In Part 2 we saw the different access methods we can use to connect to our Linux virtual machine instances. Further we saw what exactly the so called Cloud Shell Instance is.

Now in this part we will see how to create a new Windows virtual machine instance (Windows Server 2025) and how to connect to by using RDP and SSH.


Table Of Contents
  1. Creating a new Virtual Machine Instance (Windows Server 2025)
  2. Connect to Windows VMs using SSH
  3. Links


Creating a new Virtual Machine Instance (Windows Server 2025)

About all steps to create a new virtual machine instance you can also read Part 1, in this part I will just cover the different steps when setting up a new Windows virtual machine instance.

Withing the OS and storage tab we need to select for the operating system here Windows Server and then selecting the desired version, in my case here Windows Server 2025 Datacenter.


Disk and image pricing
https://cloud.google.com/compute/disks-image-pricing?hl=en

About licenses
Bring your own license (BYOL)/Bring your own subscription (BYOS)
For Windows, contact your Google Cloud Technical Account Manager
https://cloud.google.com/compute/docs/licenses/about


As already mentioned in Part 2, for Windows VMs we can optionally also enable SSH by adding manually generated SSH keys aka Metadata-based SSH Keys Login.


Finally click on Create.


By default, Windows virtual machine (VM) instances authenticate by using a username and a password instead of by using SSH.

If we don’t enable SSH for Windows, we must generate new credentials before connecting to the VM.

You can also use this process to generate new credentials if you no longer have the original credentials. If you use this process to generate new credentials for existing users, any data that is encrypted with the current credentials, such as encrypted files or stored passwords, might not be retained.

On the virtual machine instance’s details tab, click on Set Windows password.


If a Windows account with the following username does not exist, it will be created and a new password assigned. If the account exists, its password will be reset.


We can also change the default proposed username. Click on Set.


Copy the generated password, it will not be shown again.


We can now connect per RDP to our virtual machine by using either its private IP address in case our network is connected through a VPN tunnel with GCP like shown here or through its public IP address.


By downloading the RDP file already the public IP address and username is set and we just need to click on Connect.



Unfortunately here the first proposed username by default will be set, so in case we changed this, we need to click on More choices to change the username.




Looks good now.





Connect to Windows VMs using SSH

By default, Compute Engine uses custom project and/or instance metadata to configure SSH keys and to manage SSH access.

All Windows VMs use metadata to manage SSH keys, while Linux VMs can use metadata keys or OS Login. If you use OS Login, metadata SSH keys are disabled.


I will now also upload my public SSH key to the metadata section of this virtual machine instance.



SSH for Windows is supported on Windows Server images running the guest agent (GCEGuestAgent) version 20220527.00 or later and OpenSSH version 8.6 or later.

To enable SSH connections to Windows VMs, install the google-compute-engine-ssh package and set the enable-windows-ssh key to TRUE in project or instance metadata. Enabling SSH for Windows in project metadata enables SSH for all Windows VMs in your project. Enabling SSH for Windows in instance metadata enables SSH for a single VM and overrides the value set in project metadata.



To enable SSH on a running Windows VM, connect to it by using RDP, then download and install the SSH package as shown below.

Enable SSH for Windows while creating a VM
https://cloud.google.com/compute/docs/connect/windows-ssh#create_vm


Download and install the google-compute-engine-ssh package by running the following command:

PS> googet -noconfirm=true install google-compute-engine-windows && googet -noconfirm=true install google-compute-engine-ssh


PS> Get-NetTCPConnection | Where-Object { $_.LocalPort -eq 22 }

Below a screenshot from a different Windows virtual machine, before installing the google-compute-engine-ssh package we will see, that the virtual machine is just listening on TCP 3389 for RDP but we didn’t see any TCP 22 port for SSH is listening.

After installing it the second try shows now the machine is listening also on TCP port 22 for inbound SSH connections.


Further we will see that the ssh config is stored under C:\ProgramData\ssh.


Under C:\ProgramData\ssh, we also needed to create the following two file administrators_authorized_keys and authorized_keys, inserting our public SSH key, to finally be able to also connect from remote by using SSH, not just through gcloud.


The binaries are installed under C:\Program Files\OpenSSH.


Connect to the VM by using the gcloud and SSH.

$ gcloud compute ssh [INSTANCE_NAME] --zone=[ZONE]
$ gcloud compute ssh lab-europe-west3-vm-instance-win1 --zone=europe-west3-c


We are now connected to the CMD of our Windows machine.


From the CMD we could also start a new PowerShell session by just running.

> powershell.exe


Connect to the VM from remote.


We can also start from the CMD a new PowerShell session.

Links

Connect to Windows VMs using RDP
https://cloud.google.com/compute/docs/instances/connecting-to-windows

Connect to Windows VMs using SSH
https://cloud.google.com/compute/docs/connect/windows-ssh

Metadata-managed SSH connections
https://cloud.google.com/compute/docs/instances/ssh