Enable Windows Administrator via EC2 Console

Funnily enough I had a very similar issue today with a client. Abhiesket answer is a method, but quite a brutal one and last resort. There are 3 easier ways to achieve this. My 3 options below are zero downtime also.

1. I believe in windows if you can directly RDP to the server it will prompt you to change the password when you logon. If your using SSM for RDP, i dont think you will get the option, however you can RDP tunnel direct to the box via SSM and should get the password change prompt.

2. How I reset the password was in Fleet manager (So long as SSM Agent is running), selected the Instance, clicked Node Action and Reset password. I then had to enter the username of the password I wanted to reset. Here I was give a black Dos like box to type in a new password.. Press Enter and retype again to confirm. After this the password was reset and we were able to log in. The PRE-Req is to have SSM Session manger configured with a KMS Key. https://docs.aws.amazon.com/systems-manager/latest/userguide/managed-instances-password-reset.html

3. Failing that, the other option is to run the AWSSupport-RunEC2RescueForWindowsTool SSM Command. This needs a little more work by granting access to Parameter store to the instance so that its newly generated password is stored so that you can see the self generated password

Option 3 and the method that is mentioned in the other answer resets the locks admin password. I’m not 100% sure if it enables the admin account also.

In the situation where the Administrator account is disabled on an EC2 Windows instance and the user account's password has expired, you can try the following steps to regain access:

1. Connect to the EC2 Windows instance using EC2 Instance Connect or AWS Systems Manager Session Manager, if they are enabled for your instance. This will allow you to access the instance without relying on RDP.
2. If you have administrative privileges on the instance, you can enable the Windows Administrator account using the following command in an elevated Command Prompt or PowerShell session: net user administrator /active:yes
3. Alternatively, you can reset the password for the user account remotely by using the "net user" command. Run the following command, replacing "username" with the actual username of the account: net user username new_password Make sure to use a strong password that meets the complexity requirements set by your password policy.
4. If you are unable to connect using EC2 Instance Connect or AWS Systems Manager Session Manager and you don't have access to the Administrator account, you may need to follow the steps mentioned in the AWS documentation to reset the user password. This usually involves creating a new EC2 instance from a snapshot of the original instance's volume, modifying the necessary system files, and then attaching the modified volume back to the original instance. It's important to ensure that you have proper backups and take necessary precautions when modifying system files to avoid any data loss or unintended consequences.

You can also check this this one for automatic reset, https://docs.aws.amazon.com/AWSEC2/latest/WindowsGuide/ResettingAdminPassword.html.

Could you please see, if this Document helps.

I've got myself out of something similar situation.