Hide Sensitive Data in an Answer File

3/21/2011

Image Configuration Editor enables you to hide the passwords for the administrator account and any other user accounts on the local system in an answer file. Hiding the passwords in an answer file prevents users from reading the answer file and identifying passwords for local accounts.

The settings that you can hide include the following:

• Microsoft-Windows-Shell-Setup | AutoLogon | Password
• Microsoft-Windows-Shell-Setup | UserAccounts | AdministratorPassword
• Microsoft-Windows-Shell-Setup | UserAccounts | LocalAccounts | LocalAccount | Password

This option only hides the passwords in an answer file and does not provide encryption or other security benefits. Consider answer files as sensitive data and be careful about authorizing access to your answer files.

Note

Domain passwords, product keys, and other sensitive data might still be available as clear text in an answer file. You can only hide local account passwords in an answer file.

To hide account passwords in an answer file

1. Open Image Configuration Editor.

2. Open or create an answer file. For more information, see Create an Answer File in Image Configuration Editor.

3. Add one of the following password settings to your answer file:

   • WinEmb-Shell-Setup | AutoLogon | Password
   • WinEmb-Shell-Setup | UserAccounts | AdministratorPassword
   • WinEmb-Shell-Setup | UserAccounts | LocalAccounts | LocalAccount | Password

4. Add a value to one or more of the password settings.

5. On the Tools menu, select Hide Sensitive Data. This guarantees that when the answer file is saved, the password information will be hidden.

6. Save the answer file and close Image Configuration Editor. The answer file must resemble the following example:

      <component name="WinEmb-Shell-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="https://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
         <UserAccounts>
            <LocalAccounts>
               <LocalAccount wcm:action="add">
                  <Password>
                     <Value>UABhAHMAcwB3AG8AcgBkADEAMgAzADQANgBQAGEAcwBzAHcAbwByAGQA</Value> 
                     <PlainText>false</PlainText> 
                  </Password>
                  <Description>MyAccountName</Description> 
                  <DisplayName>MyAccountName</DisplayName> 
                  <Group>FabrikamGroup</Group> 
                  <Name>MyAccountName</Name> 
               </LocalAccount>
            </LocalAccounts>
         </UserAccounts>
      </component>
   

Note

The <PlainText> element is added to the answer file by Image Configuration Editor and is used during Image Builder to indicate whether the password is in plain text or not.

See Also

Other Resources

Image Configuration Editor Technical Reference