Encoding sensitive information in CustomSettings.ini and Bootstrap.ini RRS feed

  • Question

  • Hello, dear colleagues.

    I think every person, involved in OSD process with MDT, wondered to implement fully-automated LTI.

    As for me, left one question - to pass User Credentials enter for connecting to network share.

    Of course, you've met this article: Encoding sensitive information in CustomSettings.ini and Bootstrap.ini

    Have someone tried to implement that with a stronger encryption algorithm than Base64?

    As I understand, MDT transfers all sensitive information previously obfuscated? For example, when enter manually domain\username\password to access deployment share, this information transfers obfuscated with base64 encoding? If different, could it be used for encryption credentials in CustomSettings.ini and Bootstrap.ini?

    Moreover, bootstrap.ini and Decode.wsf injected in boot image, and it's easy to extract passwords from boot CD, if you have one. Can you tell, if to implement strong encryption type and store boot images in WDS, not boot CD's, is it enough secure? Can sensitive information be sniffed such a way? 

    Have a nice day.

    • Edited by fapw Monday, February 16, 2015 4:36 PM
    Monday, February 16, 2015 4:30 PM