diff --git a/src/main/java/cn/kastner/oj/controller/GroupRestController.java b/src/main/java/cn/kastner/oj/controller/GroupRestController.java
index 5d50db8..a204da1 100644
--- a/src/main/java/cn/kastner/oj/controller/GroupRestController.java
+++ b/src/main/java/cn/kastner/oj/controller/GroupRestController.java
@@ -8,12 +8,16 @@
 import cn.kastner.oj.query.GroupQuery;
 import cn.kastner.oj.security.JwtUser;
 import cn.kastner.oj.service.GroupService;
+import org.apache.poi.ss.usermodel.Workbook;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.validation.BindingResult;
 import org.springframework.validation.annotation.Validated;
 import org.springframework.web.bind.annotation.*;
 
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.io.OutputStream;
 import java.util.List;
 
 @RestController
@@ -105,4 +109,19 @@ public List<JwtUser> deleteMembers(
     }
     return groupService.deleteMembers(id, usersId);
   }
+
+  @PostMapping(value = "/{id}/members/resetPassword")
+  @PreAuthorize("hasAnyRole('ADMIN', 'STUFF')")
+  public void resetMemberPassword(@PathVariable String id, HttpServletResponse response) throws GroupException {
+    response.setHeader("content-type", "application/octet-stream");
+    response.setContentType("application/octet-stream");
+    response.setHeader("Content-Disposition", "attachment");
+
+    Workbook workbook = groupService.resetMembersPassword(id);
+    try (OutputStream os = response.getOutputStream()) {
+      workbook.write(os);
+    } catch (IOException e) {
+      throw new GroupException(GroupException.RESET_ERROR);
+    }
+  }
 }
diff --git a/src/main/java/cn/kastner/oj/exception/GroupException.java b/src/main/java/cn/kastner/oj/exception/GroupException.java
index 0fc0e9b..c824768 100644
--- a/src/main/java/cn/kastner/oj/exception/GroupException.java
+++ b/src/main/java/cn/kastner/oj/exception/GroupException.java
@@ -7,6 +7,7 @@ public class GroupException extends AppException {
   public static final String NO_SUCH_GROUP = "没有该群组";
   public static final String HAVE_SUCH_GROUP = "该群组名已存在";
   public static final String HAS_BEEN_GENERATED = "已经批量生成过了";
+  public static final String RESET_ERROR = "重置失败";
 
   public GroupException(String message) {
     super(message);
@@ -23,6 +24,10 @@ public GroupException(String message) {
         this.code = -4;
         this.status = HttpStatus.BAD_REQUEST;
         break;
+      case RESET_ERROR:
+        this.code = -5;
+        this.status = HttpStatus.INTERNAL_SERVER_ERROR;
+        break;
       default:
         this.code = -1;
         this.status = HttpStatus.INTERNAL_SERVER_ERROR;
diff --git a/src/main/java/cn/kastner/oj/service/GroupService.java b/src/main/java/cn/kastner/oj/service/GroupService.java
index afffe89..1e386f3 100644
--- a/src/main/java/cn/kastner/oj/service/GroupService.java
+++ b/src/main/java/cn/kastner/oj/service/GroupService.java
@@ -7,6 +7,7 @@
 import cn.kastner.oj.exception.UserException;
 import cn.kastner.oj.query.GroupQuery;
 import cn.kastner.oj.security.JwtUser;
+import org.apache.poi.ss.usermodel.Workbook;
 
 import java.util.List;
 
@@ -26,4 +27,6 @@ public interface GroupService {
   List<JwtUser> addMembers(String id, List<String> usersId) throws UserException, GroupException, AuthorizationException;
 
   List<JwtUser> deleteMembers(String id, List<String> userId) throws GroupException, UserException, AuthorizationException;
+
+  Workbook resetMembersPassword(String id) throws GroupException;
 }
diff --git a/src/main/java/cn/kastner/oj/service/impl/GroupServiceImpl.java b/src/main/java/cn/kastner/oj/service/impl/GroupServiceImpl.java
index e2aa3db..0049294 100644
--- a/src/main/java/cn/kastner/oj/service/impl/GroupServiceImpl.java
+++ b/src/main/java/cn/kastner/oj/service/impl/GroupServiceImpl.java
@@ -19,6 +19,10 @@
 import cn.kastner.oj.service.GroupService;
 import cn.kastner.oj.util.CommonUtil;
 import cn.kastner.oj.util.DTOMapper;
+import org.apache.poi.ss.usermodel.Row;
+import org.apache.poi.ss.usermodel.Workbook;
+import org.apache.poi.xssf.usermodel.XSSFSheet;
+import org.apache.poi.xssf.usermodel.XSSFWorkbook;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.data.domain.PageRequest;
 import org.springframework.data.domain.Pageable;
@@ -235,6 +239,33 @@ public List<JwtUser> deleteMembers(String id, List<String> usersId)
     return JwtUserFactory.createList(userSet);
   }
 
+  @Override
+  public Workbook resetMembersPassword(String id) throws GroupException {
+    Group group =
+        groupRepository
+            .findById(id)
+            .orElseThrow(() -> new GroupException(GroupException.NO_SUCH_GROUP));
+    Set<User> userSet = group.getUserSet();
+    XSSFWorkbook workbook = new XSSFWorkbook();
+    XSSFSheet sheet = workbook.createSheet("用户密码");
+    int rowNum = 0;
+    Row header = sheet.createRow(rowNum++);
+    header.createCell(0).setCellValue("Username");
+    header.createCell(1).setCellValue("学号");
+    header.createCell(2).setCellValue("姓名");
+    header.createCell(3).setCellValue("密码");
+    for (User user : userSet) {
+      String randomPassword = CommonUtil.generateStr(8);
+      user.setPassword(randomPassword);
+      Row row = sheet.createRow(rowNum++);
+      row.createCell(0).setCellValue(user.getUsername());
+      row.createCell(1).setCellValue(user.getStudentNumber());
+      row.createCell(2).setCellValue(user.getName());
+      row.createCell(3).setCellValue(randomPassword);
+    }
+    return workbook;
+  }
+
   private void authorize(Group group) throws AuthorizationException {
     User user = UserContext.getCurrentUser();
     if (!user.isAdmin() && !user.equals(group.getAuthor())) {