PowerShell Random Password Generator
On a project earlier this year, I had to create random passwords for user accounts as part of a provisioning tool. Perpetually trying to find the fastest way to do something, I came up with a one-liner that you can use to create a random text string from the following ASCII printable characters:
!"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_abcdefghijklmnopqrstuvwxyz{|}~0123456789
To create the passwords, I use this bit of magic:
PS> $Password = ([char[]]([char]33..[char]95) + ([char[]]([char]97..[char]126)) + 0..9 | sort {Get-Random})[0..8] -join ''
PS> $Password
Z-=$fNgb!
That will create an 9 character password using the range operator [0..8]. And, if you want to concatenate it with a plaintext counterpart:
PS> $Password = ([char[]]([char]33..[char]95) + ([char[]]([char]97..[char]126)) + 0..9 | sort {Get-Random})[0..8] -join ''
PS> $Password = "Welcome"+$Password
PS> $Password
WelcomeZ-=$fNgb!
Maybe not the most difficult passwords in the world, but probably good enough to give new users the first time they log on to a system.
But then, I found this gem, too:
$Password = "Welcome" + [system.web.security.membership]::GeneratePassword(x,y)
Where:
x = length in characters
y = minimum number of non-alphanumeric characters
If you only want alpha-numeric characters, simply use "x." As soon as you use "y", you'll get anywhere from y to x number of non-alphanumeric characters.
What ideas do you have?
Comments
- Anonymous
September 21, 2016
Thanksvery cool - Anonymous
September 21, 2016
First, thank you. Second, do you need the "+ 0..9"? I see numbers in the char[33] to char[95] section. I guess it increases the chance for a number to be included.- Anonymous
September 22, 2016
Joe--you are right. 0-9 are included in the earlier [char] ranges. I included it again, though, since the problem I found is that if you're using any password complexity filters, it was occasionally possible to generate a password that only included letters. Once you introduce those extra 10 digits, the probability of you generating a password that the system won't accept is much lower.Maybe there's a slick way to create a one-liner that pulls "n" number of characters from various character groups to ensure complexity rules are matched?
- Anonymous
- Anonymous
February 23, 2017
Didn't work for me.- Anonymous
April 04, 2017
What version of PowerShell are you using?I tested in both Windows Server 2012 and 2008 R2:PS C:> $PSVersionTableName Value---- -----CLRVersion 2.0.50727.5485BuildVersion 6.1.7601.17514PSVersion 2.0WSManStackVersion 2.0PSCompatibleVersions {1.0, 2.0}SerializationVersion 1.1.0.1PSRemotingProtocolVersion 2.1PS C:> $Password = (char[] + (char[]) + 0..9 | sort {Get-Random})[0..8] -join ''PS C:> $PasswordE8{(f)1@TPS C:>----------PS C:> $PSVersionTableName Value---- -----PSVersion 4.0WSManStackVersion 3.0SerializationVersion 1.1.0.1CLRVersion 4.0.30319.34209BuildVersion 6.3.9600.17400PSCompatibleVersions {1.0, 2.0, 3.0, 4.0}PSRemotingProtocolVersion 2.2PS C:> $Password = (char[] + (char[]) + 0..9 | sort {Get-Random})[0..8] -join ''PS C:> $Password_bK{a-k0ZPS C:>
- Anonymous
- Anonymous
November 01, 2017
Thank you for this script. I ran a quick loop to check and like the results. I only wish I could exclude one character that has given me trouble in cloudformation scripts. The Ampersand (Char 37). Here is my quick loop script to validate this one liner.0..9 | % {$Password = (char[] + (char[]) + 0..9 | sort {Get-Random})[0..15] -join '';$Password}Returns nine 16 character passwords.[{\7>h8<(R1MQj@,YX7ua"%j?V^PyS-bO%P2uA7E-hw@6oH^Ngs~KvE-T8G5Wu%7uR9=x)S2nDC,z7"Hj)|a<7s(LO_2W31Qc<x5%pw4svybq,YtG%Npu17W'vA*t4QS7V1[2ihr5cgq|=^ye5S?gf_41<5@o8O}- Anonymous
November 01, 2017
The comment has been removed
- Anonymous
- Anonymous
January 15, 2018
I found small limitation in your script - it will use each character exactly once. This somehow bother me, and it also slightly decrease the complexity :-o, finally the length of password is always same :-o, so here is my take on it:$asci = char[] + (char[])$password = (1..$(Get-Random -Minimum 9 -Maximum 14) | % {$asci | get-random}) -join "" - Anonymous
May 29, 2018
I recently found a method that uses the System.Web method from .NET framework. The below script will generate 10 passwords with eight characters, and will have at least 1 non-alphanumeric character. Gives me the ability to choose a suitable password for my end user:[Reflection.Assembly]::LoadWithPartialName("System.Web")$i = 0while ($i -lt 9) {[System.Web.Security.Membership]::GeneratePassword(8,0)$i++}- Anonymous
May 31, 2018
Oh, excellent! Thanks! I'll check it out!
- Anonymous
- Anonymous
June 25, 2018
As this post is well over a year old, you probably already know that "y" is the MINUMIM number of non-alphanumeric characters - it's not possible to specify the exact number- Anonymous
July 08, 2018
Yes. I've updated the post accordingly.
- Anonymous