VMware Cloud Community
sec_student_x
Contributor
Contributor

sysprep encryptedvalue details

Are there any details as to how the ENCRYPTEDVALUE in c:\sysprep\sysprep.xml is encrypted? I have a need to decrypt this value.

Thanks!

Reply
0 Kudos
3 Replies
jburen
Expert
Expert

I think it is base-64 encoded.

If you want te decode it using powershell...

$dPwD= ([system.text.encoding]::Unicode.GetString([system.convert]::Frombase64string($encryptedpassword)))

write-host $dPwD.Substring(0,($dPwD.length-8))

Consider giving Kudos if you think my response helped you in any way.
Reply
0 Kudos
sec_student_x
Contributor
Contributor

Hey jburen - thanks for the answer but this is incorrect.

within vmware (unsure if its esxi or vcenter), when templates are used to deploy a VM, they use c:\sysprep\sysprep.xml along with the PE sysprepdecrypter.exe to execute build steps on boot.

This PE performs the decryption of the file. It cannot be run from windows as it is a boot utility.

I am hoping to find data on how this enc/dec process takes place so I can hopefully recover a lost admin password.

thanks

Reply
0 Kudos
jburen
Expert
Expert

Oh ok. I thought it was the Windows sysprep file. But learning something new everyday 😉

Consider giving Kudos if you think my response helped you in any way.
Reply
0 Kudos