Encrypted passwords in answer files

[IcemanND]

I know it's a long shot but it doesn't hurt to ask.

I'm building a pre-deployment app to collect various information for and combination image deployment/scripted install of Vista. Basically ask all the questions up front then apply the wim and modify the answer file and imaged drive as needed, then reboot and come back in 10 minutes and all is done.

Since some of the desired changes are the ID and password to join the domain, changing of the local admin password, I don't want to save them in the XML as plain text if I can get away with it since it left behind after sysprep, though I could add a step to delete it after deployment.

So anyone know what method Microsoft used to encrypt the password in the answer file so I can duplicate it and encrypt and update it with my own?

[maxXPsoft]

I just encrypt my password I add to the xml. Really don't know what they using yet.

Hide Sensitive Data in an Answer File

Windows System Image Manager (Windows SIM) enables you to hide the passwords for the administrator account and any other user accounts on the local system in an answer file. Hiding the passwords in an answer file prevents users from reading the answer file and identifying passwords for local accounts.

Open Windows SIM.

Open a Windows image. For more information, see Open a Windows Image or Catalog File.

Open or create an answer file. For more information, see Open an Answer File.

Add one of the following password settings to your answer file:

Microsoft-Windows-Shell-Setup | AutoLogon | Password

Microsoft-Windows-Shell-Setup | UserAccounts | AdministratorPassword

Microsoft-Windows-Shell-Setup | UserAccounts | LocalAccounts | LocalAccount | Password

Add a value to one or more of the password settings.

On the Tools menu, check Hide Sensitive Data. This ensures that when the answer file is saved, the password information will be hidden.

Save the answer file and close Windows SIM.

[IcemanND]

Doing it via WSIM is not the problem. I want to replace or add an encrypted password in the answer file from my own application.

Here's a more detailed description of the process I am developing.

Boot thumbdrive to Windows PE 2, initialize network and resize screen to 1024x768

Launch Deployment app.

Technician selects the options and fills in the desired information.

partitions drive as desired

deploys image

when completed the necessary answers in the answer file for XP or Vista is updated

machine reboots and syspreped image boots

during sysprep selected applications are installed

system reboots and is finished and ready for user.

[leen2]

We do similar to what you are doing, we create the unattend.xml file dynamically based on the information the user selects and enters. We don't encrypt the passwords because we have found that windows setup when reading the unattend.xml file removes sensitive data. You can see this if you look at the answer file in the C:\windows\panther folder after setup is completed. I don't even think you need to remove the unattend.xml file, I think windows setup removes it.

You will find all sensitive data has been removed. I don't know if you can still encrypt the passwords, and put them in the unattend file, there again you would need to be able to generate them in encrypted form and I don't know of a way to do that.

hope this helps.

[IcemanND]

That was the problem, after a test the answer file was still there with the passwords in clear text.