none
How To encrypt a password in unattendend.xml

    问题

  • Hi @ll,

    I want to encrypt the passwords in the unattendend.xml (windows 7). Now there all in PlainText.

    <LocalAccount wcm:action="add">
                            <Password>
                                <Value>P@ssw0rd</Value>
                                <PlainText>true</PlainText>
                            </Password>
                            <Description>LocalAdmin</Description>
                            <DisplayName>LocalAdmin</DisplayName>
                            <Group>administrator</Group>
                            <Name>LocalAdmin</Name>
     </LocalAccount>

    Which encryption is used? How can I generate the encrypted values?

    Best regards,
    Lucian

    2010年12月16日 8:34

答案

  • Hi,

     

    Thanks for posting in Microsoft TechNet forums.

     

    Open Windows SIM.

    Open a Windows image. For more information, see Open a Windows Image or Catalog File.

    Open or create an answer file. For more information, see Open an Answer File.

    Add one of the following password settings to your answer file:

    Microsoft-Windows-Shell-Setup | AutoLogon | Password

    Microsoft-Windows-Shell-Setup | UserAccounts | AdministratorPassword

    Microsoft-Windows-Shell-Setup | UserAccounts | LocalAccounts | LocalAccount | Password

    Add a value to one or more of the password settings.

    On the Tools menu, check Hide Sensitive Data. This ensures that when the answer file is saved, the password information will be hidden.

    Save the answer file and close Windows SIM.

     

    Best Regards

    Magon Liu

    TechNet Subscriber Support in forum. If you have any feedback on our support, please contact tngfb@microsoft.com

     


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”
    • 已标记为答案 Lucian85 2010年12月17日 12:18
    2010年12月17日 8:32
    版主

全部回复

  • Hi,

     

    Thanks for posting in Microsoft TechNet forums.

     

    Open Windows SIM.

    Open a Windows image. For more information, see Open a Windows Image or Catalog File.

    Open or create an answer file. For more information, see Open an Answer File.

    Add one of the following password settings to your answer file:

    Microsoft-Windows-Shell-Setup | AutoLogon | Password

    Microsoft-Windows-Shell-Setup | UserAccounts | AdministratorPassword

    Microsoft-Windows-Shell-Setup | UserAccounts | LocalAccounts | LocalAccount | Password

    Add a value to one or more of the password settings.

    On the Tools menu, check Hide Sensitive Data. This ensures that when the answer file is saved, the password information will be hidden.

    Save the answer file and close Windows SIM.

     

    Best Regards

    Magon Liu

    TechNet Subscriber Support in forum. If you have any feedback on our support, please contact tngfb@microsoft.com

     


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”
    • 已标记为答案 Lucian85 2010年12月17日 12:18
    2010年12月17日 8:32
    版主
  • but how do I encrypt the domain password portion within x86_microsoft-windows-unattendjoin_neutral | identification | credentials | password

    the method described above will only encrypt the following respectively.  

    Microsoft-Windows-Shell-Setup | AutoLogon | Password 

    Microsoft-Windows-Shell-Setup | UserAccounts | AdministratorPassword

    Microsoft-Windows-Shell-Setup | UserAccounts | LocalAccounts | LocalAccount | Password

    would adding the domain administrator password to Microsoft-Windows-Shell-Setup | AutoLogon | Password and then removing the identification portion of x86_microsoft-windows-unattendjoin_neutral | identification | credentials | password achieve this? -- **if so?, what other implications would this have?  would systems always autologon as the domain administrator?

    Dustin

     

    • 已建议为答案 ccscott- 2017年11月17日 0:33
    • 取消建议作为答案 ccscott- 2017年11月17日 0:33
    2012年4月19日 20:39
  • If only Microsoft had some kind of SQL product on the market that could store user id and passwords in an encrypted table and could be integrated with deployment solution....

    2013年11月14日 5:06
  • Windows Sim uses Base64 to encode the password.  It is not secure.  Powershell can be used to retrieve the password and Microsoft needs to patch this immediately.  All that is required is that you save the encoded password to a file like c:\key.txt  then from Powershell
    ps> $encryptedpwd = get-content c:\pwd.txt
    ps> $encryptedpwd
    (your base64 password from windows sim is displayed here)
    ps> [System.Text.Encoding]::Unicode.GetString([System.Convert]::FromBase64String($encryptedpwd))

    (Your password is shown here)
    2017年4月20日 12:15