jfmartel Posted January 11, 2005 Share Posted January 11, 2005 Hello all! First of all, i'd like to say that this board is awesome. It's very interesting to see how much people helps others. In the context where security is a big priority for sys admin , most of you, i hope, have a different local administrator password. (Don't you?) Here is my setup scenario:1) I'd like to be able to generate a random password for the local administrator account2) Once Windows Has finished to install, on first logon, able to log as "local administrator"3) Dump the generated password somewhere on my networkAm I dreaming? or Is this possible? Thank you for your answer! Link to comment Share on other sites More sharing options...
TrAvELAr Posted January 12, 2005 Share Posted January 12, 2005 I'd say that the possibility of generating and using a random password is a lot greater than the possibility of it dumping the password to a text file. I know you are thinking of security, but look at it form another angle. Why would you EVER want your admin passwords dumped to a cleartext text file?!?!? If that were case, just imagine how many more systems would be vulnerable to attack. Link to comment Share on other sites More sharing options...
jfmartel Posted January 12, 2005 Author Share Posted January 12, 2005 I only need to get this file for retrieving purpose. If it doesnt dump the password somewhere, how i can know this password? Link to comment Share on other sites More sharing options...
Martin Zugec Posted January 12, 2005 Share Posted January 12, 2005 Agree with Travelar - dont think so it is smart idea... BTW have a look here: http://blogs.msdn.com/robert_hensing/archi.../10/350344.aspxFind your security priorities Link to comment Share on other sites More sharing options...
prathapml Posted January 12, 2005 Share Posted January 12, 2005 jfmartel, what you *CAN* do instead, is do a RIS install (over the network).And since you have control over the image being sent out to install at the workstation, you can just change the unattend.txt each time before an install (so you can make a mental note of the password or write it down somewhere). Link to comment Share on other sites More sharing options...
jfmartel Posted January 13, 2005 Author Share Posted January 13, 2005 Actually, this is what I'm doing. But i want it fully automatic.What I'm planning to do, is to keep the same password on my RIS image, and at the RunOnceEx command, to change it, and dump it on my network (a secure place) to retrieve it.All I need is some apps that will generate a password and will dump it on my network... Link to comment Share on other sites More sharing options...
sintaxasn Posted January 14, 2005 Share Posted January 14, 2005 Hey there - not sure if this is helpful, but what I've done is use a vbscript to do the following:Set a static multiplication factorGet the current timeAdd the hours, minutes, day month year etc. whatever you wantGenerate a random numberMultiply the factor by the total time value and add to the end of the random numberSet the password to this valueThen on the CTRL-ALT-DEL page, I change the heading using this keyHKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\LogonPromptto various bits of information, including the time and random number disguised. Further to this, I've created a tool that our helpdesk can use to supply a "one-time" admin password by asking the end user for the info on the C-A-D screen. I've already hardcoded the multiplication factor into the tool, and it basically decrypts these values and provides a usable one time password. This way, no-one knows what the passwords are at any given time without this utility. It's kindof a basic Challenge/Response system, but the ideas behind it might be what your looking for.Cheers, Dan Link to comment Share on other sites More sharing options...
sintaxasn Posted January 14, 2005 Share Posted January 14, 2005 Further to this, you could hide the Multiplication value somewhere in the registry. and before you reboot, or sysprep (or whatever), use another vbscript to read the multiplication value, plus the additional bits of info you've set in the registry - decrypt the password, and set the autologon information.Again, this will only work once (that's assuming that you run the vbscript to randomise the password on EVERY boot as I do).Hope this helps!Dan Link to comment Share on other sites More sharing options...
prathapml Posted January 14, 2005 Share Posted January 14, 2005 @jfmartelTake a look:SET adminpwd=%random%%date%%time%textnet user Administrator %adminpwd%echo This is the admin password set for the PC - %logonserver%,%computername% >> \\DOMAIN\SERVER\sharename\pwdlog.txtecho %adminpwd% >> \\DOMAIN\SERVER\sharename\pwdlog.txtOnly problem here is the clear-text dump of password.I suppose this batch-file is quite self-explanatory. If run in local machine context, it will do what you are asking above. If you need more details, just ask. As for 2) Once Windows Has finished to install, on first logon, able to log as "local administrator"This can be done by a winnt.sif setting that lets the local admin log on X number of times automatically at bootup (set it to just once).Hoping this helps.... Link to comment Share on other sites More sharing options...
sintaxasn Posted January 15, 2005 Share Posted January 15, 2005 As for QUOTE 2) Once Windows Has finished to install, on first logon, able to log as "local administrator" This can be done by a winnt.sif setting that lets the local admin log on X number of times automatically at bootup (set it to just once).Prathapml - unfortunately if the password is randomised during the CMDLines.TXT phase, then the autologon wont work. If anyone's interested, I've written a small exe (xAuto.Exe) which will give an additional autologon each time it's run, in a random password environment - provided that the random password is also passed to the exe at the same time that it's changed. It also works in Novell environments (using Novell Client), and if a machine name is being changed during the same reboot. Usage would be as follows:Set Password=%RANDOM%Net User Administrator %PASSWORD%xAuto %PASSWORD%if you've just changed the machine name (will will become active during the next reboot) you usexAuto %PASSWORD% /Asset:%NEWNAME%When you're finished autologging on as many times as you want, you just run xAuto /DEL to clear up some Novell keys (specifically autoticking Workstation Only logon)Hope someone can find some use for it.Dan Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now