When you encode a vbscript, make sure the output file is given a .vbe
extension. The documentation doesn't do a very good job of pointing
this out.
For example, this is the command you would run to encode the script:
C:\>screnc myscript.vbs myencodedscript.vbe
-----Original Message-----
From: Tom Horton [mailto:tth8@cornell.edu]
Sent: Friday, December 02, 2005 12:00 PM
To: Brower, Robert; focus-ms@securityfocus.com
Subject: RE: Changing local admin PW using vb logon script - can it be
encrypted?
Hi Robert, thanks for the link. I was unaware of this piece of
Microsoft
software. Have (or has anyone) had success in getting this to work? I
have
successfully encoded my script but running it on my computer doesn't
seem to
work. I have a WScript.echo "I'm Done" command at the end of the script
that never comes up once encoded which also tells me that the script
hasn't
run. Not to mention the fact that password isn't changed. Can someone
tell
me if I'm doing something wrong? I could post the script if that will
help.
-----Original Message-----
From: Brower, Robert [mailto:brower@nursing.upenn.edu]
Sent: Friday, December 02, 2005 10:56 AM
To: tth8@cornell.edu; focus-ms@securityfocus.com
Subject: RE: Changing local admin PW using vb logon script - can it be
encrypted?
Microsoft has a script encoder you can download here. It works fine,
but isn't very strong encryption. If you're just looking to hide your
script from casual viewing this is a great product.
http://www.microsoft.com/downloads/details.aspx?FamilyId=E7877F67-C447-4
873-B1B0-21F0626A6329&displaylang=en
-----Original Message-----
From: tth8@cornell.edu [mailto:tth8@cornell.edu]
Sent: Thursday, December 01, 2005 12:03 PM
To: focus-ms@securityfocus.com
Subject: Changing local admin PW using vb logon script - can it be
encrypted?
Hi all,
Long time lurker, first time poster. We have roughly 500 computers that
we'd like to change the local admin passwords on. We realize the
security risks of having 1 password on all of our computers and are
willing to assume that risk. We've developed a VB script that we can
implement as a logon script that works perfectly to change the password.
We do not want this script sent along as clear text if we can avoid it.
Is there any way we can encrypt this script?
We've looked at options such as using Windows permissions to either deny
Domain Users access (preventing anyone from reading the script) or
allowing only Domain Computers Read Only access...however I think that
if you are logged into a local computer you should be able to read the
script. Not to mention, if you could capture the packets, you could
easily find the script and its contents so permissions would matter at
all in that scenario.
Any help and/or insight is greatly appreciated.
Best,
...tom
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
---------------------------------------------------------------------------
---------------------------------------------------------------------------
