Naveen Vijay

Chances are this might be the first step engineers do right after launching a plain EC2 Windows Server instance. Windows servers tend to take some to stabilize before the full GUI becomes responsive. I was thinking what would be a good way to utilize the EC2 Run Command and this came to my mind. I have tested the solution in Windows Server 2012 R2, Windows Server 2012 and Windows Server 2008 R2.

The only pre-requisite to use EC2 Run Command is to ensure the instance is launched using the IAM Role which has the IAM privilege AmazonEC2RoleforSSM. Additional information can be found at Troubleshooting Amazon EC2 Run Command.

So this how the approach goes; you would accomplish the task in 2 passes – disable operation followed by logout. I found the code to achieve the both from StackOverflow – Disable IE security on Windows Server via PowerShell and Powershell Log Off Remote Session.

Step 0 : Ensure the Instance is launched with the IAM Role with the privilege AmazonEC2RoleforSSM.

Step 0

Step 1 : Execute Run Command

Step 1

Select The AWS-RunPowerShellScript and Designated Instance id

Step 2

Use the Code from [ ]

$AdminKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A7-37EF-4b3f-8CFC-4F3A74704073}"
$UserKey = "HKLM:\SOFTWARE\Microsoft\Active Setup\Installed Components\{A509B1A8-37EF-4b3f-8CFC-4F3A74704073}"
Set-ItemProperty -Path $AdminKey -Name "IsInstalled" -Value 0
Set-ItemProperty -Path $UserKey -Name "IsInstalled" -Value 0
Stop-Process -Name Explorer

Step 3

And that’s it …

Step 4

I have tried it multiple times – unless you logoff and then login again this for some reason doesn’t shows up. The EC2 Run command for doing the logoff doesn’t seem to fix this. Nevertheless – it is easy to logoff

Step 5

comments powered by Disqus