{"id":3841,"date":"2015-11-05T12:15:14","date_gmt":"2015-11-05T12:15:14","guid":{"rendered":"http:\/\/blog.cloudthat.com\/?p=3841"},"modified":"2024-06-25T11:13:13","modified_gmt":"2024-06-25T11:13:13","slug":"recover-ec2-windows-password","status":"publish","type":"blog","link":"https:\/\/www.cloudthat.com\/resources\/blog\/recover-ec2-windows-password","title":{"rendered":"Recover EC2 Windows Password"},"content":{"rendered":"

There are scenarios where we lose\/forget our windows password and then trying out a way to login to the windows server. This turns out to be critical if it\u2019s an admin credential that is lost. But still there\u2019s a way to reset the password.<\/p>\n

Here\u2019s how to do this:<\/h2>\n

Before going through the steps, we assume that you have a running AWS EC2 Windows instance. For resetting the password we require a Linux machine, which we prefer is an Ubuntu Server in the same AZ as your windows instance. This method requires your EC2 windows instance to be taken offline for some time.<\/p>\n

<\/p>\n

Step 1:<\/strong> Make sure that the windows instance is responding to RDP request. Run the command below to check the same:<\/p>\n

mstsc \/v:ec2-example-instance-dns-name.compute-.amazonaws.com<\/b><\/p>\n

If it prompts you for credentials, then RDP is running on the instance and is accessible.<\/p>\n

\"RDP_Login\"<\/a><\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

Step 2:<\/strong> Stop the windows instance and find and detach the root volume (\/dev\/sda1) of the same.<\/p>\n

\"Detach_Vol\"<\/a><\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

Step 3:<\/strong> Attach this volume to the Ubuntu server and SSH in to the machine.<\/p>\n

\"Attach_Vol\"<\/a><\/p>\n

Step 4:<\/strong> List the device name for the volumes attached to the Linux instance. The following command helps you to list those:<\/p>\n

cat \/proc\/partitions<\/strong><\/p>\n

\"Linux_Partitions\"<\/a><\/p>\n

Step 5:<\/strong> Make a directory for the new volume and mount the partition on to it. Replace <volume_name> with the original volume name.<\/p>\n

sudo mkdir \/volume2<\/b><\/p>\n

sudo mount \/dev\/<volume_name> \/volume2<\/b><\/p>\n

\"mount\"<\/a><\/p>\n

Step 6:<\/strong> Change your directory by<\/p>\n

cd \/volume2\/Windows\/System32<\/b><\/p>\n

\"system32\"<\/a><\/p>\n

Step 7:<\/strong> Rename the file Utilman.exe to Utilman.bak by using the following command. Sudo allows the user to execute the command with admin privileges.<\/p>\n

sudo mv Utilman.exe Utilman.bak<\/b><\/p>\n

\"move\"<\/a><\/p>\n

Step 8:<\/strong> Copy the file cmd.exe and paste it there in the name Utilman.exe<\/p>\n

sudo cp cmd.exe Utilman.exe<\/b><\/p>\n

\"copy\"<\/a><\/p>\n

Step 9:<\/strong> Stop the Ubuntu instance, detach this volume and re-attach this to the windows instance with the mount point of \/dev\/sda1.<\/p>\n

Step 10:<\/strong> Start the windows instance, login the username type \u201cguest\u201d with no password.<\/p>\n

\"Guest_Login\"<\/a><\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

Step 11:<\/strong> Now in the windows login page, click on the Accessibility icon on the bottom left hand corner. The system opens cmd.exe as SYSTEM account.<\/p>\n

\"lusrmgr\"<\/a><\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

Step 12:<\/strong> If the instance is not in the domain controller, type lusrmgr.msc, which will open \u201cLocal Users and Groups\u201d window. If it is in some domain type dsa.msc, which will open \u201cActive Directory Users and Groups\u201d.<\/p>\n

Change the administrator password from either of the windows that appear. Login with the administrator account to the instance.<\/p>\n

\"Reset_Password\"<\/a><\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

 <\/p>\n

Step 13:<\/strong> Once administrator is logged in, go to c:\\windows\\system32\\ and delete Utilman.exe (icon should look like cmd.exe).<\/p>\n

Step 14:<\/strong> Find the file named \u201cUtilman.bak\u201d within the same folder and make Administrator as owner of the file. Now assign full control permissions to administrator account. Now rename this file as \u201cUtilman.exe\u201d.<\/p>\n

\"Change_Permissions\"<\/a><\/p>\n","protected":false},"author":219,"featured_media":0,"parent":0,"comment_status":"open","ping_status":"open","template":"","blog_category":[3606,3818],"user_email":"prarthitm@cloudthat.com","published_by":"324","primary-authors":"","secondary-authors":"","acf":[],"_links":{"self":[{"href":"https:\/\/www.cloudthat.com\/resources\/wp-json\/wp\/v2\/blog\/3841"}],"collection":[{"href":"https:\/\/www.cloudthat.com\/resources\/wp-json\/wp\/v2\/blog"}],"about":[{"href":"https:\/\/www.cloudthat.com\/resources\/wp-json\/wp\/v2\/types\/blog"}],"author":[{"embeddable":true,"href":"https:\/\/www.cloudthat.com\/resources\/wp-json\/wp\/v2\/users\/219"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cloudthat.com\/resources\/wp-json\/wp\/v2\/comments?post=3841"}],"version-history":[{"count":1,"href":"https:\/\/www.cloudthat.com\/resources\/wp-json\/wp\/v2\/blog\/3841\/revisions"}],"predecessor-version":[{"id":41903,"href":"https:\/\/www.cloudthat.com\/resources\/wp-json\/wp\/v2\/blog\/3841\/revisions\/41903"}],"wp:attachment":[{"href":"https:\/\/www.cloudthat.com\/resources\/wp-json\/wp\/v2\/media?parent=3841"}],"wp:term":[{"taxonomy":"blog_category","embeddable":true,"href":"https:\/\/www.cloudthat.com\/resources\/wp-json\/wp\/v2\/blog_category?post=3841"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}