As mentioned earlier, we could reset the local admin password of windows instances via registry, but unfortunately that will not going to help us if we forget the user id details or we renamed the user id. And the good news is, we still will be able to logon into the system by creating one new Admin Account using AWS User Data. This process is very simple as described bellow.
- You have to re-attached the root volume of faulty system to a working AWS instances.
- Now, you have to use EC2Rescue to enable user data (Ec2HandelUserData), which will execute a script on next boot. (*This could be done by editing config.xml file of EC2Config)
- Once done, you have to re-attach the volume to the original system as root (/dev/sda1) volume.
- Now, from AWS EC2 Console, you have to select the server and edit the User Data before starting the server and add the following PowerShell script. This script will create a Admin Account called βMyAdminXβ with the password β!!4SJKAHGYWMd4!!β on first boot and you will be able to logon to the server using this new account.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
<powershell> $Name="MyAdminX" $Computer = [ADSI]"WinNT://$Env:COMPUTERNAME,Computer" $LocalAdmin = $Computer.Create("User", $Name) $LocalAdmin.SetPassword("!!4SJKAHGYWMd4!!") $LocalAdmin.SetInfo() $LocalAdmin.FullName = $Name $LocalAdmin.SetInfo() $LocalAdmin.Description = "Admin Account created using User Data" $LocalAdmin.SetInfo() $LocalAdmin.UserFlags = 64 + 65536 # ADS_UF_PASSWD_CANT_CHANGE + ADS_UF_DONT_EXPIRE_PASSWD $LocalAdmin.SetInfo() $AdminGroup = [ADSI]"WinNT://$Env:COMPUTERNAME/Administrators,group" $User = [ADSI]"WinNT://$Env:COMPUTERNAME/$Name,User" $AdminGroup.Add($User.Path) </powershell> |
Β
I hope this will be helpful for you.
Licensed under CC BY-ND 4.0 International
RedSun: New Microsoft Defender Zero-Day Lets Unprivileged Users Gain SYSTEM Access
A freshly disclosed zero-day vulnerability in Microsoft Defender, dubbed "RedSun," has raisedβ¦
One-Click RCE in Azure Windows Admin Center: what happened and what you need to do
Windows Admin Center (WAC) is a convenient, browser-based management hub for administratorsβ¦
Microsoft Confirms Reboot Loops on Windows Server 2025 After April Patch KB5082063
Microsoft has confirmed a critical stability problem affecting some Windows Server 2025β¦
Windows Secure Boot: A practical playbook for certificates expiring in 2026
Microsoftβs Secure Boot certificates issued in 2011 are approaching their expiration windowβ¦
So useful in such a hurry, simple and elegant; THANKS