilsabol.site/post/yubikey-personalization-tool-yubico-powershell-command-cli-program-random-static-password-commandline/ . This snippet uses the ykman command to generate a new static password on the Yubikey, then reset the password of the user running the PowerShell session to the new static password (requires pressing the bu…
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Create an alias for ykman pointing the the install location | |
set-alias ykman "$env:programfiles\Yubico\YubiKey Manager\ykman.exe" | |
# Provide an opportunity to insert the yubikey before continuing | |
Read-Host -Prompt "Ensure Yubikey is inserted then press Enter to continue" | |
# Add a new line for formatting/tidiness | |
write-host " " | |
# Run ykman to generate the static password on the Yubikey (in slot 2) | |
ykman otp static 2 --generate --length 16 --force --keyboard-layout US | |
# Wait a second, then add a new line for formatting/tidiness | |
sleep 1 | |
write-host " " | |
# Have the user enter their own password to prepend the Yubikey random, | |
# static password (improves security) See: | |
# https://support.yubico.com/support/solutions/articles/15000006480-understanding-core-static-password-features | |
write-host "Resetting password for $env:username - enter a personal password and without pressing enter, | |
long-press the button on your Yubikey to append the generated static password when prompted (twice) ..." | |
# Determine if the account is a local account or domain account and run the | |
# respective "net use" command to reset the password. In most cases, the | |
# account is local if %userdomain% and %computername% match | |
if($env:userdomain -like "*$env:computername") { | |
net user "$env:username" * | |
} else { | |
net user "$env:username" * /domain | |
} | |
# Zero out variables | |
$NewPassword = "" | |
# Add new lines and output for formatting/tidiness | |
write-host " " | |
write-host "DONE" | |
write-host " " |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment