Recover EC2 Windows Password

November 5, 2015 | Comments(1) |

There are scenarios where we lose/forget our windows password and then trying out a way to login to the windows server. This turns out to be critical if it’s an admin credential that is lost. But still there’s a way to reset the password. Here’s how to do this:

Before going through the steps, we assume that you have a running AWS EC2 Windows instance. For resetting the password we require a Linux machine, which we prefer is an Ubuntu Server in the same AZ as your windows instance. This method requires your EC2 windows instance to be taken offline for some time.

Step 1: Make sure that the windows instance is responding to RDP request. Run the command below to check the same:

mstsc /v:ec2-example-instance-dns-name.compute-.amazonaws.com

If it prompts you for credentials, then RDP is running on the instance and is accessible.

RDP_Login

 

 

 

 

 

 

 

 

 

 

Step 2: Stop the windows instance and find and detach the root volume (/dev/sda1) of the same.

Detach_Vol

 

 

 

 

 

 

 

Step 3: Attach this volume to the Ubuntu server and SSH in to the machine.

Attach_Vol

Step 4: List the device name for the volumes attached to the Linux instance. The following command helps you to list those:

cat /proc/partitions

Linux_Partitions

Step 5: Make a directory for the new volume and mount the partition on to it. Replace <volume_name> with the original volume name.

sudo mkdir /volume2

sudo mount /dev/<volume_name> /volume2

mount

Step 6: Change your directory by

cd /volume2/Windows/System32

system32

Step 7: Rename the file Utilman.exe to Utilman.bak by using the following command. Sudo allows the user to execute the command with admin privileges.

sudo mv Utilman.exe Utilman.bak

move

Step 8: Copy the file cmd.exe and paste it there in the name Utilman.exe

sudo cp cmd.exe Utilman.exe

copy

Step 9: Stop the Ubuntu instance, detach this volume and re-attach this to the windows instance with the mount point of /dev/sda1.

Step 10: Start the windows instance, login the username type “guest” with no password.

Guest_Login

 

 

 

 

 

 

 

 

 

 

Step 11: Now in the windows login page, click on the Accessibility icon on the bottom left hand corner. The system opens cmd.exe as SYSTEM account.

lusrmgr

 

 

 

 

 

 

 

Step 12: If the instance is not in the domain controller, type lusrmgr.msc, which will open “Local Users and Groups” window. If it is in some domain type dsa.msc, which will open “Active Directory Users and Groups”.

Change the administrator password from either of the windows that appear. Login with the administrator account to the instance.

Reset_Password

 

 

 

 

 

 

 

Step 13: Once administrator is logged in, go to c:\windows\system32\ and delete Utilman.exe (icon should look like cmd.exe).

Step 14: Find the file named “Utilman.bak” within the same folder and make Administrator as owner of the file. Now assign full control permissions to administrator account. Now rename this file as “Utilman.exe”.

Change_Permissions


One Response to “Recover EC2 Windows Password”

Leave a Reply