1

Win2012 Lost Trust Relationship issue can easily be fixed in following situations:

  • You have physical access to the server to provide Windows Recovery Disk
  • You have Local Credential to log in and fix using netdom.exe command
  • You have access to remote prompt (I don't know how since it's off of domain) you can issue netdom.exe command via enter-pssession powershell command

But what if you are in AWS environment where you have no physical access and the Policy has disabled all local accounts. The only thing I can do is get the root volume and manipulate it. I've tried (and failed):

  • Loading Registry hives from the volume and editing all presence of domain names to WORKGROUP
  • Deleted \windows\system32\Group* folders
  • Edited \ec2config's config.xml to accept User Data to boot strap the server to
    <powershell> rename-computer -computername test add-computer -workgroupname WORKGROUP invoke-gpupdate </powershell>
  • I also tried locking down a Security Group to permit only my RDP access and no outbound connection to simulate disconnected network state and perhaps let me log in using cached credential.

The question and only action remaining is how do I edit server's policy to permit local login by editing Registry or system file? Or did I miss another vector?

References:

Hyon
  • 111
  • 1
  • 2

1 Answers1

1

That is quite an interesting challenge and ultimately a great learning experience. But, rather than encourage you to waste potentially valuable time trying to solve this issue, I would refer you to official AWS documentation:

https://aws.amazon.com/premiumsupport/knowledge-center/reset-admin-password/

Note: If you have disabled the local Administrator account, you cannot reset the password using the methods described in this article. In that case, you can contact Support for assistance.

I guarantee you you're not the first to do this. It's probably a 5 minute fix for them.

Appleoddity
  • 3,290
  • 2
  • 10
  • 27