JSI Tip 6093. CopyPwd is a freeware command-line utility that allows copying any number of user or computer account passwords from one computer to another, including domain accounts.

Jerold Schulman

December 16, 2002

2 Min Read
ITPro Today logo in a gray background | ITPro Today

"CopyPWD is a command-line utility that allows copying any number of user or computer account passwords from one computer to another, including domain accounts. CopyPwd can copy the passwords to/from any Windows NT or Windows 2000 computer. Full documentation and source code (under GNU licensing) is included.

Usage

Important: The information stored in the output/input file used by CopyPwd should be treated as extremely sensitive. Although only the usernames and password hashes are written to the file, the hashes should be treated as the actual passwords. Any password cracking software can use the password hash information to crack the password, thereby possibly compromising security. It is recommended that after completion of the CopyPwd process, that the input/output file containing the password hashes be erased, preferably by a security program that can overwrite the file location with zeros or random data.

Installation

To install CopyPwd, simply copy the CopyPwd files into a separate directory on any Windows NT/2000 computer. CopyPwd cannot be run against a remote computer. If passwords are being copied from one set of accounts on one computer to another, then CopyPwd must be installed on both the source and destination computers.

CopyPwd must be run in two stages, first to "dump" the passwords, then to "set" the passwords.

Dumping Passwords

To dump the passwords, issue the command:

CopyPwd DUMP >copypwd.txt

This will place all user/computer accounts and the password hashes on the local computer into a file named "copypwd.txt". Treat this file as extremely sensitive.

The copypwd.txt file can be modified with Notepad. In general, remove any accounts that will not be involved in the copy process, including computer accounts, if necessary. Computer accounts end with a "$", and will be in all capital letters. The user account in the file is separated from the password hash by a colon (:). If using CopyPwd to set passwords, the user account must be changed to match the user account on the destination computer. If the destination computer is running Windows 2000, the lookup and account name match will be based on the Active Directory attribute "SamAccountName". This corresponds to the "Pre-Windows 2000 Logon Name" field as used on the user Properties Account dialog.

Setting Passwords

After performing any modifications as needed as discussed above, run CopyPwd to set the passwords, using the command:

CopyPwd SET

CopyPwd will read the contents of the copypwd.txt file, lookup the user account on the local computer, and set the password as specified in the file. At present, the file must be named copypwd.txt."



Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like