cat-users AT lists.geant.org
Subject: The mailing list for users of the eduroam Configuration Assistant Tool (CAT)
List archive
Re: [[cat-users]] Set credentials by installer won't work under Windows 10 (1809)
Chronological Thread
- From: Tomasz Wolniewicz <address@concealed>
- To: address@concealed
- Subject: Re: [[cat-users]] Set credentials by installer won't work under Windows 10 (1809)
- Date: Mon, 7 Oct 2019 14:59:27 +0200
Hi,
I have confirmed that credential setting for PEAP works for Windows 10 both 1809 and 1903
Tomasz
Hi,
I have a problem setting the credentials automatically by the
installer (and as deployment). If the creds would be set by the
included "WLANSetEAPUserDatax64.exe" it don't work under Windows
10 (1809) - under Windows 7 its all fine. If I add the
credentials manually it works, too.
I have decrypted the MSMUserData for manually and automatically set credentials and got the following result:
- manually: MSMUserData contains the password as encrypted
blob (need to be decrypted in a second step) - only the
username is readable in this step (like under windows 7)
- automatically: MSMUserData is much smaller than the manually one and the password is readably in this first step
The script I have used to decrypt the MSMUserData (Decrypt-MSMUserData):
param(
[String]$Path = ".\eap.blob",
[Switch]$EapExtractMode
)
function main() {
Load-ProtectedDataApi
cd C:\UB\
whoami
$b = gc $Path -Encoding Byte
$datetime = (Get-Date -Format s) -replace ":","-"
$bdec = [System.Security.Cryptography.ProtectedData]::Unprotect($b,$null,'Localmachine')
[System.Environment]::CurrentDirectory = Get-Location
[System.IO.File]::WriteAllBytes(('eap-dec-{0}.blob' -f $datetime), $bdec)
}
function Load-ProtectedDataApi() {
try {
$null = [System.Security.Cryptography.ProtectedData]
} catch {
Write-Verbose 'Adding assemly: System.Security'
Add-Type -AssemblyName 'System.Security'
$null = [System.Security.Cryptography.ProtectedData]
$Error.Clear()
}
}
function GetEAPBytes() {
$RegBase = "Registry::HKEY_CURRENT_USER\Software\Microsoft\Wlansvc\UserData\Profiles"
$profiles = @{}
ls $RegBase | % -Begin {$i = 0} {$i++; $profiles[$i] = $_.Name; Write-host $("[{0:d2}] {1}" -f $i,$_.Name)}
$choice = Read-Host -Prompt "Choice"
$profile = "$profiles[[int]$choice]"
$MSMUserData = (Get-ItemProperty -Path "Registry::$profile").MSMUserData
return $MSMUserData
}
if (!$EapExtractMode) {
main
return
}
$eapBytes = GetEAPBytes
$datetime = (Get-Date -Format s) -replace ":","-"
[System.Environment]::CurrentDirectory = Get-Location
[System.IO.File]::WriteAllBytes(('eap-{0}.blob' -f $datetime), $eapBytes)
Call as User:
.\Decrypt-MSMUserData -EapExtractMode
Call from a console of user SYSTEM (created by psexec -s -i powershell.exe):
.\Decrypt-MSMUserData -Path eap-<DATETIME>.blob # READ eap-dec-<DATETIME>.blob
Mit freundlichen Grüßen Mattias Baake
--
Tomasz Wolniewicz
address@concealed http://www.home.umk.pl/~twoln
Uniwersyteckie Centrum Informatyczne Information&Communication Technology Centre
Uniwersytet Mikolaja Kopernika Nicolaus Copernicus University,
pl. Rapackiego 1, Torun pl. Rapackiego 1, Torun, Poland
tel: +48-56-611-2750 tel kom.: +48-693-032-576
Attachment:
smime.p7s
Description: Kryptograficzna sygnatura S/MIME
- [[cat-users]] Set credentials by installer won't work under Windows 10 (1809), Mattias Baake, 10/04/2019
- Re: [[cat-users]] Set credentials by installer won't work under Windows 10 (1809), Tomasz Wolniewicz, 10/06/2019
- Re: [[cat-users]] Set credentials by installer won't work under Windows 10 (1809), Martin Pauly, 10/06/2019
- Re: [[cat-users]] Set credentials by installer won't work under Windows 10 (1809), Tomasz Wolniewicz, 10/07/2019
- Re: [[cat-users]] Set credentials by installer won't work under Windows 10 (1809), Tomasz Wolniewicz, 10/06/2019
Archive powered by MHonArc 2.6.19.