Re: File Encryption
- From: "Stevie" <stefstephens@xxxxxxxxxxx>
- Date: Sat, 3 Dec 2005 12:57:05 -0500
What I am trying to do is, We have roughly 1000 computers that we?d like to
change the local admin passwords on. I have a VB script that I can
implement that works perfectly to change the password. I do not want this
script sent along as clear text if I can avoid it. Is there any way I can
encrypt this script?
SET objComputer = GetObject("WinNT://W2Kmachine,computer")
SET objAccount = objComputer.GetObject("user", "Administrator")
objAccount.SetPassword "password"
objAccount.SetInfo
I know I can protect the files using Windows permissions (preventing anyone
from reading the script) or allowing only Domain Computers Read Only access?
However. How can I protect the script. If you could capture the packets,
you could easily find the script and its contents so permissions would not
matter at all in that scenario.
Maybe there is some other solutions for this? Any help and/or insight is
greatly appreciated.
StefStephens
"Marin Marinov" <marin-online@xxxxxxxxxx> wrote in message
news:MPG.1dfa84c6fd48116598990f@xxxxxxxxxxxxxxxxxxxxxxx
> In article <#wBsoi39FHA.140@xxxxxxxxxxxxxxxxxxxx>, "Milan Stojanovic"
> <username piksi@host eunet dot not com but YU> says...
>>
>> Sorry for interrupting, but I think that it is a great idea to have
>> report
>> of all workstations with some encrypted file. Do I need to modify MOF and
>> use a script, or it can be made by default mof?
>>
>> thanks in advance...
> <snip>
> Hi Milan,
> I would argue that it's such a good idea and this goes back to my
> initial question - why would one need that ;) Technically speaking,
> there are ways you could potentially do it:
> - script that recurses through all files and folders and reports data
> either in WMI or dumps a NOIDMIF file
> - figuring out how to make software inventory report IsEncrypted for a
> file. Software inventory seems to store file inventory information in
> the FileSystemFile WMI class (http://tinyurl.com/bgvqy) under root\ccm
> \invagt. However, the XML file that it generates and passes on to the MP
> (http://tinyurl.com/dk8ko) doesn't seem to contain all the properties
> available in this class.
> - for folders only, making use of the Win32_Directory class and its
> Encrypted property
>
> Bare in mind though that most of these (probably except option 2) will
> likely result in a performance hit on the respective computers. And
> again - finding out which machines have encrypted files is arguably
> beneficial plus it's reactive, not proactive. As a best practice, if
> your organization hasn't deployed a "real" PKI, deployed and maintains
> certificates for the users for use with EFS, disable EFS on the clients.
> If people can encrypt files whenever they chose without this being an
> officially designed for and supported feature, this can cause you a lot
> of headaches...pardon, "administrative overhead" ;)
>
> HTH
> --
> Cheers,
> Marin Marinov
> MCT,MCSE,MCSE:Security,MCP+I
> -
> This posting is provided "AS IS" with no warranties, and confers no
> rights.
>
> "True knowledge exists in knowing that you know nothing."
> Socrates
.
- Follow-Ups:
- Re: File Encryption
- From: Marin Marinov
- Re: File Encryption
- From: Cathy Moya [MS]
- Re: File Encryption
- References:
- File Encryption
- From: Stevie
- Re: File Encryption
- From: Marin Marinov
- Re: File Encryption
- From: Cathy Moya [MS]
- Re: File Encryption
- From: Milan Stojanovic
- Re: File Encryption
- From: Marin Marinov
- File Encryption
- Prev by Date: Re: SMS report to display Dell BIOS information
- Next by Date: Re: File Encryption
- Previous by thread: Re: File Encryption
- Next by thread: Re: File Encryption
- Index(es):
Relevant Pages
|
