staun Posted September 8, 2005 Share Posted September 8, 2005 During RIS-installation of Windows XP clients we want to use a default password for all computers. Ofcourse this is done like this:[GuiUnattended] AdminPassword=mypasswordBut its readable for everyone, thats smart enough to locate the file. Tried to use EncryptedPassword-method, but then the password on the client cannot be used?Any other solution to make sure that no one but the admins to know the administrator password on the client-computer.Scenario :Windows 2003 RISXP Clients Link to comment Share on other sites More sharing options...
cyanide Posted September 8, 2005 Share Posted September 8, 2005 windows does not copy winnt.sif file to hdd during/after installation...it just reads the contents from cdso if youre worried about someone opening the winnt.sif file from harddisk, dont be...and if youre worried that someone might open the winnt.sif file from cd and see the password, you cant do anything about that i think... Link to comment Share on other sites More sharing options...
staun Posted September 8, 2005 Author Share Posted September 8, 2005 I'm worried about my network-users browses to the RIS-installation path and then open the ristndrd.sif file.Its not on the local PC, the installation is running from a RIS-server Link to comment Share on other sites More sharing options...
InTheWayBoy Posted September 8, 2005 Share Posted September 8, 2005 If you use the Setup Manager from Deploy.cab you can set the password AND encrypt it. If you open the *.sif with notepad you'll see a bunch of gibberish, but that's the encryption at work. I've never tested this, only read about it...good luck! Link to comment Share on other sites More sharing options...
staun Posted September 9, 2005 Author Share Posted September 9, 2005 Sorry - already tried that. No successThink I have to live with the risk of a smart user on the network. Link to comment Share on other sites More sharing options...
Asin Posted September 9, 2005 Share Posted September 9, 2005 In what way did it not work? Link to comment Share on other sites More sharing options...
Gee Posted September 9, 2005 Share Posted September 9, 2005 In what way did it not work?<{POST_SNAPBACK}>I am curious to see why an encrypted password would not work.But here is another solution.Leave the password exposed and use your clean up batch file to change the password. Just compile the batch file so it is an .exe file. Harder to read and resets the passwordnet user administrator {New Password}just bury the above command in your clean up batch file and compile it. Link to comment Share on other sites More sharing options...
InTheWayBoy Posted September 9, 2005 Share Posted September 9, 2005 Yeah...as everyone else has said if that's not working then you probably have issues elsewhere. I hear it's best to use the Setup Manager first, then hand edit the rest...don't make the *.sif and then feed it to Setup Manager. Link to comment Share on other sites More sharing options...
cyprod Posted September 9, 2005 Share Posted September 9, 2005 sorry if this is impossible in an RIS sever, never dealt with them personally, I mostly deal in unix land when dealing with network stuffs, but can't you just simply set permissions so they can't read, write or execute the file? Link to comment Share on other sites More sharing options...
InTheWayBoy Posted September 9, 2005 Share Posted September 9, 2005 Depends on how he has RIS setup...if he has it so the user can do it, then no...cause the user would need read access to the files. Now if he made it so only a handful of people can use it, then he might be able to deny access to the file for everyone but the RIS users. Again, it's all in how he's running it...but a **** find suggestion none the less! Link to comment Share on other sites More sharing options...
Noise Posted September 9, 2005 Share Posted September 9, 2005 Don't forget to encrypt your CDKey too. Here's the batch file I made to do mine.ENC_CDKEY.CMD@ECHO OFFTITLE WindowsXP SP2 WINNT.SIF CDKey EncryptCOLOR 74MODE CON COLS=60 LINES=30CLSECHO [Last Edited on 03-29-2005]ECHO *** Defining VariablesSET WORKDIR=%CD%SET CDKEY=XXXXX-XXXXX-XXXXX-XXXXX-XXXXXSET DAYS=60REM MAX DAYS = 60 - MUST HAVE NON 0 VALUEECHO.ECHO This will refresh the encrypted CDKey on theECHO WINNT.SIF file used in the setup of Windows.ECHO.ECHO Note: This script must be run under WinXP.ECHO (press any key to continue)PAUSE>NULECHO *** Reality Checkif not exist "%WORKDIR%\WINNT.SIF" goto ERR1if not exist "%WORKDIR%\CDROOT\I386\WINNT32.EXE" goto ERR2ECHO - passedECHO *** Clearing Log FileIF EXIST "%WINDIR%\WINNT32.LOG" DEL "%WINDIR%\WINNT32.LOG"ECHO *** Updating ProductKey entry inECHO %WORKDIR%\WINNT.SIF with Volume License KeyECHO The encrypted key will be valid for *%DAYS%* days."%WORKDIR%\CDROOT\I386\WINNT32.EXE" /ENCRYPT:"%CDKEY%:%DAYS%" /UNATTEND:"%WORKDIR%\WINNT.SIF"ECHO.ECHO *** Complete!ECHO The results of this operation shown below:TYPE "%WINDIR%\WINNT32.LOG"PAUSEgoto END:ERR1ECHO !!! ERROR !!!ECHO %WORKDIR%\WINNT.SIF was not found.ECHO Please make sure this file is in the sameECHO directory as this script before executing.PAUSEgoto END:ERR2ECHO !!! ERROR !!!ECHO %WORKDIR%\CDROOT\I386\WINNT32.EXE was not found.ECHO Please check your directory structure.PAUSEgoto END:ENDECHO *** End of script Link to comment Share on other sites More sharing options...
staun Posted September 12, 2005 Author Share Posted September 12, 2005 Correct my users (around 700) can reinstall their computeres themselfes, so they need the read-access. Tested this in the early days of the servers life.I'm using the Setup Manager, maybe the problem is that it is an "imported" .SIF file, so I'll try make a new one and then the run once solution with a .EXE file that changes the password.Thanks for your tips - will let you know what works. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now