Yandex Cloud
Search
Contact UsGet started
  • Blog
  • Pricing
  • Documentation
  • All Services
  • System Status
    • Featured
    • Infrastructure & Network
    • Data Platform
    • Containers
    • Developer tools
    • Serverless
    • Security
    • Monitoring & Resources
    • AI Studio
    • Business tools
  • All Solutions
    • By industry
    • By use case
    • Economics and Pricing
    • Security
    • Technical Support
    • Customer Stories
    • Start testing with double trial credits
    • Cloud credits to scale your IT product
    • Gateway to Russia
    • Cloud for Startups
    • Education and Science
    • Yandex Cloud Partner program
  • Blog
  • Pricing
  • Documentation
© 2025 Direct Cursus Technology L.L.C.
Yandex Compute Cloud
  • Yandex Container Solution
    • Resource relationships
      • Overview
      • Platforms
      • vCPU performance levels
      • Preemptible VMs
      • VM network interfaces
      • Software-accelerated network
      • Live migration
      • Placement groups
      • Statuses
      • VM maintenance policies
      • Resetting Windows VM passwords
    • Graphics processing units (GPUs)
    • Images
    • Dedicated host
    • Reserved instance pools
    • Encryption
    • Backups
    • Quotas and limits
  • Access management
  • Pricing policy
  • Terraform reference
  • Monitoring metrics
  • Audit Trails events
  • Release notes
  1. Concepts
  2. Virtual machines
  3. Resetting Windows VM passwords

Password reset agent on Windows Server VMs

Written by
Yandex Cloud
Updated at February 12, 2025

Yandex Cloud provides agents, which are a special kind of software that runs as a Windows Server service for password resets on Windows Server VMs. An agent generates a new VM user password and securely delivers it to the Yandex Cloud user that requested a password reset. For a detailed description of how agents work, see below.

The password reset agent and agent update software are part of standard Windows Server images. If you are using a custom image, follow this guide to install the password reset agent and its update software.

Note

Currently, you cannot reset a password on a Linux VM using Yandex Cloud tools.

The following items are required to reset passwords using an agent:

  • The compute.admin service role, the editor primitive role, or any other role that inherits all permissions of these two. For more information about roles, see Access management in Compute Cloud.

  • VM with the RUNNING status.

Agent runtime logs, including status messages generated every minute, are available on serial port 4 (COM4).

How an agent resets a passwordHow an agent resets a password

When a Yandex Cloud user requests a password reset:

  1. On the user side (in a browser, if the reset is requested in the management console or through PowerShell), the RSA algorithm is used to generate a public-private key pair. A request containing the public key and the VM username, for which the password is to be reset, is sent to the agent over an HTTPS connection.

  2. The agent on the VM performs the following:

    • Obtains and verifies user request.
    • Generates a new password.
    • Creates a new user with administrator access, if a user with the specified name does not exist.
    • Assigns the generated password to the VM user.
    • Encrypts the password with the public key received in the request.
    • Sends the password to the Yandex Cloud user over an HTTPS connection.
  3. On the user side, the received password is decrypted with the private key and displayed in the management console or PowerShell.

See alsoSee also

  • Resetting a VM user password
  • Verifying agent operation
  • Installing the agent
  • Deleting the agent

Was the article helpful?

Previous
VM maintenance policies
Next
Overview
© 2025 Direct Cursus Technology L.L.C.