Setting the local builtin SAM administrator password RRS feed

  • Question

  • Greetings,

        Currently we set the local SAM administrator password by supplying it directly in the "Apply Windows settings" TS step.

        I do have a base 64 encoded version of that same password in customsettings.ini and I would like to use that variable. Let's call it "encpwd".

      In the "Apply Window Settings" step, can I code the variable name in the text field when I specify "Enable the account and specify the local administrator password" as %encpwd%? I suspect that this field may not accept variables.

     Alternatively, can I code in my customsettings.ini "adminpassword=encpwd" ? And if I set this in customsettings.ini will it override whatever is set in the "Apply windows Settings" step (i.e. would I just set this to 'randomly generate...')?


    David Z

    Thursday, May 15, 2014 11:56 PM

All replies

  • It's not clear what deployment method you are using here. MDT LTI, or SCCM ZTI?

    For MDT LTI, you could just add the base64 encoded value *directly* into the unattend.xml file, and then remove the adminpassword entry in the zticonfigure.xml to prevent overwrite.

    You might be able to code your own solution to add base64 encoded data directly into the variable namespace by overriding the "Public Property Let Item()" entry in ztiutility.vbs to override the "ObfuscateEncode()" call.

    However, note, that this is not 100% secure (nothing is), your password is still recoverable as plaintext.

    Keith Garner -

    Friday, May 16, 2014 9:34 PM
  • This is what I want to do:

    1. Open the task sequence

    2. Highlight the "Apply Windows Settings" TS step

    3. Click the radio button "Enable the account and specify the password"

    4. In the Password and confirm password fields type %encpwd% to use a TS variable as the actual password

    Is step 4 possible?


    David Z

    Sunday, May 18, 2014 10:53 PM