AWS, Windows

3 Mins Read

Recover EC2 Windows Password

There are scenarios where we lose/forget our windows password and then trying out a way to login to the windows server. This turns out to be critical if it’s an admin credential that is lost. But still there’s a way to reset the password.

Here’s how to do this:

Before going through the steps, we assume that you have a running AWS EC2 Windows instance. For resetting the password we require a Linux machine, which we prefer is an Ubuntu Server in the same AZ as your windows instance. This method requires your EC2 windows instance to be taken offline for some time.

Step 1: Make sure that the windows instance is responding to RDP request. Run the command below to check the same:

mstsc /

If it prompts you for credentials, then RDP is running on the instance and is accessible.












Step 2: Stop the windows instance and find and detach the root volume (/dev/sda1) of the same.









Step 3: Attach this volume to the Ubuntu server and SSH in to the machine.


Step 4: List the device name for the volumes attached to the Linux instance. The following command helps you to list those:

cat /proc/partitions


Step 5: Make a directory for the new volume and mount the partition on to it. Replace <volume_name> with the original volume name.

sudo mkdir /volume2

sudo mount /dev/<volume_name> /volume2


Step 6: Change your directory by

cd /volume2/Windows/System32


Step 7: Rename the file Utilman.exe to Utilman.bak by using the following command. Sudo allows the user to execute the command with admin privileges.

sudo mv Utilman.exe Utilman.bak


Step 8: Copy the file cmd.exe and paste it there in the name Utilman.exe

sudo cp cmd.exe Utilman.exe


Step 9: Stop the Ubuntu instance, detach this volume and re-attach this to the windows instance with the mount point of /dev/sda1.

Step 10: Start the windows instance, login the username type “guest” with no password.












Step 11: Now in the windows login page, click on the Accessibility icon on the bottom left hand corner. The system opens cmd.exe as SYSTEM account.









Step 12: If the instance is not in the domain controller, type lusrmgr.msc, which will open “Local Users and Groups” window. If it is in some domain type dsa.msc, which will open “Active Directory Users and Groups”.

Change the administrator password from either of the windows that appear. Login with the administrator account to the instance.









Step 13: Once administrator is logged in, go to c:\windows\system32\ and delete Utilman.exe (icon should look like cmd.exe).

Step 14: Find the file named “Utilman.bak” within the same folder and make Administrator as owner of the file. Now assign full control permissions to administrator account. Now rename this file as “Utilman.exe”.





  1. Ayoub

    Apr 4, 2016


    It’s interesting … Thanks !

  2. Click to Comment

Get The Most Out Of Us

Our support doesn't end here. We have monthly newsletters, study guides, practice questions, and more to assist you in upgrading your cloud career. Subscribe to get them all!