My colleage at Atea, Oddvar Håland Moe, have written a script that dumps the password of the network access account from the boot image in plain text. This is why you never enable command line support in your boot images on a production network. Anyone will be able to retrieve the password during PXE boot / OS deployment.
SetEnv = CreateObject("Microsoft.SMS.TSEnvironment")ForEachts in Env.GetVariables()Ifts ="_SMSTSReserved2"Thenwscript.echo"Password for Network Access Account is: "& Env(ts)EndIfNext
- Press F8 to open up the command line console.
- Open notepad.exe and type in the script.
- Save it and run it with cscript.exe.
That’s it, the password of the network access account is dumped in plain text.
To protect your system against this, make sure command line support is not enabled in your boot images, and use a dedicated account for the network access with minimum rights necessary.
Be sure to visit Oddvar’s website: MSITpros.