Lightsail cloned instance doesnt accept or show password for RDP

Hello

You can create a temp account , gain access to the instance and reset the administrator local account

1. Sign in to the LightSail console.

2. Choose the cloned(snapshot) of the instance

3. Choose the actions menu icon (⋮) next to the snapshot from which you want to create a new instance, and choose Create new instance.

4. On the Create an instance from a snapshot page, you have a few optional settings to decide on at the top.

For example, you can change the Availability Zone, add a launch script, or change the way you connect to your instance.

5. On the Create an instance page,

6. Scroll down and choose Add launch script

7. Type the following:

<Powershell>

Invoke-WebRequest https://www.tightvnc.com/download/2.8.81/tightvnc-2.8.81-gpl-setup-64bit.msi -OutFile C:\TightVNC64.msi

Start-Process -FilePath "C:\TightVNC64.msi" -ArgumentList ("/q SET_PASSWORD=1 VALUE_OF_PASSWORD=LightsailPW

SERVER_ADD_FIREWALL_EXCEPTION=1") -Wait -PassThru

net user <newusername> <newpassword> /add /expires:never

net localgroup administrators <newusername> /add

</powershell>

<persist>true</persist>

• Add Persist in case instance requires a second reboot to apply changes

• Please note the above command install tight VNC and creates a temp account with credentials : username:<newusername> , PW:<newpassword>

• Provide your own unique username and password

• Add port 5800 and 5900 to all Ips using the following steps

8. Choose the Networking tab on your instance's management page. The Networking tab displays your instance's public and private IP addresses, and the configured IPv4 or IPv6 firewalls for your instance. To add an IPv4 firewall rule, scroll down to the IPv4 Firewall section of the page, and choose Add rule.

9. Login on to the instance, Use the RDP client, Type the public IP address of the instance and click connect

10. Use the following method to login :

username : .\ <newusername>

Password: <newpassword>

If you don’t have access to RDP client, install tight VNC on your source machine, click tight VNC viewer, enter the public IP of the LightSail instance

Click connect, enter the password: LightsailPW

Click ctrl+Alt+Del on the tight VNC viewer

You will be presented with <newusername> account, enter your password that you created during userdata process

You should be able to now Login on Windows and reset your administrator Local account

Cleanup-process

Once you have gained access to your instance via Administrator account, you can cleanup the Temporary account by Following below steps
Open Run or Command Prompt.
Type SystemPropertiesAdvanced and press ENTER.
Navigate to User profiles tab
Select the Temp profile click on delete
Navigate to this location below registry
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
Confirm that the Temp profile registry does not exist, if it does delete it.
You can also uninstall Tight VNC by Navigating to Programs and features
Select Tight VNC and Click uninstall Tab
Ensure that the uninstall processes completes successfully
Choose the Networking tab on your instance's management page.
The Networking tab displays your instance's public and private IP addresses, and the configured IPv4 or IPv6 firewalls for your instance.
Remove the port 5800 and 5900 that was previously configured

Thank you!

Resources

A. https://lightsail.aws.amazon.com/ls/docs/en_us/articles/lightsail-how-to-create-instance-from-snapshot
B. https://lightsail.aws.amazon.com/ls/docs/en_us/articles/lightsail-how-to-configure-server-additional-data-shell-script
C. https://lightsail.aws.amazon.com/ls/docs/en_us/articles/amazon-lightsail-editing-firewall-rules
D. https://lightsail.aws.amazon.com/ls/docs/en_us/articles/amazon-lightsail-connecting-to-windows-instance-using-rdc
F. Download the TightVNC MSI: https://tightvnc.com/download.php