Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
See https://blog.neilsabol.site/post/yubikey-personalization-tool-yubico-powershell-command-cli-program-random-static-password-commandline/ . This snippet uses the ykman command to generate a new static password on the Yubikey, then reset the password of the user running the PowerShell session to the new static password (requires pressing the bu…
# Create an alias for ykman pointing the the install location
set-alias ykman "$env:programfiles\Yubico\YubiKey Manager\ykman.exe"
# Provide an opportunity to insert the yubikey before continuing
Read-Host -Prompt "Ensure Yubikey is inserted then press Enter to continue"
# Add a new line for formatting/tidiness
write-host " "
# Run ykman to generate the static password on the Yubikey (in slot 2)
ykman otp static 2 --generate --length 16 --force --keyboard-layout US
# Wait a second, then add a new line for formatting/tidiness
sleep 1
write-host " "
# Have the user enter their own password to prepend the Yubikey random, static password (improves security)
# See https://support.yubico.com/support/solutions/articles/15000006480-understanding-core-static-password-features
write-host "Resetting password for $env:username - enter a personal password and without pressing enter, long-press the button on your Yubikey to append the generated static password when prompted (twice) ..."
# Determine if the account is a local account or domain account and run the respective "net use"
# command to reset the password. In most cases, the account is local if %userdomain% and %computername% match
if($env:userdomain -like "*$env:computername") {
net user "$env:username" *
} else {
net user "$env:username" * /domain
}
# Zero out variables
$NewPassword = ""
# Add new lines and output for formatting/tidiness
write-host " "
write-host "DONE"
write-host " "
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.