Installing the password reset agent on a Windows Server VM
To reset user passwords on Windows Server VMs using Yandex Cloud, install the password reset agent and its update software.
Note
Currently, you cannot reset a password on a Linux virtual machine using Yandex Cloud tools.
The agent is installed using the agent update software. The agent source code is available on GitHub.
To install the agent and configure its auto update:
-
Download and set up the agent update software:
PowerShell-
Get the software's most recent version number:
$YCAgentUpdaterBaseUri = "https://storage.yandexcloud.net/yandexcloud-guestagent-updater" $YCAgentUpdaterVersion = (Invoke-RestMethod "$YCAgentUpdaterBaseUri/release/stable").Trim() -
Download the software and verify its checksum.
$YCAgentUpdaterDir = "C:\Program Files\Yandex.Cloud\Guest Agent Updater" New-Item -Path $YCAgentUpdaterDir -ItemType "directory" $p = @{ Uri = "$YCAgentUpdaterBaseUri/release/$YCAgentUpdaterVersion/windows/amd64/guest-agent-updater.exe" OutFile = "$YCAgentUpdaterDir\guest-agent-updater.exe" } Invoke-RestMethod @p $YCAgentUpdaterHashOrig = (Invoke-RestMethod "$YCAgentUpdaterBaseUri/release/$YCAgentUpdaterVersion/windows/amd64/guest-agent-updater.exe.sha256").Trim() $YCAgentUpdaterHashCopy = (Get-Filehash -Path "$YCAgentUpdaterDir\guest-agent-updater.exe" -Algorithm SHA256 | Select-Object -ExpandProperty Hash).ToLower() if ($YCAgentUpdaterHashOrig -eq $YCAgentUpdaterHashCopy) { Write-Host "Agent updater checksum verified" } else { Write-Host "Agent updater checksum NOT verified" }Result:
Agent updater checksum verified -
Install the agent:
& $YCAgentUpdaterDir\guest-agent-updater.exe update -
Make sure the agent is installed as a service and that the service is running:
Get-Service "yc-guest-agent"Result:
Status Name DisplayName ------ ---- ----------- Running yc-guest-agent yc-guest-agentThe service status must be
Running. -
If the service is not running, run it:
Start-Service "yc-guest-agent"To verify that the service is running, repeat step 4.
-
Configure a job to update the agent weekly at a random time.
$YCAgentUpdaterLogFilepath = "C:\Windows\Temp\guest-agent-updater.log" $p = @{ Execute = 'C:\Windows\System32\cmd.exe' Argument = "/c `"$YCAgentUpdaterDir\guest-agent-updater.exe`" update --log-level debug > $YCAgentUpdaterLogFilepath" } $YCAgentUpdaterAction = New-ScheduledTaskAction @p $RandomWeekdayNumber = Get-Random -Minimum 0 -Maximum 6 $DaysOfWeek = @("Sunday", "Monday", "Tuesday", "Wednesday", "Thursday", "Friday", "Saturday") $RandomWeekday = $DaysOfWeek[$RandomWeekdayNumber] $RandomHour = Get-Random -Minimum 0 -Maximum 23 $RandomMinute = Get-Random -Minimum 0 -Maximum 59 $RandomSecond = Get-Random -Minimum 0 -Maximum 59 $p = @{ Weekly = $true At = ([datetime]::Today).AddHours($RandomHour).AddMinutes($RandomMinute).AddSeconds($RandomSecond) RandomDelay = New-TimeSpan -Hours 24 # with huge random delay DaysOfWeek = $RandomWeekday } $YCAgentUpdaterTrigger = New-ScheduledTaskTrigger @p $YCAgentUpdaterTaskName = "yc-guest-agent-updater" $p = @{ TaskName = $YCAgentUpdaterTaskName Action = $YCAgentUpdaterAction User = 'System' RunLevel = 'Highest' Trigger = $YCAgentUpdaterTrigger } Register-ScheduledTask @p | Out-Null -
Run the job:
Get-ScheduledTask -TaskName $YCAgentUpdaterTaskName | Start-ScheduledTask $Timeout = 30 $Deadline = ([datetime]::Now).AddSeconds($timeout) while ((Get-ScheduledTask $YCAgentUpdaterTaskName).State -ne "Ready") { Start-Sleep -Seconds 1 if ([datetime]::Now -gt $Deadline) { Write-Host "Deadline exceeded" break } }
-