Resetting the password on your Windows EC2 instance via SSM

I came across and interesting approach recently for resetting a misplaced/undocumented Windows administrator passwords in a reddit post.  This technique is only valid for instances with SSM installed.

“SSM Agent is installed by default on Windows Server 2016 instances and instances created from Windows Server 2003-2012 R2 AMIs published in November 2016 or later.”[source]

As the reddit post suggests, this is a simple process.  Let’s go through it.

First, we’ll go to IAM > Roles > Create Role…

SSM1.png

Select AmazonEC2RoleforSSM, then name your role.

ssm2.png

SSm3.png

Then, we’ll switch back over to the EC2 Console. With the instance selected, we’ll attach the IAM Role.

ssm4.png

ssm7.png

Now, we’ll go to Run Command, select AWS-RunPowerShellScript, select our instance and command:  net user Administrator {password} then click Run.

ssm11.png

ssm15.png

Wait for the Status to say Success, but if you get antsy, go ahead and try your new password…the console is a bit laggy to update sometimes.

ssm13.png

Boom, you’re in! That’s all there is to it.

I should note…As with everything, this could also be done via cmd line with Windows AWS CLI:

aws ssm send-command –document-name “AWS-RunPowerShellScript” –instance-ids “i-0b01ec329736da1cb” –max-concurrency “1” –max-errors “1” –parameters “{\”commands\”:[\”net user Administrator MyNewPassword99**\”],\”executionTimeout\”:[\”3600\”]}” –timeout-seconds 600 –region us-east-1

(If you’re curious, this instance has already been terminated).

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s