How to Remotely Reset a Forgotten Local Administrator Password on Windows Server 2025

So you’re locked out of a Windows Server 2025 machine because someone forgot the local Administrator password. Don’t panic—if you’re working in a domain environment, you’ve got several ways to fix this remotely without driving to the data center at 2 AM.

Let me walk you through the most practical methods, along with when to use each one.

Before You Start

You’ll need domain admin credentials or at least permissions to manage the target server remotely. Also, make sure you can reach the server over the network (firewall rules allowing remote management, network connectivity intact, that sort of thing).

Method 1: PowerShell Remoting (The Quick Way)

This is my go-to method because it’s fast and works great if PowerShell remoting is already enabled on the server.

First, open PowerShell as an administrator on your workstation and connect to the remote server:

powershell

Enter-PSSession -ComputerName ServerName

Once you’re in, reset the password:

powershell

$NewPassword = ConvertTo-SecureString "YourNewP@ssw0rd!" -AsPlainText -Force
Set-LocalUser -Name "Administrator" -Password $NewPassword

Done. You can also do this in a single line without entering a session:

powershell

Invoke-Command -ComputerName ServerName -ScriptBlock {
    $Password = ConvertTo-SecureString "YourNewP@ssw0rd!" -AsPlainText -Force
    Set-LocalUser -Name "Administrator" -Password $Password
}

Just make sure your new password meets the server’s complexity requirements, or you’ll get an error.

Method 2: Computer Management Console

If you prefer a GUI approach, the Computer Management snap-in works beautifully.

Right-click on “This PC” or “Computer” on your workstation, select “Manage,” then right-click on “Computer Management (Local)” in the left pane and choose “Connect to another computer.” Type in the server name.

Navigate to System Tools > Local Users and Groups > Users, right-click the Administrator account, and select “Set Password.” Windows will warn you about potential data loss (encrypted files, stored passwords, etc.), but if you’re resetting a forgotten password, you’re already past that point.

Enter the new password twice and you’re good to go.

Method 3: Active Directory Users and Computers (Wait, What?)

Here’s a trick some people don’t know about. If the server is domain-joined, you can use ADUC to trigger a remote command.

Open Active Directory Users and Computers, find the computer object for your server, right-click it, and select “Manage.” This opens Computer Management connected to that server, and from there you follow the same steps as Method 2.

It’s basically the same as Method 2, just launched from a different starting point.

Method 4: Remote Server Manager (Server Manager)

If you’ve added the server to your Server Manager, you can manage it from there too.

Open Server Manager, click “Tools” > “Computer Management,” then click “Action” > “Connect to another computer” in the menu bar. Enter your server name, navigate to Local Users and Groups, and reset the password just like before.

Method 5: WMI via Command Line

For those who like doing things the old-school way, you can use WMIC:

cmd

wmic /node:ServerName /user:DOMAIN\YourDomainAdmin path Win32_UserAccount where Name='Administrator' call SetPassword Password='YourNewP@ssw0rd!'

Fair warning: this method is deprecated in newer Windows versions, so PowerShell is probably a better long-term choice.

Method 6: PsExec (The Swiss Army Knife)

Download PsExec from the Sysinternals suite if you don’t have it already. Then run:

cmd

psexec \\ServerName -u DOMAIN\YourDomainAdmin cmd
net user Administrator YourNewP@ssw0rd!

This opens a remote command prompt on the server and lets you run the net user command directly.

Troubleshooting Common Issues

If PowerShell remoting isn’t working, you might need to enable it on the target server first. If you have physical or out-of-band access (like iDRAC, iLO, or similar), you can log in that way and run:

powershell

Enable-PSRemoting -Force

If you’re getting “Access Denied” errors even with domain admin credentials, check that Remote Management is allowed through Windows Firewall on the target server.

And if you’re working with a standalone server (not domain-joined), these methods won’t work—you’ll need physical access or out-of-band management.

Security Considerations

After you reset the password, make sure you document what happened and who made the change. Most organizations have policies about this kind of thing.

Also, consider enabling LAPS (Local Administrator Password Solution) if you haven’t already. It automatically manages local admin passwords across your environment and stores them securely in Active Directory, so you’ll never be in this situation again.

Wrapping Up

Resetting a forgotten local Administrator password remotely is straightforward as long as you’ve got domain credentials and network access. PowerShell is probably your fastest option, but the GUI methods work just fine if you prefer clicking over typing.

Just remember to update your password vault or documentation afterward so the next person doesn’t have to go through this whole process again.