Jump to content


Recommended Posts

Hello,

 

Is there any way to remove/hide/encrypt passwords appearing in clear text in the client-side logs during OSD?

During OSD, i can read out domian, useraccount and password for the Client Network Access Account.

 

This account have read on the packages share,and i dont want people deploying computers all over the world beeing able to read from the share.

 

I think i read something about this in the realease notes for 1511, but i cant find it again.

 

Hope someone else have done this, and can spare the time to give me the solution ;)

 

Best Regards

Marius

Senior IT-Consultant

Share this post


Link to post
Share on other sites

Hmm.. I've not heard of this before and I just checked my smsts log from a newly imaged machine and do not see my network accounts there nor the accounts used to join machines to the domain.

 

Are you somehow using some sort of script that contains the username and password of the network account? If so, that could be why they show in the log. Noticed that issue a few years ago trying to configure the BIOS on some dell workstations. One of the parameters is what we want the password to be. Since that's part of the command string it gets logged. Not very good security wise so we ended up using a different approach that didn't involve passing the password as a command.

Share this post


Link to post
Share on other sites

Heres a potential workaround, though not a great one.

 

Identify the file(s) you want to be "unreadable". Add a step in your TS that set permissions on this file so it can only be accessed by sccm(system account) for example. Not sure if that would work.

 

Or you could add a step in the TS to delete the file? At least it doesnt get stored on the machine.

 

I guess it would take someone with some reasonable knowledge of sccm to actually find the user/pwd as theyd need to target the correct log file. Tricky one but thankfully in our case our users and support teams have no idea on where to find stuff like this.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.