Re: Changing local admin PW using vb logon script - can it be encrypted?



Hi,

if you are satisifed with the VB script you wrote and don;t want any other utilties but are concerned about encryption/encoding then you could encode that script using Microsoft Script Encoder.
read more about this in the "Encoding Logon Scripts" secction of the "Enterprise Logon Scripts" how-to, part of the Windows Server 2003 document on Technet.

What the document does not go into (but you could) is signing that script with a signing certificate and then incorporating that certificate and script into your Software Restriction Policies system, a Group Policy Object feature.

slawek

-----Original Message-----
From: tth8@xxxxxxxxxxx
Sent: Dec 1, 2005 11:02 AM
To: focus-ms@xxxxxxxxxxxxxxxxx
Subject: Changing local admin PW using vb logon script - can it be encrypted?

Hi all,

Long time lurker, first time poster. We have roughly 500 computers that we?d like to change the local admin passwords on. We realize the security risks of having 1 password on all of our computers and are willing to assume that risk. We?ve developed a VB script that we can implement as a logon script that works perfectly to change the password. We do not want this script sent along as clear text if we can avoid it. Is there any way we can encrypt this script?

We?ve looked at options such as using Windows permissions to either deny Domain Users access (preventing anyone from reading the script) or allowing only Domain Computers Read Only access?however I think that if you are logged into a local computer you should be able to read the script. Not to mention, if you could capture the packets, you could easily find the script and its contents so permissions would matter at all in that scenario.

Any help and/or insight is greatly appreciated.

Best,
?tom

---------------------------------------------------------------------------
---------------------------------------------------------------------------



________________________________________
PeoplePC Online
A better way to Internet
http://www.peoplepc.com

---------------------------------------------------------------------------
---------------------------------------------------------------------------



Relevant Pages

  • minidom xml & non ascii / unicode & files
    ... at first i had no problem using python minidom and everything concerning my regex/xml processing works fine, until i tested my tool on some french page with "non ascii" chars and my script started to throw errors all over the place.. ... I've looked into the matter and discovered the unicode / string encoding processes implied when dealing with non ascii texts and i must say i almost lost my mind.. ... And can i decode it to unicode and encode it back to a byte string so i can use it in my code, with the charsets i want, like ... in the same idea could anyone try to post the few lines that would actually parse an xml file, with non ascii chars, with minidom. ...
    (comp.lang.python)
  • Re: Script Encoder
    ... but apparently it doesn't recognize the scrambled file as an encoded ... Microsoft VBScript compilation error '800a0400' ... I must mention that I INCLUDEd the encoded file within a non-encoded script ... included file contents to the main page and encode it then it works fine. ...
    (microsoft.public.windows.server.scripting)
  • Re: Encrypt Statrup Script Password Using Group Policy
    ... I have managed to find PrimalScript 2007 Enterprise which seems to be secure so far, you can create your VBS, encode to VBE and then compile this to an exe, the old version 4.1, created the .exe but when invoked, created a random .vbs/.vbe in temp, which you could easily read using the below decode script, I believe the .exe also works via gpo for startup scripts, from discussions with other IT professionals. ... If the script is .vbe they can run it as if they copied it locally and it ...
    (microsoft.public.windows.group_policy)
  • RE: Changing local admin PW using vb logon script - can it be encrypted?
    ... When you encode a vbscript, make sure the output file is given a .vbe ... Subject: RE: Changing local admin PW using vb logon script - can it be ... but isn't very strong encryption. ... security risks of having 1 password on all of our computers and are ...
    (Focus-Microsoft)
  • Re: Hiding the source code
    ... The Script Encoder is not meant to ... be a bulletproof encryption product - it's good for deterring casual users ... >> How do i hide the source code of my page such that it can't be viewed on ... > Do a google on VBScript +Encode. ...
    (microsoft.public.scripting.vbscript)