cancel
Showing results for 
Search instead for 
Did you mean: 

Re: Set a password per script

Jump to solution

Would this work?

initial state: disabled and no password

sadmin passwd
<type a password>

then copy "C:\Program Files\McAfee\Solidcore\passwd" file to source control (file is not yet protected).

 

in the automated image creation process:

initial state: disabled and no password

dont use sadmin passwd, instead:
1) sadmin solidify ...
2) copy passwd file to "C:\Program Files\McAfee\Solidcore\"
3) sadmin enable -z <password from passwd file>
4) shutdown / reboot

McAfee Employee BEllis
McAfee Employee
Report Inappropriate Content
Message 12 of 15

Re: Set a password per script

Jump to solution

Honestly if imaging. I would do the following. 

 

1. Install solidcore, Leave disabled 

2. Sync with EPO (verifiy managed) and verify your passwd file exists in C:\program file\mcafee\solidcore

3. Make image.

4. When system image is deployed. Send client task to enable/solidify incase missing updates or software changes after.. 

McAfee Support

Benjamin Ellis

Was my reply helpful?

If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Re: Set a password per script

Jump to solution

We dont use the EPO server.

We have a unified configuration tool for final settings before the product leaves the factory.

From the replies so far and my tests "sadmin enable -z <cur-pwd>" would be usable, but "sadmin passwd" not as it does not read the new password from stdin.

Is there an API (DLL) we can use to set the password and to enable? Something we can call from our tool? 

Re: Set a password per script

Jump to solution

Another related question:

The password file is not transferable, correct? I mean, setting a password in an image and then installing it to two different machines, the predefined password would still work or not?

If the computer is renamed, the password is still valid (so, the random number added to the SHA2 is not derived from the computer name), correct?

Re: Set a password per script

Jump to solution

There seem to be two solutions to the problem:

 

1) Generate the passwd file without sadmin.exe

The syntax of the passwd file is pretty easy. It is:
<username>:<random UUID>!<sha512(<password><random UUID>)>;
The file is stored in UTF-16 without a BOM and terminated with a L'\0'.
The file can only be written if application control is disabled.

 

2) Write a console wrapper to sadmin, e.g. in c++. The wrapper calling sadmin.exe shares the console input buffer with sadmin and can use the windows API WriteConsoleInput to pass the password over.

 

More McAfee Tools to Help You
  • Subscription Service Notification (SNS)
  • How-to: Endpoint Removal Tool
  • Support: Endpoint Security
  • eSupport: Policy Orchestrator
  • Community Help Hub

      New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

    • Find Forum FAQs
    • Learn How to Earn Badges
    • Ask for Help
    Go to Community Help

    Join the Community

      Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

    • Get helpful solutions from McAfee experts.
    • Stay connected to product conversations that matter to you.
    • Participate in product groups led by McAfee employees.
    Join the Community
    Join the Community