Whenever an instance is first launched from one of the Amazon-supplied Windows AMIs, some code on the instance generates a random Administrator password. This password is then encrypted through the selected Keypair and is then passed back to AWS (you can actually see it in the System Log).
When you wish to first login into the instance, you will have to use the PEM to decrypt the Administrator password. Then you will be able to login to the Windows instance using that same password.
It is recommended that you should immediately change the Administrator password or you should connect the instance to those Active Directories. Basically, you must follow your standard company security practices.
If you remember the password, you won't require the PEM file again. In fact, if you change the password, then even having the PEM will not provide you an access because it will only decrypt the original password.
Mainly, in the end, you need to Ignore the PEM file. You still have administrative access to the instance, so you don't even need the Administrator account anymore. If you wish to use the Administrator account, simply use your existing administrative login to reactive it and set the password. Hope it helps, cheers friend :)