Important Feature Change: Password change with GPO’s no longer possible KB2962486/KB2928120/KB2961899 – Part 2

In part two of this post series, I will explain how we could solve our problem with ConfigMgr Settings Management and the MiniWebService, which is available for free.

Part 1 – Background Information

Part 2 – Solution Overview and installing netECM:MiniWebservice (This Post)

Part 3 – Creating ConfigMgr Settings Item

Part 4 – Retrieve the passwords with PowerShell

Overview

This solution will use a PowerShell script, which is implemented in a ConfigMgr Setting Item to generate a random password, encrypt the password and save the encrypted password to the netECM:MiniWebService. After that the unencrypted password is set for the local admin account.

The unencrypted password is never saved to the harddisk or transfered over the network. It’s only available in memory when the PowerShell script is running. The encryption is based on the RSA Asymmetric Encryption.

If you need the password later you can get it with a PowerShell script, which can be included in the ConfigMgr console or can be used standalone. It’s also possible to get the password by custom code for your ownl helpdesk tool.

Password Management

Installing the MiniWebService

Download the actual version of the netECM:MiniWebService from our Homepage.

Start the Installation:

image_thumb2 On the Welcome screen click next.
image_thumb3 Read and accept our license agreement.
image_thumb4 You can change the path where the web service is located on the disk.
image_thumb5 Configure a application pool user is mostly not required if the system account has access to configuration manager and the web service is installed on the same server like the configuration manager sms provider is located. Other wise you can specify a connection to a remote system on the next screen.
image_thumb7 On this screen you can configure the configuration manager site server, if it is a remote system. If it’s local you can skip this step.
image_thumb8 Now start the installation process…
image_thumb9 When the wizard finishes we are ready to test the service.

Test the web service

Open a PowerShell console and type the following command:

New-WebServiceProxy -Uri http://localhost/netECMMiniWebService/TSClient.svc

If you get a message like these, then your service is ready to use:

image_thumb11

Part 3 of this blog bost will be released soon and you can continue implementing the solution in your environment.

Follow me

Thomas Kurth

Principal Workplace Consultant at baseVISION AG
I’m a consultant, trainer and architect for workplace management and enterprise mobility projects with Microsoft Technologies in the past eight years. I love to push and design the modern workplace based on Windows 10, EM&S and O365 for my customers which is the only answer for the current security threats, agile world and the fast-changing business requirements of my customers. Important for me is to simplify and automate the operational processes, because there are the highest costs.

MCSEMCTCMCE
Thomas Kurth
Follow me

Latest posts by Thomas Kurth (see all)