none
How To encrypt a password in unattendend.xml

    Frage

  • Hi @ll,

    I want to encrypt the passwords in the unattendend.xml (windows 7). Now there all in PlainText.

    <LocalAccount wcm:action="add">
                            <Password>
                                <Value>P@ssw0rd</Value>
                                <PlainText>true</PlainText>
                            </Password>
                            <Description>LocalAdmin</Description>
                            <DisplayName>LocalAdmin</DisplayName>
                            <Group>administrator</Group>
                            <Name>LocalAdmin</Name>
     </LocalAccount>

    Which encryption is used? How can I generate the encrypted values?

    Best regards,
    Lucian

    Donnerstag, 16. Dezember 2010 08:34

Antworten

  • Hi,

     

    Thanks for posting in Microsoft TechNet forums.

     

    Open Windows SIM.

    Open a Windows image. For more information, see Open a Windows Image or Catalog File.

    Open or create an answer file. For more information, see Open an Answer File.

    Add one of the following password settings to your answer file:

    Microsoft-Windows-Shell-Setup | AutoLogon | Password

    Microsoft-Windows-Shell-Setup | UserAccounts | AdministratorPassword

    Microsoft-Windows-Shell-Setup | UserAccounts | LocalAccounts | LocalAccount | Password

    Add a value to one or more of the password settings.

    On the Tools menu, check Hide Sensitive Data. This ensures that when the answer file is saved, the password information will be hidden.

    Save the answer file and close Windows SIM.

     

    Best Regards

    Magon Liu

    TechNet Subscriber Support in forum. If you have any feedback on our support, please contact tngfb@microsoft.com

     


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”
    • Als Antwort markiert Lucian85 Freitag, 17. Dezember 2010 12:18
    Freitag, 17. Dezember 2010 08:32
    Moderator

Alle Antworten

  • Hi,

     

    Thanks for posting in Microsoft TechNet forums.

     

    Open Windows SIM.

    Open a Windows image. For more information, see Open a Windows Image or Catalog File.

    Open or create an answer file. For more information, see Open an Answer File.

    Add one of the following password settings to your answer file:

    Microsoft-Windows-Shell-Setup | AutoLogon | Password

    Microsoft-Windows-Shell-Setup | UserAccounts | AdministratorPassword

    Microsoft-Windows-Shell-Setup | UserAccounts | LocalAccounts | LocalAccount | Password

    Add a value to one or more of the password settings.

    On the Tools menu, check Hide Sensitive Data. This ensures that when the answer file is saved, the password information will be hidden.

    Save the answer file and close Windows SIM.

     

    Best Regards

    Magon Liu

    TechNet Subscriber Support in forum. If you have any feedback on our support, please contact tngfb@microsoft.com

     


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”
    • Als Antwort markiert Lucian85 Freitag, 17. Dezember 2010 12:18
    Freitag, 17. Dezember 2010 08:32
    Moderator
  • but how do I encrypt the domain password portion within x86_microsoft-windows-unattendjoin_neutral | identification | credentials | password

    the method described above will only encrypt the following respectively.  

    Microsoft-Windows-Shell-Setup | AutoLogon | Password 

    Microsoft-Windows-Shell-Setup | UserAccounts | AdministratorPassword

    Microsoft-Windows-Shell-Setup | UserAccounts | LocalAccounts | LocalAccount | Password

    would adding the domain administrator password to Microsoft-Windows-Shell-Setup | AutoLogon | Password and then removing the identification portion of x86_microsoft-windows-unattendjoin_neutral | identification | credentials | password achieve this? -- **if so?, what other implications would this have?  would systems always autologon as the domain administrator?

    Dustin

     

    • Als Antwort vorgeschlagen ccscott- Freitag, 17. November 2017 00:33
    • Nicht als Antwort vorgeschlagen ccscott- Freitag, 17. November 2017 00:33
    Donnerstag, 19. April 2012 20:39
  • If only Microsoft had some kind of SQL product on the market that could store user id and passwords in an encrypted table and could be integrated with deployment solution....

    Donnerstag, 14. November 2013 05:06
  • Windows Sim uses Base64 to encode the password.  It is not secure.  Powershell can be used to retrieve the password and Microsoft needs to patch this immediately.  All that is required is that you save the encoded password to a file like c:\key.txt  then from Powershell
    ps> $encryptedpwd = get-content c:\pwd.txt
    ps> $encryptedpwd
    (your base64 password from windows sim is displayed here)
    ps> [System.Text.Encoding]::Unicode.GetString([System.Convert]::FromBase64String($encryptedpwd))

    (Your password is shown here)
    • Bearbeitet Killin4Gsus Donnerstag, 20. April 2017 12:36
    Donnerstag, 20. April 2017 12:15