Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
See . This snippet uses the ykman command to generate a new static password on the Yubikey, then reset the password of the user running the PowerShell session to the new static password (requires pressing the bu…
# Create an alias for ykman pointing the the install location
set-alias ykman "$env:programfiles\Yubico\YubiKey Manager\ykman.exe"
# Provide an opportunity to insert the yubikey before continuing
Read-Host -Prompt "Ensure Yubikey is inserted then press Enter to continue"
# Add a new line for formatting/tidiness
write-host " "
# Run ykman to generate the static password on the Yubikey (in slot 2)
ykman otp static 2 --generate --length 16 --force --keyboard-layout US
# Wait a second, then add a new line for formatting/tidiness
sleep 1
write-host " "
# Have the user enter their own password to prepend the Yubikey random,
# static password (improves security) See:
write-host "Resetting password for $env:username - enter a personal password and without pressing enter,
long-press the button on your Yubikey to append the generated static password when prompted (twice) ..."
# Determine if the account is a local account or domain account and run the
# respective "net use" command to reset the password. In most cases, the
# account is local if %userdomain% and %computername% match
if($env:userdomain -like "*$env:computername") {
net user "$env:username" *
} else {
net user "$env:username" * /domain
# Zero out variables
$NewPassword = ""
# Add new lines and output for formatting/tidiness
write-host " "
write-host "DONE"
write-host " "
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.