Hi,
Passwords for new users or for joining a domain could defined in plain text or encrypted at sysprep.xml or unattend.xml file. But they are not “really” encrypted.
The password is simply Base64 encoded. The attached Powershell script tries to decodes all Usernames with their passwords from a unattend.xml file.
Example
<AdministratorPassword>
<Value>VABoAGUAIABBAGQAbQBpAG4AIABQAGEAcwBzAHcAbwByAGQAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBQAGEAcwBzAHcAbwByAGQA</Value>
<PlainText>false</PlainText>
</AdministratorPassword>
The decodes the Base64 String, but at the the of the String the usage of the password is appended (The name of the parent XML node. Here:AdministratorPassword). This must be cut off.
PS d:> $sPassword=[System.Text.Encoding]::Unicode.GetString([System.Convert]::FromBase64String("VABoAGUAIABBAGQAbQBpAG4AIABQAGEAcwBzAHcAbwByAGQAQQBkAG0AaQBuAGkAcwB0AHIAYQB0AG8AcgBQAGEAcwBzAHcAbwByAGQA"))
PS d:> write-host $sPassword
The Admin PasswordAdministratorPassword
PS d:> $sPassword=[System.Text.RegularExpressions.Regex]::Replace($sPassword ,"AdministratorPassword$","")
PS d:> write-host $sPassword
The Admin Password
Michael
Script to recover lost Passwords from a unattend/sysprep.xml file
RecoverUnattendSysprepPassword.ps1
Version: 1.0
RecoverUnattendSysprepPassword.ps1
Version: 1.0
Script to recover lost Passwords from a unattend/sysprep.xml file
| Author: | Michael |
| Category: | Powershell Scripts |
| Date: | October 20, 2016 |