Microsoft

System Center Configuration Manager Feedback

Suggestion box powered by UserVoice

How can we improve Configuration Manager?

Secret task sequence variable value Exposed

We have the need to run a command line in the task sequence and leverage a secret value TS variable ADMACCTPW set with the local admin account password. Example Run Command Line "net user admin %ADMACCTPW%
The issue is in the SMSTS.log the variables are all expanded like the ProgramName = 'net user admin mynewadminpassword' InstallSoftware 7/1/2016 12:58:58 PM 4468 (0x1174)

Thereby exposing the secret value TS variable

39 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Rick Gates shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    Hi,

    We’ve made some changes to hide ProgramName value in SMSTS.log. Check out the section Improvements to OS Deployment in the documentation link below. Task Sequence variables can now be set to ‘hidden’ in the Task Sequence Editor as well, mirrors the behavior used for Collection Variables.

    Docs: https://docs.microsoft.com/en-us/sccm/core/get-started/capabilities-in-technical-preview-1804

    General Blog: https://cloudblogs.microsoft.com/enterprisemobility/?p=70257

    Try it out and let us know your thoughts. Thanks for all your feedback.

    1 comment

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • Michael Kenntenich commented  ·   ·  Flag as inappropriate

        Your workaround works, but the basic issue is that "secret" values for Task sequence variables are exposed in smsts.log although it is protected in the console and database. The tool smsswd.exe should really be changed so that it won't expose the full program name including all parameters when a secret task sequence variable is used.

      Feedback and Knowledge Base