Re: Group Policy script protection
- From: "Roger Abell [MVP]" <mvpNoSpam@xxxxxxx>
- Date: Mon, 10 Dec 2007 02:01:28 -0700
Hi,
You have already, with 17,000 boxes, run into the issue of
tracking which machines have old and which new password.
There are alternatives to "enhance" the non-protection of the
trivial uuencoding of the script obsfucator. The main on is
from recognizing that the script used is a startup/shutdown
script that is run as the System account, and so the premissions
on the script in Syslogon needs a grant to Domain Computers,
not to anything that includes Domain Users. With that change
someone needs to first have an execution context that is running
as Local System on their domain joined computer in order to
see that the script is encoded.
Roger
"Matt" <Matt@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:1ECD1CA7-B9F7-402D-9928-0939D40E6922@xxxxxxxxxxxxxxxx
We have an environment with 17,000 pc's which we periodically change the
local administrator password with a vbscript using group policy.
Does anyone know a way to hide the new password in the script in case a
user
navigates to the policy script file and opens it and reads it?
We have tried the MS script encoder to change the vbs file to vbe but
there
is simple code on the internet that enables you to read it anyway.
.
- Prev by Date: Re: Computer Certificate Private Key
- Next by Date: Re: Computer Certificate Private Key
- Previous by thread: Re: Group Policy script protection
- Next by thread: Re: Computer Certificate Private Key
- Index(es):
Relevant Pages
|
