diff --git a/tools/generate-password.bat b/tools/generate-password.bat
new file mode 100755
index 0000000000..9f5a27df08
--- /dev/null
+++ b/tools/generate-password.bat
@@ -0,0 +1,9 @@
+param (
+    [int]$Length = 12
+)
+
+# Define the character set for the password
+$Characters = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"
+
+$Password = Get-Random -InputObject $Characters -Count $Length
+return $Password
diff --git a/tools/generate-password.sh b/tools/generate-password.sh
new file mode 100755
index 0000000000..53c44f2fee
--- /dev/null
+++ b/tools/generate-password.sh
@@ -0,0 +1,12 @@
+#!/bin/bash
+
+length="$1"
+if [ -z "$length" ]; then
+    length=12  # Default password length
+fi
+
+# Define the character set for the password
+characters="A-Za-z0-9"
+
+# Use /dev/urandom to generate random bytes and tr to shuffle them
+LC_ALL=C tr -dc "$characters" < /dev/urandom | head -c "$length"
\ No newline at end of file
diff --git a/tools/install_demo_configuration.bat b/tools/install_demo_configuration.bat
index d9d30fea2b..1d942488a8 100755
--- a/tools/install_demo_configuration.bat
+++ b/tools/install_demo_configuration.bat
@@ -17,6 +17,7 @@ set "assumeyes=0"
 set "initsecurity=0"
 set "cluster_mode=0"
 set "skip_updates=-1"
+set "generate_random_password=0"
 
 goto :GETOPTS
 
@@ -27,6 +28,7 @@ echo   -y confirm all installation dialogues automatically
 echo   -i initialize Security plugin with default configuration (default is to ask if -y is not given)
 echo   -c enable cluster mode by binding to all network interfaces (default is to ask if -y is not given)
 echo   -s skip updates if config is already applied to opensearch.yml
+echo   -g generates random password for admin
 EXIT /B 0
 
 :GETOPTS
@@ -35,6 +37,7 @@ if /I "%1" == "-y" set "assumeyes=1"
 if /I "%1" == "-i" set "initsecurity=1"
 if /I "%1" == "-c" set "cluster_mode=1"
 if /I "%1" == "-s" set "skip_updates=0"
+if /I "%1" == "-g" set "generate_random_password=1"
 shift
 if not "%1" == "" goto :GETOPTS
 
@@ -343,6 +346,19 @@ if not defined ADMIN_PASSWORD (
   exit /b 1
 )
 
+if not "%initialAdminPassword%"=="" (
+    set "ADMIN_PASSWORD=%initialAdminPassword%"
+) else if exist "%ADMIN_PASSWORD_FILE%" (
+    for /f %%a in ('type "%ADMIN_PASSWORD_FILE%"') do set "ADMIN_PASSWORD=%%a"
+) else if "%generate_random_password%"=="1" (
+    set "generate_password_script=%OPENSEARCH_PLUGINS_DIR%\opensearch-security\tools\generate-password.bat"
+    for /f %%a in ('"!generate_password_script!" 16') do set "ADMIN_PASSWORD=%%a"
+) else (
+    echo Unable to find the admin password for the cluster. Please set initialAdminPassword or create a file %ADMIN_PASSWORD_FILE% with a single line that contains the password.
+    exit /b 1
+)
+
+
 echo "   ***************************************************"
 echo "   ***   ADMIN PASSWORD SET TO: %ADMIN_PASSWORD%   ***"
 echo "   ***************************************************"
diff --git a/tools/install_demo_configuration.sh b/tools/install_demo_configuration.sh
index 01bc1bfed1..7a295bd4f6 100755
--- a/tools/install_demo_configuration.sh
+++ b/tools/install_demo_configuration.sh
@@ -29,6 +29,7 @@ assumeyes=0
 initsecurity=0
 cluster_mode=0
 skip_updates=-1
+generate_random_password=0
 
 function show_help() {
     echo "install_demo_configuration.sh [-y] [-i] [-c]"
@@ -37,9 +38,10 @@ function show_help() {
     echo "  -i initialize Security plugin with default configuration (default is to ask if -y is not given)"
     echo "  -c enable cluster mode by binding to all network interfaces (default is to ask if -y is not given)"
     echo "  -s skip updates if config is already applied to opensearch.yml"
+    echo "  -g generates random password for admin"
 }
 
-while getopts "h?yics" opt; do
+while getopts "h?yicsg" opt; do
     case "$opt" in
     h|\?)
         show_help
@@ -52,6 +54,8 @@ while getopts "h?yics" opt; do
     c)  cluster_mode=1
         ;;
     s)  skip_updates=0
+        ;;
+    g)  generate_random_password=1
     esac
 done
 
@@ -392,10 +396,14 @@ echo 'plugins.security.system_indices.indices: [".plugins-ml-config", ".plugins-
 ADMIN_PASSWORD_FILE="$OPENSEARCH_CONF_DIR/initialAdminPassword.txt"
 INTERNAL_USERS_FILE="$OPENSEARCH_CONF_DIR/opensearch-security/internal_users.yml"
 
+
 if [[ -n "$initialAdminPassword" ]]; then
   ADMIN_PASSWORD="$initialAdminPassword"
 elif [[ -f "$ADMIN_PASSWORD_FILE" && -s "$ADMIN_PASSWORD_FILE" ]]; then
   ADMIN_PASSWORD=$(head -n 1 "$ADMIN_PASSWORD_FILE")
+elif [ "$generate_random_password" == 1 ]; then  # Added double quotes around "1"
+  $SUDO_CMD chmod +x "$OPENSEARCH_PLUGINS_DIR/opensearch-security/tools/generate-password.sh"
+  ADMIN_PASSWORD=$("$OPENSEARCH_PLUGINS_DIR/opensearch-security/tools/generate-password.sh" 16)
 else
   echo "Unable to find the admin password for the cluster. Please run 'export initialAdminPassword=<your_password>' or create a file $ADMIN_PASSWORD_FILE with a single line that contains the password."
   exit 1