Installing the password reset agent on a Windows Server VM
To reset user passwords on Windows Server VMs using Yandex Cloud, install the password reset agent and its update software.
Note
Currently, you cannot reset a password on a Linux virtual machine using Yandex Cloud tools.
The agent is installed using the agent update software.
To install the agent and configure its auto update:
-
Download and set up the agent update software:
PowerShell-
Get the software's most recent version number:
$YCAgentUpdaterBaseUri = "https://storage.yandexcloud.net/yandexcloud-guestagent-updater" $YCAgentUpdaterVersion = (Invoke-RestMethod "$YCAgentUpdaterBaseUri/release/stable").Trim()
-
Download the software and verify its checksum.
$YCAgentUpdaterDir = "C:\Program Files\Yandex.Cloud\Guest Agent Updater" New-Item -Path $YCAgentUpdaterDir -ItemType "directory" $p = @{ Uri = "$YCAgentUpdaterBaseUri/release/$YCAgentUpdaterVersion/windows/amd64/guest-agent-updater.exe" OutFile = "$YCAgentUpdaterDir\guest-agent-updater.exe" } Invoke-RestMethod @p $YCAgentUpdaterHashOrig = (Invoke-RestMethod "$YCAgentUpdaterBaseUri/release/$YCAgentUpdaterVersion/windows/amd64/guest-agent-updater.exe.sha256").Trim() $YCAgentUpdaterHashCopy = (Get-Filehash -Path "$YCAgentUpdaterDir\guest-agent-updater.exe" -Algorithm SHA256 | Select-Object -ExpandProperty Hash).ToLower() if ($YCAgentUpdaterHashOrig -eq $YCAgentUpdaterHashCopy) { Write-Host "Agent updater checksum verified" } else { Write-Host "Agent updater checksum NOT verified" }
Result:
Agent updater checksum verified
-
Install the agent:
& $YCAgentUpdaterDir\guest-agent-updater.exe update
-
Make sure the agent is installed as a service and that the service is running:
Get-Service "yc-guest-agent"
Result:
Status Name DisplayName ------ ---- ----------- Running yc-guest-agent yc-guest-agent
The service status must be
Running
. -
If the service is not running, run it:
Start-Service "yc-guest-agent"
To verify that the service is running, repeat step 4.
-
Configure a job to update the agent weekly at a random time.
$YCAgentUpdaterLogFilepath = "C:\Windows\Temp\guest-agent-updater.log" $p = @{ Execute = 'C:\Windows\System32\cmd.exe' Argument = "/c `"$YCAgentUpdaterDir\guest-agent-updater.exe`" update --log-level debug > $YCAgentUpdaterLogFilepath" } $YCAgentUpdaterAction = New-ScheduledTaskAction @p $RandomWeekdayNumber = Get-Random -Minimum 0 -Maximum 6 $DaysOfWeek = @("Sunday", "Monday", "Tuesday", "Wednesday", "Thursday", "Friday", "Saturday") $RandomWeekday = $DaysOfWeek[$RandomWeekdayNumber] $RandomHour = Get-Random -Minimum 0 -Maximum 23 $RandomMinute = Get-Random -Minimum 0 -Maximum 59 $RandomSecond = Get-Random -Minimum 0 -Maximum 59 $p = @{ Weekly = $true At = ([datetime]::Today).AddHours($RandomHour).AddMinutes($RandomMinute).AddSeconds($RandomSecond) RandomDelay = New-TimeSpan -Hours 24 # with huge random delay DaysOfWeek = $RandomWeekday } $YCAgentUpdaterTrigger = New-ScheduledTaskTrigger @p $YCAgentUpdaterTaskName = "yc-guest-agent-updater" $p = @{ TaskName = $YCAgentUpdaterTaskName Action = $YCAgentUpdaterAction User = 'System' RunLevel = 'Highest' Trigger = $YCAgentUpdaterTrigger } Register-ScheduledTask @p | Out-Null
-
Run the job:
Get-ScheduledTask -TaskName $YCAgentUpdaterTaskName | Start-ScheduledTask $Timeout = 30 $Deadline = ([datetime]::Now).AddSeconds($timeout) while ((Get-ScheduledTask $YCAgentUpdaterTaskName).State -ne "Ready") { Start-Sleep -Seconds 1 if ([datetime]::Now -gt $Deadline) { Write-Host "Deadline exceeded" break } }
-