Playing with the Azure VM agent and changing user on IaaS VM with PowerShell
I am at a Azure training at Microsoft and have been playing a bit with both the portal and PowerShell.
We where talking about the VM agent that is installed on the IaaS VM´s and what functionality it has.
There is a nice and powerful feature that allows you to reset the password for the user from the Azure PowerShell console. The cool part is that you also can change the user on the VM so if you have to take over a Azure IaaS deployment and do not know the username or password for the virtual machines you can change it!
from Keith Mayers blog post I used the PowerShell code and changed both password and username for a user
So first of all in my Windows 2012 R2 I have a user vniklas and I want to change it to Bruno, but as I said above you do not have to know the username that is set inside the VM´s to be able to change it!
And I use PowerShell to set a credential with username and password:
And the following change both user and password, updates the VM and then to actually get it to hit on the VM I need to restart the VM:
And when you then try to use RDP in to the VM you need to use the new password and username and as you can see on the Local Users the account have changed to bruno instead.
Here is the PowerSHell code to get this to work:
$SecurePassword=Convertto-SecureString –String $ClearTextPassword –AsPlainText –force
$adminCredentials=New-object System.Management.Automation.PSCredential $Username,$SecurePassword
$VM = Get-AzureVM -Name vtest -ServiceName rtsvninja001
Set-AzureVMAccessExtension -VM $VM -UserName $adminCredentials.UserName -Password $adminCredentials.GetNetworkCredential().Password -ReferenceName "VMAccessAgent" | Update-AzureVM
Restart-AzureVM -ServiceName $VM.ServiceName -Name $VM.Name
And now as you see that this is so easy you can realize that your Azure subscription account becomes quite important to keep safe and not let anyone get access to it.
May the force be with you!