Share via

Securing customSettings.INI

aj-47 66 Reputation points
2021-06-02T03:24:21.147+00:00

This is my customSettings.INI file used by MDT/SCCM OSD task sequence gather step: 

[Settings]
Priority=CSettings, Default
Properties=OSInstall, DomainNetBiosName, TimeZoneName,CustomProperty1,CustomProperty2

[Default]
OSInstall=N
SkipCapture=YES
SkipAdminPassword=NO
SkipProductKey=YES
KeyboardLocale=en-AU
SLShare=\\server1.mydomain.local\myLogs$\Logs

[CSettings]
SQLServer=server1.mydomain.local\ps1SCCM
Database=myDBTst
Netlib=DBMSSOCN
DBID=MDTMyCS
DBPwd=myPass
Table=ComputerSettings
Parameters= MacAddress, OSDCOmputerName
ParameterCondition=OR

Is there a way to secure DBPwd by either encrypting or supplying through a TS variable instead of plaintext?
SCCM version CB 1906 ; MDT integrated.

Windows for business | Windows Client for IT Pros | Devices and deployment | Set up, install, or upgrade
Microsoft Security | Intune | Configuration Manager | Deployment
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. AllenLiu-MSFT 49,321 Reputation points Microsoft External Staff
    2021-06-03T08:21:44.647+00:00

    Hi, @aj-47
    Thank you for posting in Microsoft Q&A forum.
    We may check if below article helps:
    https://techcommunity.microsoft.com/t5/windows-blog-archive/encoding-sensitive-information-in-customsettings-ini-and/ba-p/706695
    https://keithga.wordpress.com/2015/01/06/security-week-locking-down-your-deployment/
    (Please note: Information posted in the given link is hosted by a third party. Microsoft does not guarantee the accuracy and effectiveness of information.)

    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.