How can I reset the administrator password on a Microsoft Windows Server instance in Amazon EC2?

If you've lost the password for the Administrator account for your Windows Server instance, or if the password has expired, you can reset the password using these methods:

  • Amazon EC2 Systems Manager (SSM)
  • Amazon EC2Rescue
  • Amazon EC2 configuration service (EC2Config/EC2Launch)

Note: If you have disabled the local Administrator account, you cannot reset the password using the methods described in this article. In that case, you can contact Support for assistance.


You can reset the admin password with SSM by using the RunCommand instance management feature. You need these prerequisites to reset the password for a Windows Server instance using the Amazon EC2 Systems Manager:

  • Instance must have Internet access (for SSM) using a public IP address or NAT.
  • SSM agent must be installed on the instance. The SSM agent is installed by default on Windows Server 2016 instances and instances created from Windows Server 2003-2012 R2 AMIs published in November 2016 or later. For more information, see Installing SSM Agent on Windows.

If you satisfy these requirements, follow these steps:

  1. In the Amazon IAM Console, in the navigation pane, choose Roles, Create new role, choose Amazon EC2 Role for Simple Systems Manager, and then choose Select.
  2. Under Policy Name, check AmazonEC2RoleforSSM, Next Step, enter a Role name that is meaningful to you (for example, AdminPWReset), choose Create Role, and then follow the instructions to attach an IAM Role to an Instance.
  3. In the EC2 console, in the navigation pane under Systems Manager Services, choose Run Command.
  4. Choose Run a command, and for Command document choose AWS-RunPowerShellScript.
  5. In Select Targets by, choose Manually Selecting Instances, choose Select Instances, and then choose Run. It may take up to 5 minutes for the SSM agent on the instance to register with the service.
  6. In the Commands input, type 'net user Administrator /active:yes'. Depending on your group policies, your password complexity settings might not allow simple passwords; choose a combination of letters, including capitals, numbers, and special characters.
  7. Choose Run.
  8. After the command has executed successfully, confirm the outcome by checking the Output tab.

The Administrator password has been reset; you should be able to connect to the instance using the new password.


Note: Requires Windows Server 2008 R2 or later. For more information, see How can I use EC2Rescue to troubleshoot and fix common issues on my EC2 Windows instance?

If you want to regenerate the Administrator password at next boot, you can enable EC2SetPassword using EC2Rescue:

  • Choose Diagnose and Rescue. The EC2Config section shows the current Ec2SetPassword setting. Choose Next.
  • In Detect possible issues, select the Ec2SetPassword checkbox, and then choose Next.


You need these prerequisites to reset the password for a Windows Server instance using the Amazon EC2 configuration service:

  • The EC2Config is installed on the instance whose password is to be reset. By default, the EC2Config service is included in AMIs for Windows Server 2003 through Windows Server 2012 R2, or you can download it. For more information, see Installing the Latest Version of EC2Config.
    Note: EC2Launch replaces EC2Config on Windows Server 2016 AMIs. For more information, see Configuring a Windows Instance Using EC2Launch.
  • A running Windows Server instance that you can log into in the same Availability Zone as the instance whose password you want to reset.

If you can satisfy these prerequisites, you can follow the detailed steps at Resetting an Administrator Password That's Lost or Expired in the Amazon EC2 Windows User Guide.

Did this page help you? Yes | No

Back to the AWS Support Knowledge Center

Need help? Visit the AWS Support Center

Published: 2014-07-03

Updated: 2017-07-21