The GPTalk Mailing List

The GPTALK mailing list is where you can send and receive email related to Windows Group Policy. You must subscribe to the list to send and receive mail from the list. The purpose of the list is to provide a forum for asking and answering technical questions related to Group Policy. Any question is fair game as long as it is related to Windows Group Policy. The Archives for this list can be found on this page.

List Posts

Unanswered Active Topics

Forums Search

Forums >GPTalk >GPTalk Mailing List

Subject: [gptalk] Hard Code PW in GP?

Prev Next

You are not authorized to post a reply.

Author

Messages

jsclmedave User is Offline

Posts:67

04/23/2010 4:33 PM
I was asked about putting a hard coded password in GP for a service account. I do not recall anyone ever doing this before and my initial response is it would be a security risk. It is needed for a VDI Template (or app) and they feel that the password needs to be stored in GP as well... Any links or thoughts would be greatly appreciated. I am not sure how to respond to this... Tim Bolton 148 2nd Street North Central City Iowa, 52214 Microsoft Certified IT Professional Blog - Http://timbolton.net/ "Applying computer technology is simply finding the right wrench to pound in the correct screw." ~ Steve Riley

Tim Bolton

dmarelia

Posts:394

04/23/2010 4:45 PM
Where would you put the password Tim? You mean using GP Preferences? If so, then just know that, while the passwords stored by GPP are hashed, the hashing algorithm is publicly documented, and therefore not secure. So anyone with the ability to read the GPO's contents (which means anyone that can process the GPO) would theoretically be able to get the password. In any case, generally speaking, putting passwords in scripts or in policy where people can get to them is not a great idea unless you really don't care if the password is compromised (for example, the service account is not privileged and can't really do much other than service your app). Darren -----Original Message----- From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Tim Bolton Sent: Friday, April 23, 2010 8:14 AM To: xxxxxxxxxxxxxxxx Subject: [gptalk] Hard Code PW in GP? I was asked about putting a hard coded password in GP for a service account. I do not recall anyone ever doing this before and my initial response is it would be a security risk. It is needed for a VDI Template (or app) and they feel that the password needs to be stored in GP as well... Any links or thoughts would be greatly appreciated. I am not sure how to respond to this... Tim Bolton 148 2nd Street North Central City Iowa, 52214 Microsoft Certified IT Professional Blog - Http://timbolton.net/ "Applying computer technology is simply finding the right wrench to pound in the correct screw." ~ Steve Riley

jsclmedave User is Offline

Posts:67

04/23/2010 4:47 PM
I am only getting a 2nd hand version of the question, but I will try to get more info. My initial response was NO this is a bad idea and to be honest I am more interested in figuring out what in the world they are attempting to do now... I think they are way off base trying to use a GP for this at all. I will post more when I have the info. Tim Bolton 148 2nd Street North Central City Iowa, 52214 Microsoft Certified IT Professional Blog - Http://timbolton.net/ "Applying computer technology is simply finding the right wrench to pound in the correct screw." ~ Steve Riley On Fri, Apr 23, 2010 at 10:25 AM, Darren Mar-Elia <xxxxxxxxxxxxxxxx> wrote: > Where would you put the password Tim? You mean using GP Preferences? If so, then just know that, while the passwords stored by GPP are hashed, the hashing algorithm is publicly documented, and therefore not secure. So anyone with the ability to read the GPO's contents (which means anyone that can process the GPO) would theoretically be able to get the password. In any case, generally speaking, putting passwords in scripts or in policy where people can get to them is not a great idea unless you really don't care if the password is compromised (for example, the service account is not privileged and can't really do much other than service your app). > > Darren > > -----Original Message----- > From: xxxxxxxxxxxxxxxx [mailto:xxxxxxxxxxxxxxxx] On Behalf Of Tim Bolton > Sent: Friday, April 23, 2010 8:14 AM > To: xxxxxxxxxxxxxxxx > Subject: [gptalk] Hard Code PW in GP? > > I was asked about putting a hard coded password in GP for a service > account. I do not recall anyone ever doing this before and my initial > response is it would be a security risk. > > It is needed for a VDI Template (or app) and they feel that the > password needs to be stored in GP as well... > > Any links or thoughts would be greatly appreciated. I am not sure how > to respond to this... > > > Tim Bolton > 148 2nd Street North > Central City Iowa, 52214 > > Microsoft Certified IT Professional > > Blog - Http://timbolton.net/ > > "Applying computer technology is simply finding the right wrench to > pound in the correct screw." ~ Steve Riley > >

Tim Bolton

You are not authorized to post a reply.

Forums >GPTalk >GPTalk Mailing List > [gptalk] Hard Code PW in GP?

ActiveForums 3.7

Ads

The GPTalk Mailing List

List Posts

Members

Ads