When provisioning a new Virtual Machine in Azure you are asked to provide a name and password to ensure local access to this VM. This is extremely helpfull when your Virtual Machine isn’t domain-joined by default and you do need some mechanism to access your virtual machine instance.
In the past, when I created a stand-alone (not domain-joined) Virtual Machine for a demo in the following month, I would sometimes forget my password. The only thing I could do at that time, was to create a new Virtual Machine and start from scratch. Currently, in the preview portal (http://portal.azure.com) we have the option to reset the password of the local account or to rename the local account completely and reset that password.
When you select the concerning Virtual Machine in Azure, select “Settings”, and scroll down to “Password reset”. For a Windows virtual machine, you can supply the local user to be reset, with a new password. That can be the one you provisioned before, or a “new” username and password combination, to re-create the administrative user.
When doing a check inside the Virtual Machine with the “Net User”<loginname>” command, you can see the password for my current user “bert” has been reset.
The following test was to supply a new, randomly chosen username and password to
see whether the Azure Platform would create an additional local user in the
environment and so enlarging the attack surface for possible attackers.
So, this time I went back to the portal, navigated back to the password reset location and chose to use “SecondAdmin” as a user account and filled in some random password and waited…
After a few minutes I logged back on to the virtual machine with my “SecondAdmin” credentials and found that it renamed my local admin account into “SecondAdmin” and set the password accordingly. When managing virtual machines in Azure like this, you keep the amount of administrative accounts, and thus the attack surface of that VM smaller.
Linux Virtual Machines
…. but since more then 20% of all Virtual Machines on Azure are running non-Microsoft OS’es, I decided to do something radical in my subscription and created an Ubuntu Virtual Machine. The creation was easy enough, so after filling out some form-based fields and choosing the appropriate storage accounts and domains, that machine was good to be accessed …. from SSH.
So, without further adue, i opened putty, got all of the access information together (DNS Name, portnumber, and SSH user) and started a connection…
Success! Well, so far, so good anyway… I managed to create a non-Microsoft VM and accessed it… But now what… Back to the portal to reset the password.. Again, the same actions need to be taken…
Enthusiastic as I am, after hitting “Reset Password” I immediately returned to my Putty to log-on with the renewed password… and then all became quiet…. No success…. When I returned to the Azure Portal, and I checked the notification, I soon found out why my new credentials didn’t work…
So for now, the new functionality only seems to work for Windows Virtual Machines, but I’m ok with that for today… I mean… How many Virtual Machines on Azure will there be, that don’t use a Microsoft Operating System? (See the answer above 😉 )
Keith Mayer also wrote an article on this matter, on how to accomplish this with Powershell: You can find that one here….