脱机重置 Azure VM 的本地 Windows 密码Reset local Windows password for Azure VM offline

如果已安装 Azure 来宾代理,可以使用 Azure 门户或 Azure PowerShell 重置 Azure 中 VM 的本地 Windows 密码。You can reset the local Windows password of a VM in Azure using the Azure portal or Azure PowerShell provided the Azure guest agent is installed. 此方法是重置 Azure VM 密码的主要方法。This method is the primary way to reset a password for an Azure VM. 如果遇到了 Azure 来宾代理无响应的问题,或者上传自定义映像后无法安装,可以手动重置 Windows 密码。If you encounter issues with the Azure guest agent not responding, or failing to install after uploading a custom image, you can manually reset a Windows password. 本文详细说明如何通过将源 OS 虚拟磁盘附加到另一个 VM 来重置本地帐户密码。This article details how to reset a local account password by attaching the source OS virtual disk to another VM. 本文所述的步骤不适用于 Windows 域控制器。The steps described in this article do not apply to Windows domain controllers.

警告

只有在万不得已的情况下才使用此过程。Only use this process as a last resort. 始终应该先尝试使用 Azure 门户或 Azure PowerShell 重置密码。Always try to reset a password using the Azure portal or Azure PowerShell first.

过程概述Overview of the process

无法访问 Azure 来宾代理时,针对 Azure 中的 Windows VM 执行本地密码重置的核心步骤如下:The core steps for performing a local password reset for a Windows VM in Azure when there is no access to the Azure guest agent is as follows:

  1. 停止受影响的 VM。Stop the affected VM.
  2. 为 VM 的 OS 磁盘创建快照。Create a snapshot for the OS disk of the VM.
  3. 从快照创建 OS 磁盘的副本。Create a copy of the OS disk from the snapshot.
  4. 将复制的 OS 磁盘附加并装载到另一个 Windows VM,然后在该磁盘上创建一些配置文件。Attach and mount the copied OS disk to another Windows VM, then create some config files on the disk. 这些文件将帮助你重置密码。The files will help you to reset the password.
  5. 卸载复制的 OS 磁盘并将其从故障排除 VM 中分离。Unmount and detach the copied OS disk from the troubleshooting VM.
  6. 交换受影响 VM 的 OS 磁盘。Swap the OS disk for the affected VM.

使用资源管理器部署的 VM 的详细步骤Detailed steps for the VM with Resource Manager deployment

备注

这些步骤不适用于 Windows 域控制器。The steps do not apply to Windows domain controllers. 仅适用于独立服务器或域成员服务器。It only works on standalone server or a server that is a member of a domain.

在执行以下步骤之前,始终应该尝试使用 Azure 门户或 Azure PowerShell 来重置密码。Always try to reset a password using the Azure portal or Azure PowerShell before trying the following steps. 在开始之前,请确保备份 VM。Make sure you have a backup of your VM before you start.

  1. 为受影响 VM 的 OS 磁盘拍摄快照,从快照创建磁盘,然后将该磁盘附加到故障排除 VM。Take a snapshot for the OS disk of the affected VM, create a disk from the snapshot, and then attach the disk to a troubleshoot VM. 有关详细信息,请参阅通过使用 Azure 门户将 OS 磁盘附加到恢复 VM 来对 Windows VM 进行故障排除For more information, see Troubleshoot a Windows VM by attaching the OS disk to a recovery VM using the Azure portal.

  2. 使用远程桌面连接到故障排除 VM。Connect to the troubleshooting VM using Remote Desktop.

  3. 在源 VM 的驱动器上的 \Windows\System32\GroupPolicy 中创建 gpt.ini(如果存在 gpt.ini,请将它重命名为 gpt.ini.bak):Create gpt.ini in \Windows\System32\GroupPolicy on the source VM's drive (if gpt.ini exists, rename to gpt.ini.bak):

    警告

    切勿在 C:\Windows(故障排除 VM 的 OS 驱动器)中意外创建以下文件。Make sure that you do not accidentally create the following files in C:\Windows, the OS drive for the troubleshooting VM. 应该在源 VM 的、作为数据磁盘附加的 OS 驱动器中创建以下文件。Create the following files in the OS drive for your source VM that is attached as a data disk.

    • 将以下代码行添加到创建的 gpt.ini 文件中:Add the following lines into the gpt.ini file you created:

      [General]
      gPCFunctionalityVersion=2
      gPCMachineExtensionNames=[{42B5FAAE-6536-11D2-AE5A-0000F87571E3}{40B6664F-4972-11D1-A7CA-0000F87571E3}]
      Version=1
      

      显示对 gpt.ini 文件进行的更新的屏幕截图。

  4. \Windows\System32\GroupPolicy\Machine\Scripts\ 中创建 scripts.iniCreate scripts.ini in \Windows\System32\GroupPolicy\Machine\Scripts\. 确保隐藏的文件夹已显示。Make sure hidden folders are shown. 如果需要,请创建 MachineScripts 文件夹。If needed, create the Machine or Scripts folders.

    • 将以下代码行添加到创建的 scripts.ini 文件:Add the following lines the scripts.ini file you created:

      [Startup]
      0CmdLine=FixAzureVM.cmd
      0Parameters=
      

      显示对 script.ini 文件进行的更新的屏幕截图。

  5. \Windows\System32\GroupPolicy\Machine\Scripts\Startup\ 中创建包含以下内容的 FixAzureVM.cmd,将 <username><newpassword> 替换为自己的值:Create FixAzureVM.cmd in \Windows\System32\GroupPolicy\Machine\Scripts\Startup\ with the following contents, replacing <username> and <newpassword> with your own values:

    net user <username> <newpassword> /add /Y
    net localgroup administrators <username> /add
    net localgroup "remote desktop users" <username> /add
    

    此屏幕截图显示了新创建的 FixAzureVM.cmd 文件,你可以在其中更新用户名和密码。

    定义新密码时,必须符合针对 VM 配置的密码复杂性要求。You must meet the configured password complexity requirements for your VM when defining the new password.

  6. 在 Azure 门户中,从故障排除 VM 分离该磁盘。In Azure portal, detach the disk from the troubleshooting VM.

  7. 更改受影响 VM 的 OS 磁盘Change the OS disk for the affected VM.

  8. 运行新 VM 后,使用在 FixAzureVM.cmd 脚本中指定的新密码通过远程桌面连接到该 VM。After the new VM is running, connect to the VM using Remote Desktop with the new password you specified in the FixAzureVM.cmd script.

  9. 在与新 VM 建立的远程会话中,删除以下文件以清理环境:From your remote session to the new VM, remove the following files to clean up the environment:

    • 从 %windir%\System32\GroupPolicy\Machine\Scripts\Startup 中From %windir%\System32\GroupPolicy\Machine\Scripts\Startup
      • 删除 FixAzureVM.cmdremove FixAzureVM.cmd
    • 从 %windir%\System32\GroupPolicy\Machine\Scripts 中From %windir%\System32\GroupPolicy\Machine\Scripts
      • 删除 scripts.iniremove scripts.ini
    • 从 %windir%\System32\GroupPolicy 中From %windir%\System32\GroupPolicy
      • 删除 gpt.ini(如果 gpt.ini 事先已存在并已重命名为 gpt.ini.bak,请将 .bak 文件改回 gpt.ini)remove gpt.ini (if gpt.ini existed before, and you renamed it to gpt.ini.bak, rename the .bak file back to gpt.ini)

经典 VM 的详细步骤Detailed steps for Classic VM

重要

经典 VM 将于 2023 年 3 月 1 日停用。Classic VMs will be retired on March 1, 2023.

如果从 ASM 使用 IaaS 资源,请在 2023 年 3 月 1 日之前完成迁移。If you use IaaS resources from ASM, please complete your migration by March 1, 2023. 我们建议你尽快进行切换,以利用 Azure 资源管理器中的许多增强功能。We encourage you to make the switch sooner to take advantage of the many feature enhancements in Azure Resource Manager.

有关详细信息,请参阅在 2023 年 3 月 1 日之前将 IaaS 资源迁移到 Azure 资源管理器For more information, see Migrate your IaaS resources to Azure Resource Manager by March 1, 2023.

备注

这些步骤不适用于 Windows 域控制器。The steps do not apply to Windows domain controllers. 仅适用于独立服务器或域成员服务器。It only works on standalone server or a server that is a member of a domain.

在执行以下步骤之前,始终应该尝试使用 Azure 门户或 Azure PowerShell 来重置密码。Always try to reset a password using the Azure portal or Azure PowerShell before trying the following steps. 在开始之前,请确保备份 VM。Make sure you have a backup of your VM before you start.

  1. 在 Azure 门户中删除受影响的 VM。Delete the affected VM in Azure portal. 删除 VM 只会删除元数据,以及 Azure 中对该 VM 的引用。Deleting the VM only deletes the metadata, the reference of the VM within Azure. 删除 VM 时,会保留虚拟磁盘:The virtual disks are retained when the VM is deleted:

    • 在 Azure 门户中选择 VM,然后单击“删除”:Select the VM in the Azure portal, then click Delete :

      删除现有经典 VM

  2. 将源 VM 的 OS 磁盘附加到故障排除 VM。Attach the source VM's OS disk to the troubleshooting VM. 故障排除 VM 必须与源 VM 的 OS 磁盘位于同一区域(例如 China North):The troubleshooting VM must be in the same region as the source VM's OS disk (such as China North):

    1. 在 Azure 门户中选择故障排除 VM。Select the troubleshooting VM in the Azure portal. 单击“磁盘” | “附加现有磁盘”: Click Disks | Attach existing :

      附加现有磁盘 - 经典

    2. 选择“VHD 文件”,并选择包含源 VM 的存储帐户: Select VHD File and then select the storage account that contains your source VM:

      选择存储帐户 - 经典

    3. 选中标有“显示经典存储帐户”的框,然后选择源容器。Check the box marked Show classic storage accounts , then select the source container. 源容器通常为 vhdsThe source container is typically vhds :

      选择存储容器 - 经典

      选择存储容器 - VHD - 经典

    4. 选择要附加的 OS VHD。Select the OS vhd to attach. 单击“选择”完成该过程: Click Select to complete the process:

      选择源虚拟磁盘 - 经典

    5. 单击“确定”以附加磁盘Click Ok to attach the disk

      附加现有磁盘 -“确定”对话框 - 经典

  3. 使用远程桌面连接到故障排除的 VM,确保源 VM 的 OS 磁盘可见:Connect to the troubleshooting VM using Remote Desktop and ensure the source VM's OS disk is visible:

    1. 在 Azure 门户中选择故障排除 VM,然后单击“连接”。Select the troubleshooting VM in the Azure portal and click Connect.

    2. 打开下载的 RDP 文件。Open the RDP file that downloads. 输入故障排除 VM 的用户名和密码。Enter the username and password of the troubleshooting VM.

    3. 在文件资源管理器中,找到附加的数据磁盘。In File Explorer, look for the data disk you attached. 如果源 VM 的 VHD 是附加到故障排除 VM 的唯一数据磁盘,它应该是 F: 驱动器:If the source VM's VHD is the only data disk attached to the troubleshooting VM, it should be the F: drive:

      查看附加的数据磁盘

  4. 在源 VM 的驱动器上的 \Windows\System32\GroupPolicy 中创建 gpt.ini(如果 gpt.ini 存在,请重命名为 gpt.ini.bak):Create gpt.ini in \Windows\System32\GroupPolicy on the source VM's drive (if gpt.ini exists, rename to gpt.ini.bak):

    警告

    请确保你不会在 C:\Windows(用于排除 VM 故障的 OS 驱动器)中意外创建以下文件。Make sure that you do not accidentally create the following files in C:\Windows, the OS drive for the troubleshooting VM. 应该在源 VM 的、作为数据磁盘附加的 OS 驱动器中创建以下文件。Create the following files in the OS drive for your source VM that is attached as a data disk.

    • 将以下代码行添加到创建的 gpt.ini 文件中:Add the following lines into the gpt.ini file you created:

      [General]
      gPCFunctionalityVersion=2
      gPCMachineExtensionNames=[{42B5FAAE-6536-11D2-AE5A-0000F87571E3}{40B6664F-4972-11D1-A7CA-0000F87571E3}]
      Version=1
      

      创建 gpt.ini - 经典

  5. \Windows\System32\GroupPolicy\Machine\Scripts\ 中创建 scripts.iniCreate scripts.ini in \Windows\System32\GroupPolicy\Machine\Scripts\. 确保隐藏的文件夹已显示。Make sure hidden folders are shown. 如果需要,请创建 MachineScripts 文件夹。If needed, create the Machine or Scripts folders.

    • 将以下代码行添加到创建的 scripts.ini 文件:Add the following lines the scripts.ini file you created:

      [Startup]
      0CmdLine=FixAzureVM.cmd
      0Parameters=
      

      创建 scripts.ini - 经典

  6. \Windows\System32\GroupPolicy\Machine\Scripts\Startup\ 中创建包含以下内容的 FixAzureVM.cmd,将 <username><newpassword> 替换为自己的值:Create FixAzureVM.cmd in \Windows\System32\GroupPolicy\Machine\Scripts\Startup\ with the following contents, replacing <username> and <newpassword> with your own values:

    net user <username> <newpassword> /add /Y
    net localgroup administrators <username> /add
    net localgroup "remote desktop users" <username> /add
    

    创建 FixAzureVM.cmd - 经典

    定义新密码时,必须符合针对 VM 配置的密码复杂性要求。You must meet the configured password complexity requirements for your VM when defining the new password.

  7. 在 Azure 门户中,从故障排除 VM 分离该磁盘:In Azure portal, detach the disk from the troubleshooting VM:

    1. 在 Azure 门户中选择故障排除 VM,然后单击“磁盘”。Select the troubleshooting VM in the Azure portal, click Disks.

    2. 选择在步骤 2 中附加的数据磁盘,单击“分离”,然后单击“确定”。Select the data disk attached in step 2, click Detach , then click OK.

      拆离磁盘 - VM 故障排除 - 经典

      拆离磁盘 - VM 故障排除 -“确定”对话框 - 经典

  8. 从源 VM 的 OS 磁盘创建一个 VM:Create a VM from the source VM's OS disk:

    从模板创建 VM - 经典

    从模板创建 VM - 选择订阅 - 经典

    从模板创建 VM - 创建 VM - 经典

完成创建虚拟机体验Complete the Create virtual machine experience

  1. 运行新 VM 后,使用在 FixAzureVM.cmd 脚本中指定的新密码通过远程桌面连接到该 VM。After the new VM is running, connect to the VM using Remote Desktop with the new password you specified in the FixAzureVM.cmd script.

  2. 在与新 VM 建立的远程会话中,删除以下文件以清理环境:From your remote session to the new VM, remove the following files to clean up the environment:

    • %windir%\System32\GroupPolicy\Machine\Scripts\Startup\From %windir%\System32\GroupPolicy\Machine\Scripts\Startup\
      • 删除 FixAzureVM.cmdremove FixAzureVM.cmd
    • %windir%\System32\GroupPolicy\Machine\ScriptsFrom %windir%\System32\GroupPolicy\Machine\Scripts
      • 删除 scripts.iniremove scripts.ini
    • %windir%\System32\GroupPolicyFrom %windir%\System32\GroupPolicy
      • 删除 gpt.ini(如果 gpt.ini 之前已存在,并且你已将其重命名为 gpt.ini.bak,请将 .bak 文件重命名回 gpt.iniremove gpt.ini (if gpt.ini existed before, and you renamed it to gpt.ini.bak, rename the .bak file back to gpt.ini)

后续步骤Next steps

如果仍然无法使用远程桌面建立连接,请参阅 RDP 故障排除指南If you still cannot connect using Remote Desktop, see the RDP troubleshooting guide. 详细的 RDP 故障排除指南探讨的是故障排除方法而不是具体的步骤。The detailed RDP troubleshooting guide looks at troubleshooting methods rather than specific steps. 也可以通过提出 Azure 支持请求来获得人工协助。You can also open an Azure support request for hands-on assistance.