Securing customSettings.INI

aj-47 66 Reputation points
2021-06-02T03:24:21.147+00:00

This is my customSettings.INI file used by MDT/SCCM OSD task sequence gather step:

[Settings]
Priority=CSettings, Default
Properties=OSInstall, DomainNetBiosName, TimeZoneName,CustomProperty1,CustomProperty2

[Default]
OSInstall=N
SkipCapture=YES
SkipAdminPassword=NO
SkipProductKey=YES
KeyboardLocale=en-AU
SLShare=\\server1.mydomain.local\myLogs$\Logs

[CSettings]
SQLServer=server1.mydomain.local\ps1SCCM
Database=myDBTst
Netlib=DBMSSOCN
DBID=MDTMyCS
DBPwd=myPass
Table=ComputerSettings
Parameters= MacAddress, OSDCOmputerName
ParameterCondition=OR

Is there a way to secure DBPwd by either encrypting or supplying through a TS variable instead of plaintext?
SCCM version CB 1906 ; MDT integrated.

Microsoft Deployment Toolkit
Microsoft Deployment Toolkit
A collection of Microsoft tools and documentation for automating desktop and server deployment. Previously known as Microsoft Solution Accelerator for Business Desktop Deployment (BDD).
888 questions
Microsoft Configuration Manager Deployment
Microsoft Configuration Manager Deployment
Microsoft Configuration Manager: An integrated solution for for managing large groups of personal computers and servers.Deployment: The process of delivering, assembling, and maintaining a particular version of a software system at a site.
970 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. AllenLiu-MSFT 44,346 Reputation points Microsoft Vendor
    2021-06-03T08:21:44.647+00:00

    Hi, @aj-47
    Thank you for posting in Microsoft Q&A forum.
    We may check if below article helps:
    https://techcommunity.microsoft.com/t5/windows-blog-archive/encoding-sensitive-information-in-customsettings-ini-and/ba-p/706695
    https://keithga.wordpress.com/2015/01/06/security-week-locking-down-your-deployment/
    (Please note: Information posted in the given link is hosted by a third party. Microsoft does not guarantee the accuracy and effectiveness of information.)


    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.