Hi Tom, 3 possible options out of the mind: - Use GPO setting for a default admin pwd => Hashed PW will be transmitted by applying the pw (not really save, but better than cleartext) - Use SMB-Signing for Client/Server requests/replies => secured transmission of logon events (cleartext, but secured in a signed transport layer) - Use IPSec for network traffic => best solution ever for secure transmission of IP-Traffic but most efforts for rollout & running an enviroment
Hope it helped ;) Andreas Habedank ---------------- HBDK.DE - IT-Security Management & Consulting - Ledersberg 3 - D-83727 Schliersee Mile2.com CPTS Instructor / CEH / MCSE / RSA SecurID SE -----Ursprüngliche Nachricht----- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Gesendet: Donnerstag, 1. Dezember 2005 18:03 An: [email protected] Betreff: Changing local admin PW using vb logon script - can it be encrypted? Hi all, Long time lurker, first time poster. We have roughly 500 computers that wed like to change the local admin passwords on. We realize the security risks of having 1 password on all of our computers and are willing to assume that risk. Weve developed a VB script that we can implement as a logon script that works perfectly to change the password. We do not want this script sent along as clear text if we can avoid it. Is there any way we can encrypt this script? Weve looked at options such as using Windows permissions to either deny Domain Users access (preventing anyone from reading the script) or allowing only Domain Computers Read Only access however I think that if you are logged into a local computer you should be able to read the script. Not to mention, if you could capture the packets, you could easily find the script and its contents so permissions would matter at all in that scenario. Any help and/or insight is greatly appreciated. Best, tom --------------------------------------------------------------------------- --------------------------------------------------------------------------- --------------------------------------------------------------------------- ---------------------------------------------------------------------------
