Table of Contents
If you're reading this, it most likely means that you're looking for a way to change your Windows password remotely, i.e. from a Remote Desktop connection (RDP protocol): this is a typical scenario for remote workers and system administrators who often have to access remote systems (such as Virtual Machines) through another Windows machine.
When such situation arises, the standard CTRL + ALT + DEL key combo cannot be used, because it would be captured by the local OS (the one used by the PC we're using to access the remote environment), which will prompt its own change password screen: therefore, we would be able to change the local Windows account password instead of the remote one.
Using CTRL + ALT + END
Luckily enough, there is another key combo that we can use to trigger the change password screen on the remote system: CTRL + ALT + END. This command is specifically meant to be the "three-finger salute" equivalent for remote desktop connections and can be safely used to remotely change password, because it won't be "intercepted" by the local OS in any way.
The END key is usually located close to the CANC key (that's arguably why it was chosen as replacement hotkey).
Using the On-Screen Keyboard
If you don't want (or you are unable) to use the CTRL + ALT + END key combo, you can still access the "change password" screen using the Windows On-Screen Keyboard. To activate it, just click to the Start menu, then type "ost" and click to the On-Screen Keyboard icon that will show up.
Now we can press CTRL + ALT using the hardware keyboard and then simultaneously click the third key (DEL / CANC) using the On-Screen Keyboard, thus determining the "three-finger salute" key combo on the remote PC.
What if it's already too late?
In the unfortunate event that the password expires before you can change it, the remote access tool will give you an error message like this when you connect:
An authentication error has occurred. The Local Security Authority cannot be contacted. This could be due to an expired password. Please update your password if it has expired. For assistance, contact your administrator or technical support.
In this case, all we can do is contact your System Administrator (or IT help-desk support) and request a password reset: once this is done we'll able to log back into the remote system and change the default password with a personal, secureone.
Why Windows doesn't warn me?
As you most likely already know, if your Active Directory (or local group policy) has been configured with expiring passwords, all users will receive a dedicated warning some days before the expiration date to remind them about changing their passwords before it's too late.
However, these warnings will only be shown when the user session is actually opened - i.e., when the user performs the login process.
To put it in other words, you need to "open" your user session to receive that warning: if you connect back to an existing session, you won't receive such notice.
Unfortunately, when using Remote Desktop, most users don't perform the logout / disconnect process, they just shut down the RDP client and then re-open it to reconnect whenever they need to: when they do this, the same AD user session is kept open and "recycled" over and over (the remote login process is used to "reconnect to it" instead of open a new session); for that very reason, the system never get the chance to properly warn them. Such scenario doesn't occur when those users physically work on their device, because their user session will also end whenever they perform a reboot, power off, or other maintenance activities that frequently occur during their daily activity at the office, yet often avoided when using RDP.
Anyway, the only possible "workaround" for this issue is to force the users to close their user session before closing the RDP client: this can be easily done using the Disconnect command available from the Windows Start menu.
That's it: we hope that this post will help many Windows users who are looking for a way to remotely change their password through Remote Desktop connection (RDP).