Export (0) Print
Expand All

Hide Sensitive Data in an Answer File

Published: October 22, 2009

Updated: October 22, 2009

Applies To: Windows 7

noteNote
This content applies to Windows 7. For Windows 8 content, see Windows Deployment with the Windows ADK.

Windows® System Image Manager (Windows SIM) enables you to hide the passwords for the administrator account and any other user accounts on the local system in an answer file. Hiding passwords in an answer file prevents users from reading the answer file and identifying passwords for local accounts.

The settings that you can hide include:

  • Microsoft-Windows-Shell-Setup | AutoLogon | Password

  • Microsoft-Windows-Shell-Setup | UserAccounts | AdministratorPassword

  • Microsoft-Windows-Shell-Setup | UserAccounts | LocalAccounts | LocalAccount | Password

This option only hides the passwords in an answer file and does not provide encryption or other security benefits. Consider answer files as sensitive data and be careful about authorizing access to your answer files.

noteNote
Domain passwords, product keys, and other sensitive data may still be available as clear text in an answer file. You can hide only local account passwords in an answer file.

To hide account passwords in an answer file

  1. Open Windows SIM.

  2. Open a Windows image. For more information, see Open a Windows Image or Catalog File.

  3. Open or create an answer file. For more information, see Open an Answer File.

  4. Add one of the following password settings to your answer file:

    • Microsoft-Windows-Shell-Setup | AutoLogon | Password

    • Microsoft-Windows-Shell-Setup | UserAccounts | AdministratorPassword

    • Microsoft-Windows-Shell-Setup | UserAccounts | LocalAccounts | LocalAccount | Password

  5. Add a value to one or more of the password settings.

  6. On the Tools menu, check Hide Sensitive Data. This ensures that when the answer file is saved, the password information will be hidden.

  7. Save the answer file and close Windows SIM. The answer file must look similar to the following example:

       <component name="Microsoft-Windows-Shell-Setup" processorArchitecture="x86" publicKeyToken="31bf3856ad364e35" language="neutral" versionScope="nonSxS" xmlns:wcm="http://schemas.microsoft.com/WMIConfig/2002/State" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
          <UserAccounts>
             <LocalAccounts>
                <LocalAccount wcm:action="add">
                   <Password>
                      <Value>UABhAHMAcwB3AG8AcgBkADEAMgAzADQANgBQAGEAcwBzAHcAbwByAGQA</Value> 
                      <PlainText>false</PlainText> 
                   </Password>
                   <Description>MyAccountName</Description> 
                   <DisplayName>MyAccountName</DisplayName> 
                   <Group>FabrikamGroup</Group> 
                   <Name>MyAccountName</Name> 
                </LocalAccount>
             </LocalAccounts>
          </UserAccounts>
       </component>
    
noteNote
The <PlainText> element is added to the answer file by Windows SIM and is used during Windows Setup to denote whether or not the password is in plain text.

See Also

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft