In simple word changing/resetting windows password is a very simple task using any third party free or paid tools as long as you able to access server console. Even on virtual platform like Hyper-V VMWare you have access to server console, but when it comes to AWS, there is no way to access console of a virtual instances. So, those tools will not work, as those required user input / virtual CD or USB boot, which is not available in AWS.

I have found a solution to reset the password of any AWS windows instance. If you know the local user id, then it will be very easy to reset the password of that account.

You have to perform the following steps.

• First you have to stop the instance.
• Then you have to identify the root volume (/dev/sda1) of that instance. You could get this information using one simple function I wrote (GetInstanceVolumeDetails InstanceID).
  
  GetInstanceVolumeDetails

  function GetInstanceVolumeDetails ([string] $fInstanceID) { $VolumeList = ((Get-EC2Volume).Attachment | where {$_.InstanceId -eq $fInstanceID}).VolumeId $VolumeDetails = @() foreach ($Volume in $VolumeList) { $MyObject = New-Object PSObject -Property @{ VolumeId = $Volume VolumeSize = (Get-EC2Volume $Volume).Size Zone = (Get-EC2Volume $Volume).AvailabilityZone VolumeDevice = ((Get-EC2Volume $Volume).Attachment).Device } $VolumeDetails += $MyObject } $VolumeDetails | Select VolumeId,VolumeDevice,VolumeSize,Zone }

  1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16

  function GetInstanceVolumeDetails ([string] $fInstanceID) {     $VolumeList = ((Get-EC2Volume).Attachment | where {$_.InstanceId -eq $fInstanceID}).VolumeId     $VolumeDetails = @()     foreach ($Volume in $VolumeList)     {             $MyObject = New-Object PSObject -Property @{             VolumeId = $Volume             VolumeSize = (Get-EC2Volume $Volume).Size             Zone = (Get-EC2Volume $Volume).AvailabilityZone             VolumeDevice = ((Get-EC2Volume $Volume).Attachment).Device             }         $VolumeDetails += $MyObject     }     $VolumeDetails | Select VolumeId,VolumeDevice,VolumeSize,Zone }

• Once you identified the root volume, Took a snapshot backup of root volume.
  
• Now you have to dismount this volume and remount it on any other working instance as additional volume.

  

• This volume mounted as G: drive on working instance. Now you have to create one service using srvany.exe (http://support.microsoft.com/kb/137890) to rest the password of Administrator account during system startup. To configure this you have to load up the system registry hive of faulty instance from G:\Windows\System32\Config\SYSTEM as _SYS under HKEY_LOCAL_MACHINE and import the following registry
  Service

  INI

  Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE_SYSControlSet001ServicesPwdReset] "Type"=dword:00000010 "Start"=dword:00000002 "ErrorControl"=dword:00000001 "DisplayName"="PwdReset" "ObjectName"="LocalSystem" "ImagePath"="c:\\srvany.exe" [HKEY_LOCAL_MACHINE_SYSControlSet001ServicesPwdResetParameters] "Application"="c:\\windows\\system32\\cmd.exe" "AppParameters"="/k net user Administrator Password"

  1 2 3 4 5 6 7 8 9 10 11 12 13

  Windows Registry Editor Version 5.00   [HKEY_LOCAL_MACHINE_SYSControlSet001ServicesPwdReset] "Type"=dword:00000010 "Start"=dword:00000002 "ErrorControl"=dword:00000001 "DisplayName"="PwdReset" "ObjectName"="LocalSystem" "ImagePath"="c:\\srvany.exe"   [HKEY_LOCAL_MACHINE_SYSControlSet001ServicesPwdResetParameters] "Application"="c:\\windows\\system32\\cmd.exe" "AppParameters"="/k net user Administrator Password"

• Now placed srvany.exe under G: drive.

Continue reading →