Menu
Amazon Elastic Compute Cloud
User Guide for Windows Instances

Resetting a Windows Administrator Password Using EC2Launch

If you have lost your Windows Administrator password and are using a Windows Server 2016 AMI, you can use the EC2Rescue tool which utlizes the EC2Launch service to generate a new password.

Note

If you are using a Windows Server AMI prior to Windows Server 2016, see Resetting a Windows Administrator Password using EC2Config for Administrator password reset steps.

Resetting a Windows Administrator password using EC2Rescue

  1. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

  2. In the navigation pane, choose Instances and then choose the instance that needs a password reset. (This instance is referred to as the original instance in this procedure.)

  3. Choose Actions, Instance State, Stop. Wait until your instance is in a stopped state before continuing to the next step.

    Warning

    When you stop an instance, the data on any instance store volumes is erased. Therefore, if you have any data on instance store volumes that you want to keep, be sure to back it up to persistent storage.

  4. (Optional) If you do not have the original key pair (the .pem file that was used to create this instance), complete the following steps to create an AMI of this instance (a copy of the original) and redeploy the instance using a known or a new key pair. If you have the key pair, you can skip to the next step.

    1. In the EC2 console, choose the instance that needs a new key pair, and then choose Actions, Image, Create Image.

    2. Type a name and a description for the instance and choose Create Image.

    3. In the Create Image page, choose View pending image ami-ID. When the status of the new AMI shows available, choose Instances in the navigation pane, and then choose the original instance.

    4. Choose Actions, Launch More Like This. The Instance Launch Wizard opens. The wizard is pre-populated with the setup specifications used to create the original instance, including the same VPC, subnet, and availability zone, but it is not pre-populated to use the AMI you just created.

    5. In the top navigation bar of the wizard, choose 1. Choose AMI.

    6. Choose My AMIs, clear the pre-populated filter, then locate the AMI you created earlier. Choose Select.

      
                                AMI selection wizard
    7. In the You selected a different AMI page, choose Yes, I want to continue with this AMI, and then choose Next.

    8. In the top navigation bar of the wizard, choose 7. Review, and then choose Launch.

    9. In the Select an existing key pair or create a new key pair page, choose a key pair that you can access or create a new key pair.

    10. Choose the I acknowledge... option, and then choose Launch.

    Important

    For the remainder of this procedure, all references to the original instance apply to this instance that you just created. You can stop or terminate the old instance. If you do not stop or terminate the old instance, you might incur charges.

  5. In the Amazon EC2 console, choose Instances and launch a temporary Windows instance in the same availability zone as the original instance. (This instance is referred to as the temporary instance in this procedure.)

    Warning

    If your temporary instance is based on the same AMI that the original instance is based on, and the operating system is later than Windows Server 2003, you must complete additional steps or you won't be able to boot the original instance after you restore its root volume because of a disk signature collision. Alternatively, select a different AMI for the temporary instance. For example, if the original instance uses the AWS Windows AMI for Windows Server 2008 R2, launch the temporary instance using the AWS Windows AMI for Windows Server 2012 or Windows Server 2003. (To find an AMI for Windows Server 2003, search for an AMI using the name Windows_Server-2003-R2_SP2.)

  6. From the temporary instance, download the EC2Rescue for Windows Server tool and extract the files.

  7. Detach the root volume from the original instance as follows:

    1. On the Description pane of the original instance, note the EBS ID of the volume listed as the Root device.

    2. In the navigation pane, choose Volumes.

    3. In the list of volumes, select the volume, and then choose Actions, Detach Volume. After the volume's status changes to available, proceed with the next step.

  8. Attach the volume to the temporary instance as a secondary volume as follows:

    1. Choose Actions, Attach Volume.

    2. In the Attach Volume dialog box, start typing the name or ID of your temporary instance in the Instances field, and then select it from the list of suggested options.

    3. In the Device box, type xvdf (if it isn't already there), and then choose Attach.

  9. Connect to the temporary instance and use the EC2Rescue for Windows Server tool to reset the Administrator password as follows:

    1. On the EC2Rescue for Windows Server tool, choose Offline instance.

    2. Select the disk of the newly mounted volume and choose Next.

    3. Confirm the disk selection and choose Yes.

    4. Choose Diagnose and Rescue.

    5. On the Summary dialog box, review the information and choose Next.

    6. On the Detected possible issues dialog box, select Reset Administrator Password and choose Next.

    7. Choose Rescue, confirm the selection, and then choose Next.

    8. Choose Finish to complete the process.

  10. Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.

  11. Detach the root volume from the temporary instance as follows:

    1. On the Description pane of the original instance, note the EBS ID of the volume listed as the Root device.

    2. In the navigation pane, choose Volumes.

    3. In the list of volumes, select the volume, and then choose Actions, Detach Volume. After the volume's status changes to available, proceed with the next step.

  12. Reattach the volume to the original instance as follows:

    1. Choose Actions, Attach Volume.

    2. In the Attach Volume dialog box, start typing the name or ID of your original instance in the Instances field, and then select it from the list of suggested options.

    3. In the Device box, type /dev/sda1 and then choose Attach. Wait until the volume is in an in-use state before continuing to the next step.

  13. In the navigation pane, choose Instances and then choose the original instance.

  14. Choose Actions, Instance State, Start. Wait until your instance is in a running state before continuing to the next step.

  15. Retrieve your new Windows Administrator password. See Connecting to Your Windows Instance for details.