Password reset agent on Windows Server VMs
Nebius Israel provides agents, which are a special kind of software that runs as a Windows Server service for password resets on Windows Server VMs. An agent generates a new VM user password and securely delivers it to the Nebius Israel user that requested a password reset. For a detailed description of how agents work, see below.
The password reset agent and agent update software are part of standard Windows Server images. If you are using a custom image, follow this guide to install the password reset agent and its update software.
Currently, you cannot reset a password on a Linux virtual machine using Nebius Israel tools.
The following items are required to reset passwords using an agent:
compute.adminservice role, the
editorprimitive role, or any other role that inherits all permissions of these two. For more information about roles, see Access management in Compute Cloud.
Running VM (with the
Agent runtime logs, including status messages generated every minute, are available on serial port 4 (COM4).
How an agent resets a password
When a Nebius Israel user requests a password reset:
On the user side (in a browser, if the reset is requested in the management console or through PowerShell), the RSA algorithm is used to generate a public-private key pair. A request containing the public key and the VM username, for which the password is to be reset, is sent to the agent over an HTTPS connection.
The agent on the VM performs the following:
- Obtains and verifies user request.
- Generates a new password.
- Creates a new user with administrator access, if a user with the specified name does not exist.
- Assigns the generated password to the VM user.
- Encrypts the password with the public key received in the request.
- Sends the password to the Nebius Israel user over an HTTPS connection.
On the user side, the received password is decrypted with the private key and displayed in the management console or PowerShell.