thadkew

Password Protect a Task Sequence?



37 posts in this topic

anyweb    397

then your abortscript will simply do as follows

 

 

manage-bde -protectors c: -enable

 

replace c: with a variable like OSdisk, you can create the OSDISK variable using a script to check for the presence of c:\windows\explorer.exe

Share this post


Link to post
Share on other sites


wireshark    0

Thanks a lot.

 

then your abortscript will simply do as follows

 

 

 

 

replace c: with a variable like OSdisk, you can create the OSDISK variable using a script to check for the presence of c:\windows\explorer.exe

 

Thanks a lot. That might do the job.

 

I'll give it a try.

 

In the meanwhile I ended up with creating a HTA that runs in "Full OS" instead. That way I don't have to worry about if the computer is Bitlocked or not.

Share this post


Link to post
Share on other sites
Tjindarr    3
I edited pollewops HTA some to include prompts for Primary User and Computer name. Edit domain on line 113 or remove it if you have mulitple.
There is also a check on line 104 to 109 to check that the username and computername is between 5 and 10 / 15 characters.
The computername is also changed to upercase characters. And as before on line 98 change password and line 57 to 64 is the footer.
also replace the logo.jpg with your own.
I removed the checkbox for show password, cool feature but we never used it and i didnt get how to implement it with 2 new prompts.
Prompt.jpg
<title>Prompt for password</title>
<HTA:APPLICATION 
     ID="objAutoRefresh"
     APPLICATIONNAME="Auto Refresh"
     SCROLL="no"
     SINGLEINSTANCE="yes"
     WINDOWSTATE="maximize"
     icon="icon.ico"
     SHOWINTASKBAR="no"
     SYSMENU="no"
>

<link rel="stylesheet" type="text/css" href="skin.css">

<script language=vbscript>
sub activate(thebutton)
	thebutton.classname="btnb"
end sub
sub activate2(thebutton)
	thebutton.classname="btnc"
end sub
sub deactivate(thebutton)
	thebutton.classname="btna"
end sub
sub lblactivate(thebutton)
	thebutton.classname="lblb"
end sub
sub lblactivate2(thebutton)
	thebutton.classname="lblc"
end sub
sub lbldeactivate(thebutton)
	thebutton.classname="lbla"
end Sub

</script>
</head>


<SCRIPT LANGUAGE="VBScript">


on error resume next

Set objFSO = CreateObject("Scripting.FileSystemObject")
Set WshShell = CreateObject("WScript.Shell")
Set objOSD = CreateObject("Microsoft.SMS.TSEnvironment")

Sub Window_Onload
   window.resizeTo 700,500

   window.moveTo ((screen.availWidth \ 2) - (700 \ 2)), ((screen.availHeight \ 2) - (500 \ 2))

   self.Focus()

   Support = "0000-000000"

   Footer.InnerHTML= "<HR width='100%' SIZE='2'>" & vbcrlf & _
                     "<table vAlign='bottom' border='0' width='100%'>" & vbcrlf & _
                     "<td align='left'>" & vbcrlf & _
                     "<font color='Black' size='2'>Company" & vbcrlf & _
                     "<td align='right'>" & vbcrlf & _
                     "<font color='Black' size='2'>Support " & Support & vbcrlf & _
                     "</TD>" & vbcrlf & _
                     "</table>"

	MainMenu
End Sub

Sub EnterToTab
  If Window.event.keyCode = 13 Then Window.event.keyCode = 9
End Sub

Sub Mainmenu
	Header.innerHTML = "<table width='100%' border='0' align='left'><tr><td><img src='logo.jpg'><td><class='header'>Please enter Password, Primary User and Computername<br>" & vbcrlf & _
		"And click the <b>continue</b> button.<tr><td colspan='2'><hr width='100%' SIZE='3'></table>"

	Code.innerHTML ="<table width='100%' border='0'>" & vbcrlf & _
		"<tr class='code'>" & vbcrlf & _
		"<td colspan='1' valign=''>Password:</td>" & _
		"<td colspan='2'><input type='password' name='ppassword' size='30' onkeydown='EnterToTab'></td>" & vbcrlf & _
		"<td colspan='2'></td>" & _
		"</tr>" & vbcrlf & _
		"<td colspan='1' valign=''>Primary User:</td>" & _
		"<td colspan='2'><input type='text' name='uda' size='30' onkeydown='EnterToTab'></td>" & vbcrlf & _
		"<td colspan='2'></td>" & _
		"</tr>" & vbcrlf & _
		"<td colspan='1' valign=''>Computername:</td>" & _
		"<td colspan='2'><input type='text' name='computer' size='30' onkeydown='EnterToTab'></td>" & vbcrlf & _
		"<td colspan='2'></td>" & _
		"</tr>" & vbcrlf & _
		"<tr class='code'><td colspan='5'><HR width='100%' SIZE='2'></td></tr>" & vbcrlf & _
		"<tr class='code'><td colspan='2'><input id=runbutton class='btna' onMouseOver='vbscript:activate me' onMouseOut='vbscript:deactivate me' onMouseDown='vbscript:activate2 me' type='button' value='continue' name='run_button' onClick='RunScript'>" & vbcrlf & _
    		"</table>"
	ppassword.focus
End Sub

Sub RunScript
	If ppassword.value <> "password" Then
		messages.InnerHTML = "<font color='red' size='2'>Password is not valid.<br>" & vbcrlf & _
			"<font color='black' size='2'>Retry entering the password ?<br>" & vbcrlf & _
		   	"<input class='btna' onMouseOver='vbscript:activate me' onMouseOut='vbscript:deactivate me' onMouseDown='vbscript:activate2 me' type='button' value='Yes' name='Yes_button' onClick='Yes_button'>" & vbcrlf & _
			"<input class='btna' onMouseOver='vbscript:activate me' onMouseOut='vbscript:deactivate me' onMouseDown='vbscript:activate2 me' type='button' value='No' name='No_button' onClick='No_button'>"
		Exit Sub
	ElseIf Len(uda.value) <= 4 Or Len(uda.value) > 15 Then
		messages.InnerHTML = "<font color='red' size='2'>Please enter username between 5 and 15 chars<br>"
		Exit Sub
	ElseIf Len(computer.value) <= 4 Or Len(computer.value) > 10 Then	
		messages.InnerHTML = "<font color='red' size='2'>Please enter computername between 5 and 10 chars<br>"
		Exit Sub				
	Else
		on error resume next
	 	objOSD("ALLOWOSDBUILD") = "YES"
	 	objOSD("SMSTSUdaUsers") = "domain\" & uda.value
	 	objOSD("OSDComputerName") = UCase(computer.value)
 		Set objOSD = Nothing
		window.close()
	End If 
End Sub

Sub No_button
	on error resume next
	objOSD("ALLOWOSDBUILD") = "NO"
	Set objOSD = Nothing
	window.close()
End Sub

Sub Yes_button
	messages.InnerHTML = "<font color='black' size='2'>Please try again"
	ppassword.value = ""
	ppassword.focus
End Sub


'***************************************************************************************
'****************** END SUB AREA *******************************************************
'***************************************************************************************


'***************************************************************************************
'****************** START FUNCTION AREA ************************************************
'***************************************************************************************


'***************************************************************************************
'****************** END FUNCTION AREA **************************************************
'***************************************************************************************

</SCRIPT>


<body>
<table height="100%" width="100%" border="0">

<TR>
<TD vAlign="top" height="10">
<div class="header" id="Header"></div>
</TD>
</TR>

<TR>
<TD height="200">
<div class="code" id="Code"></div>
</TD>
</TR>

<TR>
<TD align="center">
<div class="messages" id="Messages"></div>
</TD>
</TR>

<TR>
<TD align="center">
<div id="Note"></div>
</TD>
</TR>

<TR>
<TD vAlign='bottom'>
<div id="Footer"></div>
</TD>
</TR>

</html>

 

 

  • Like 1

Share this post


Link to post
Share on other sites
snooper    0

Hello,

 

I'm working on utilizing the hta mechanism. One question though, is there a way to make the mdt package only contain the things I need so the package is super small? Hate to download a all those files just to get a password prompt. If not possible, not a huge deal but thought it was worth asking.

 

Thanks

Share this post


Link to post
Share on other sites
anyweb    397

Hello,

 

I'm working on utilizing the hta mechanism. One question though, is there a way to make the mdt package only contain the things I need so the package is super small? Hate to download a all those files just to get a password prompt. If not possible, not a huge deal but thought it was worth asking.

 

Thanks

 

of course, simply copy the files you need into a folder and create a new package containing those files only, however MDT Toolkit and settings are still needed for MDT integrated task sequences.

Share this post


Link to post
Share on other sites
tcilmo    1

here's a sample Task Sequence to see it in action, simply import the XML file into SCCM 2007 sp2 (with MDT 2010 integrated) and you are nearly ready to go,

you will have to edit the task sequence to point to your packages, one package is the prompt for password containing the original wsf file, the second package is your mdt files package (which contains a subfolder in scripts called TS Password, which in turn contains the shutdown.wsf script)

 

attachicon.gifPrompt For Password.xml

 

In my example task sequence I install an application (microsoft security essentials) after successful password completion, however you could install an entire OS or more as you would with any task sequence, it's up to you.

 

Here's a description of the Task Sequence Steps:-

 

Restart to Windows PE

 

This does a check in the options tab to see if we are in WinPE, if not, it restarts the computer into WinPE so you will need to attach a boot image to this Task Sequence. The reason for this check is that we cannot interact with the user on the desktop in Windows itself, only in WinPE.

 

The options we set are:

 

This group/step will run if the following conditions are met:
If All the conditions are true:

Task Sequence Variable _SMSTSinWInPE equals False
attachicon.gifrestart to windows pe.jpg

 

Prompt For Password

 

This step runs the actual promptforpassword.wsf script directly from the package we put it in, you could clean this up even more by placing the script in the mdtfiles/scripts/ts password folder (more on that later). I've also got yet another check in here (not needed if you include the previous step) to see that we are in WinPE (see the options tab). This script returns a value for the AllowOSDBuild variable, either YES or NO depending on whether you enter the password correctly or not.

 

attachicon.gifpromptforpassword.jpg

 

Use Toolkit Package

 

This step loads the MDT Files package (needed for the next step) and you should know by now that we have copied the TS Password folder containing shutdown.wsf to the scripts sub directory of the MDT Files package.

 

Shutdown

 

attachicon.gifshutdown1.jpg

 

This step executes the script called shutdown.wsf contained in the TS Password subfolder (in the scripts directory of MDT Files package). This script will shutdown the computer if:

 

* AllowOSDBuild=NO

or

* If you click on Cancel at the password prompt screen.

 

Below is a copy of the Shutdown Step options

 

attachicon.gifshutdown2.jpg

 

Rest of Task Sequence

 

If the user enters the correct password the the Rest of the Task sequence steps will be ran as normal, in this example I install an application after rebooting back into Windows, (you can put whatever you want here, like installing an OS or migrating from XP to 7 or whatever !).

 

 

attachicon.gifrestofts.jpg

 

 

Hi Niall

 

I have been following this blog trying to get this Prompt For Password thing working. I have got this up and running for the most part now, but I am still having a problem. It is with the “Shutdown” portion of the task sequence. I have these options set: If All the conditions are true: Task Sequence Variable ALLOWOSBUILD not equals “YES”. Even though I input the correct password, the shutdown step still runs. Do you have any insight why that would be? Am I missing something? Attached is snip of my task sequence and my HTA code. Any help would be greatly appreciated.

 

--Tony

<html>
<head>
<title>Prompt for password</title>
<HTA:APPLICATION 
     ID="objAutoRefresh"
     APPLICATIONNAME="Auto Refresh"
     SCROLL="no"
     SINGLEINSTANCE="yes"
     WINDOWSTATE="maximize"
     icon="icon.ico"
     SHOWINTASKBAR="no"
     SYSMENU="no"
>

<link rel="stylesheet" type="text/css" href="skin.css">

<script language=vbscript>
sub activate(thebutton)
	thebutton.classname="btnb"
end sub
sub activate2(thebutton)
	thebutton.classname="btnc"
end sub
sub deactivate(thebutton)
	thebutton.classname="btna"
end sub
sub lblactivate(thebutton)
	thebutton.classname="lblb"
end sub
sub lblactivate2(thebutton)
	thebutton.classname="lblc"
end sub
sub lbldeactivate(thebutton)
	thebutton.classname="lbla"
end sub
</script>
</head>


<SCRIPT LANGUAGE="VBScript">

on error resume next

Set objFSO = CreateObject("Scripting.FileSystemObject")
Set WshShell = CreateObject("WScript.Shell")
Set objOSD = CreateObject("Microsoft.SMS.TSEnvironment")

Sub Window_Onload
   window.resizeTo 700,500

   window.moveTo ((screen.availWidth \ 2) - (700 \ 2)), ((screen.availHeight \ 2) - (500 \ 2))

   self.Focus()

   strVersion = "20100929"

   Footer.InnerHTML= "<HR width='100%' SIZE='2'>" & vbcrlf & _
                     "<table vAlign='bottom' border='0' width='100%'>" & vbcrlf & _
                     "<td align='left'>" & vbcrlf & _
                     "<font color='blue' size='2'>Division of IT -- Metrics & Automation" & vbcrlf & _
                     "<td align='right'>" & vbcrlf & _
                     "<font color='blue' size='2'>Version " & strVersion & vbcrlf & _
                     "</TD>" & vbcrlf & _
                     "</table>"

	MainMenu
End Sub

Sub EnterToTab
  If Window.event.keyCode = 13 Then Window.event.keyCode = 9
End Sub

Sub Mainmenu
	Header.innerHTML = "<table width='100%' border='0' align='left'><tr><td><img src='logo.gif'><td><class='header'>A password is required to continue this task sequence.<br>" & vbcrlf & _
		"Enter the password and click the <b>Continue</b> button.<tr><td colspan='2'><hr width='100%'></table>"

	Code.innerHTML ="<table width='100%' border='0'>" & vbcrlf & _
		"<tr class='code'>" & vbcrlf & _
		"<td colspan='1' valign='top'>Password:</td>" & _
		"<td colspan='2'><input type='password' name='ppassword' size='30' onkeydown='EnterToTab'></td>" & vbcrlf & _
		"<td colspan='2'><input type='checkbox' id=TogglePasswordInput name='TogglePasswordInput' onClick='TogglePasswordSub'><label class='lbla' onMouseOver='vbscript:lblactivate me' onMouseOut='vbscript:lbldeactivate me' onMouseDown='vbscript:lblactivate2 me' for=TogglePasswordInput>Show password</label>" & vbcrlf & _
		"<td colspan='2'></td>" & _
		"</tr>" & vbcrlf & _
		"<tr class='code'><td colspan='5'><HR width='100%' SIZE='2'></td></tr>" & vbcrlf & _
		"<tr class='code'><td colspan='2'><input id=runbutton class='btna' onMouseOver='vbscript:activate me' onMouseOut='vbscript:deactivate me' onMouseDown='vbscript:activate2 me' type='button' value='Continue' name='run_button' onClick='RunScript'>" & vbcrlf & _
    		"</table>"
	ppassword.focus
End Sub

Sub TogglePasswordSub
	If TogglePasswordInput.Checked Then
	   Code.innerHTML ="<table width='100%' border='0'>" & vbcrlf & _
		"<tr class='code'>" & vbcrlf & _
		"<td colspan='1' valign='top'>Password:</td>" & _
		"<td colspan='2'><input type='text' name='ppassword' size='30' value='" & ppassword.value & "' onkeydown='EnterToTab'></td>" & vbcrlf & _
		"<td colspan='2'><input type='checkbox' id=TogglePasswordInput name='TogglePasswordInput' checked onClick='TogglePasswordSub'><label class='lbla' onMouseOver='vbscript:lblactivate me' onMouseOut='vbscript:lbldeactivate me' onMouseDown='vbscript:lblactivate2 me' for=TogglePasswordInput>Show password</label>" & vbcrlf & _
		"<td colspan='2'></td>" & _
		"</tr>" & vbcrlf & _
		"<tr class='code'><td colspan='5'><HR width='100%' SIZE='2'></td></tr>" & vbcrlf & _
		"<tr class='code'><td colspan='2'><input id=runbutton class='btna' onMouseOver='vbscript:activate me' onMouseOut='vbscript:deactivate me' onMouseDown='vbscript:activate2 me' type='button' value='Continue' name='run_button' onClick='RunScript'>" & vbcrlf & _
    		"</table>"
	Else
	   Code.innerHTML ="<table width='100%' border='0'>" & vbcrlf & _
		"<tr class='code'>" & vbcrlf & _
		"<td colspan='1' valign='top'>Password:</td>" & _
		"<td colspan='2'><input type='password' name='ppassword' size='30' value='" & ppassword.value & "' onkeydown='EnterToTab'></td>" & vbcrlf & _
		"<td colspan='2'><input type='checkbox' id=TogglePasswordInput name='TogglePasswordInput' onClick='TogglePasswordSub'><label class='lbla' onMouseOver='vbscript:lblactivate me' onMouseOut='vbscript:lbldeactivate me' onMouseDown='vbscript:lblactivate2 me' for=TogglePasswordInput>Show password</label>" & vbcrlf & _
		"<td colspan='2'></td>" & _
		"</tr>" & vbcrlf & _
		"<tr class='code'><td colspan='5'><HR width='100%' SIZE='2'></td></tr>" & vbcrlf & _
		"<tr class='code'><td colspan='2'><input id=runbutton class='btna' onMouseOver='vbscript:activate me' onMouseOut='vbscript:deactivate me' onMouseDown='vbscript:activate2 me' type='button' value='Continue' name='run_button' onClick='RunScript'>" & vbcrlf & _
    		"</table>"
	End If
	ppassword.focus
End Sub

Sub RunScript
	If ppassword.value <> "password" Then
		messages.InnerHTML = "<font color='red' size='2'>Password is not valid.<br>" & vbcrlf & _
			"<font color='black' size='2'>Retry entering the password ?<br>" & vbcrlf & _
		   	"<input class='btna' onMouseOver='vbscript:activate me' onMouseOut='vbscript:deactivate me' onMouseDown='vbscript:activate2 me' type='button' value='Yes' name='Yes_button' onClick='Yes_button'>" & vbcrlf & _
			"<input class='btna' onMouseOver='vbscript:activate me' onMouseOut='vbscript:deactivate me' onMouseDown='vbscript:activate2 me' type='button' value='No' name='No_button' onClick='No_button'>"
		Exit Sub
	Else
		on error resume next
	 	objOSD("ALLOWOSDBUILD") = "YES"
 		Set objOSD = Nothing
		window.close()
	End If 
End Sub

Sub No_button
	on error resume next
	objOSD("ALLOWOSDBUILD") = "NO"
	Set objOSD = Nothing
	window.close()
End Sub

Sub Yes_button
	messages.InnerHTML = "<font color='black' size='2'>Please try again"
	ppassword.value = ""
	ppassword.focus
End Sub


'***************************************************************************************
'****************** END SUB AREA *******************************************************
'***************************************************************************************


'***************************************************************************************
'****************** START FUNCTION AREA ************************************************
'***************************************************************************************


'***************************************************************************************
'****************** END FUNCTION AREA **************************************************
'***************************************************************************************

</SCRIPT>

<body>
<table height="100%" width="100%" border="0">

<TR>
<TD vAlign="top" height="10">
<div class="header" id="Header"></div>
</TD>
</TR>

<TR>
<TD height="200">
<div class="code" id="Code"></div>
</TD>
</TR>

<TR>
<TD align="center">
<div class="messages" id="Messages"></div>
</TD>
</TR>

<TR>
<TD align="center">
<div id="Note"></div>
</TD>
</TR>

<TR>
<TD vAlign='bottom'>
<div id="Footer"></div>
</TD>
</TR>

</table>
</body>

</html>

post-24181-0-71941600-1403625594_thumb.png

Share this post


Link to post
Share on other sites
anyweb    397

it should be ALLOWOSDBUILD, you are missing a D

Share this post


Link to post
Share on other sites
tcilmo    1

it should be ALLOWOSDBUILD, you are missing a D

 

Thanks Niall!

 

One additional item I discovered with my HTA code is that someone can right click the body of the HTA file -> view source -> scroll to the bottom and see the code that specifies the password. To make this more secure, I created a Task Sequence variable in my Task Sequence to hold the password for the HTA.

 

Next, I changed this line of code: If ppassword.value <> "password" Then to If ppassword.value <> objOSD("TSPassword") Then allowing the HTA to read the Task Seqeunce variable of "TSPassword". This approach will prevent someone from grabbing the password by viewing the HTA source. Thought it would be good to share this with the community.

 

--Tony

post-24181-0-29986800-1405002101_thumb.png

  • Like 1

Share this post


Link to post
Share on other sites
AmrelMahdy    3

 

Thanks Niall!

 

One additional item I discovered with my HTA code is that someone can right click the body of the HTA file -> view source -> scroll to the bottom and see the code that specifies the password. To make this more secure, I created a Task Sequence variable in my Task Sequence to hold the password for the HTA.

 

Next, I changed this line of code: If ppassword.value <> "password" Then to If ppassword.value <> objOSD("TSPassword") Then allowing the HTA to read the Task Seqeunce variable of "TSPassword". This approach will prevent someone from grabbing the password by viewing the HTA source. Thought it would be good to share this with the community.

 

--Tony

Tcilmo,

would you please show me how you deployed the .hta program in the TS , to be more clear i Wanna see the TS Step "Prompt for Password"

Share this post


Link to post
Share on other sites
anyweb    397

the password is in the script, there is no username

 

here's the actual password as referenced in the script, you can change it from 'password' to something more suite for your environment

If MyPass = "password" then
env("ALLOWOSDBUILD") = "YES"
End If

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now