Installing the password reset agent on a Windows Server VM
To reset user passwords on Windows Server VMs using Yandex Cloud, install the password reset agent and its updater.
Note
Currently, you cannot reset a password on a Linux VM using Yandex Cloud tools.
To install the agent, use the agent updater. The agent source code is available on GitHub.
To deploy the agent and configure its automatic updates:
-
Download and set up the agent updater:
PowerShell-
Get the number of the updater's latest version:
$YCAgentUpdaterBaseUri = "https://storage.yandexcloud.net/yandexcloud-guestagent-updater" $YCAgentUpdaterVersion = (Invoke-RestMethod "$YCAgentUpdaterBaseUri/release/stable").Trim() -
Download the updater and verify its checksum:
$YCAgentUpdaterDir = "C:\Program Files\Yandex.Cloud\Guest Agent Updater" New-Item -Path $YCAgentUpdaterDir -ItemType "directory" $p = @{ Uri = "$YCAgentUpdaterBaseUri/release/$YCAgentUpdaterVersion/windows/amd64/guest-agent-updater.exe" OutFile = "$YCAgentUpdaterDir\guest-agent-updater.exe" } Invoke-RestMethod @p $YCAgentUpdaterHashOrig = (Invoke-RestMethod "$YCAgentUpdaterBaseUri/release/$YCAgentUpdaterVersion/windows/amd64/guest-agent-updater.exe.sha256").Trim() $YCAgentUpdaterHashCopy = (Get-Filehash -Path "$YCAgentUpdaterDir\guest-agent-updater.exe" -Algorithm SHA256 | Select-Object -ExpandProperty Hash).ToLower() if ($YCAgentUpdaterHashOrig -eq $YCAgentUpdaterHashCopy) { Write-Host "Agent updater checksum verified" } else { Write-Host "Agent updater checksum NOT verified" }Result:
Agent updater checksum verified -
Install the agent:
& $YCAgentUpdaterDir\guest-agent-updater.exe update -
Make sure the agent is installed as a service and the service is running:
Get-Service "yc-guest-agent"Result:
Status Name DisplayName ------ ---- ----------- Running yc-guest-agent yc-guest-agentThe service status must be
Running. -
If the service is not running, run it:
Start-Service "yc-guest-agent"To make sure the service is running, repeat step 4.
-
Set up a job to update the agent weekly at a random time:
$YCAgentUpdaterLogFilepath = "C:\Windows\Temp\guest-agent-updater.log" $p = @{ Execute = 'C:\Windows\System32\cmd.exe' Argument = "/c `"$YCAgentUpdaterDir\guest-agent-updater.exe`" update --log-level debug > $YCAgentUpdaterLogFilepath" } $YCAgentUpdaterAction = New-ScheduledTaskAction @p $RandomWeekdayNumber = Get-Random -Minimum 0 -Maximum 6 $DaysOfWeek = @("Sunday", "Monday", "Tuesday", "Wednesday", "Thursday", "Friday", "Saturday") $RandomWeekday = $DaysOfWeek[$RandomWeekdayNumber] $RandomHour = Get-Random -Minimum 0 -Maximum 23 $RandomMinute = Get-Random -Minimum 0 -Maximum 59 $RandomSecond = Get-Random -Minimum 0 -Maximum 59 $p = @{ Weekly = $true At = ([datetime]::Today).AddHours($RandomHour).AddMinutes($RandomMinute).AddSeconds($RandomSecond) RandomDelay = New-TimeSpan -Hours 24 # with huge random delay DaysOfWeek = $RandomWeekday } $YCAgentUpdaterTrigger = New-ScheduledTaskTrigger @p $YCAgentUpdaterTaskName = "yc-guest-agent-updater" $p = @{ TaskName = $YCAgentUpdaterTaskName Action = $YCAgentUpdaterAction User = 'System' RunLevel = 'Highest' Trigger = $YCAgentUpdaterTrigger } Register-ScheduledTask @p | Out-Null -
Run the job:
Get-ScheduledTask -TaskName $YCAgentUpdaterTaskName | Start-ScheduledTask $Timeout = 30 $Deadline = ([datetime]::Now).AddSeconds($timeout) while ((Get-ScheduledTask $YCAgentUpdaterTaskName).State -ne "Ready") { Start-Sleep -Seconds 1 if ([datetime]::Now -gt $Deadline) { Write-Host "Deadline exceeded" break } }
-