none
MDT 2013 - password shown in plain text RRS feed

  • Question

  • Is there a way to prevent passwords being shown in plain text in files when using MDT 2013? I found one in unattend.xml on the server  - on the pc it was not shown.

    Thanks in advance for any replies.

    Thursday, August 20, 2015 9:06 AM

Answers

  • Ok. When you open this in WSIM using the "Edit Unattend.xml button, is "Hide Sensitive data" already selected under the "Tools" menu? If it is don't deselect it. Close the unattend (not WSIM) file and it should prompt you to save. Click OK and check if the value changes. <PlainText> should be set to false. Please confirm.
    • Marked as answer by Micknet Friday, August 21, 2015 9:47 AM
    Friday, August 21, 2015 9:18 AM

All replies

  • I am guessing you want to change the password of an user account that has its password showing up in the Task Sequence Unattend.xml. To hide the password, simply open the unattend.xml in Windows System Image Manager (You can also open this by going to the "OS Info" tab under Task Sequence Properties and click on "Edit Unattend.xml" tab). Now when the answer file opens up in WSIM, go to the Tools Menu and select "Hide Sensitive Data". Save and close the answer file. When you open up the unattend again, it should have been set to a non plain-text value.
    Thursday, August 20, 2015 1:32 PM
  • Thank you for your answer. The file I found the password in was located in: DeploymentShare\Control\unattend.xml.

    I tried your suggestions but the password is still shown in plain text.

    Friday, August 21, 2015 8:56 AM
  • You mean DeploymentShare\Control\<Task_Sequence_ID>\Unattend.xml file. Can you please confirm the following?Open up the xml in notepad. Just below the password you should see a tag called <PlainText>. Is it set as True or False? Also is this a local or a domain account?

    Friday, August 21, 2015 9:01 AM
  • Yes - the path DeploymentShare\Control\<Task_Sequence_ID>\Unattend.xml is correct and it is a local account.

    It is set as <PlainText>true</PlainText>

    Friday, August 21, 2015 9:10 AM
  • Ok. When you open this in WSIM using the "Edit Unattend.xml button, is "Hide Sensitive data" already selected under the "Tools" menu? If it is don't deselect it. Close the unattend (not WSIM) file and it should prompt you to save. Click OK and check if the value changes. <PlainText> should be set to false. Please confirm.
    • Marked as answer by Micknet Friday, August 21, 2015 9:47 AM
    Friday, August 21, 2015 9:18 AM
  • When I tried opening it earlier using the "Edit Unattend.xml" button I got a message saying "This could take a log time" so I cancelled and used Windows System Image Manager and there was already a tick beside "Hide Sensitive Data" so I saved the file again but the password was still visible.

    I'll try opening the file again using the "Edit Unattend.xml" button and I'll wait for it to open.

    Thank you for your replies.

    Friday, August 21, 2015 9:28 AM
  • Ok - I restarted the server and tried opening it using the "Edit Unattend.xml " button and the " Hide Sensitive data" option is selected. I closed the file as you said and the password is no longer in plain text. Thank you very much for your help.
    Friday, August 21, 2015 9:47 AM
  • Glad to be of help :)
    Friday, August 21, 2015 10:03 AM
  • Is there any setting that will always cause the password to be encrypted?

    Friday, August 21, 2015 10:17 AM
  • How are you adding the Accounts? If you are adding them through WSIM, then that setting will automatically encrypt them.
    Sunday, August 23, 2015 12:50 PM
  • The account is on the PC that the image is captured from.

    Monday, August 24, 2015 7:23 AM