We've recently had independent security consultants come and look at our security, and one of the points they raised about our system is that we have several batch files that include login information (as part of NET USE commands) and recommended that this was not stored in a plain text format, which we accept.
I have therefore been looking of late at a few batch file compilers (bat2exe and batlite).
They both work well, and I can run NET USE commands from within them that connect to servers using specific accounts. However, they work by compiling individual commands, and if somebody is nosy enough to read the batch file to get login ID/password information, opening the compiled file in a hex editor of their choice will do the same, so really what I need is for the commands to be encrypted by the compiler before running.
The batch files (or whatever replaces them) have to be able to run via the Windows scheduler - as they perform automated server to server backups between sites. EFS encrypted files via the account that runs it had occurred to me, but I do need this to be runnable by multiple people (without having several copies of the file each encrypted for different users with their own key).
We don't have a Windows domain, so can't use domain accounts here to secure cross server access, and having the same login ID and password on different servers isn't particularly secure (if it is inconvenient for us).
Rewriting as VBScript would be an option, but they would still need plain text login ID and password information enclosed.
Question: Can anybody think of a solution to this?
John
I have therefore been looking of late at a few batch file compilers (bat2exe and batlite).
They both work well, and I can run NET USE commands from within them that connect to servers using specific accounts. However, they work by compiling individual commands, and if somebody is nosy enough to read the batch file to get login ID/password information, opening the compiled file in a hex editor of their choice will do the same, so really what I need is for the commands to be encrypted by the compiler before running.
The batch files (or whatever replaces them) have to be able to run via the Windows scheduler - as they perform automated server to server backups between sites. EFS encrypted files via the account that runs it had occurred to me, but I do need this to be runnable by multiple people (without having several copies of the file each encrypted for different users with their own key).
We don't have a Windows domain, so can't use domain accounts here to secure cross server access, and having the same login ID and password on different servers isn't particularly secure (if it is inconvenient for us).
Rewriting as VBScript would be an option, but they would still need plain text login ID and password information enclosed.
Question: Can anybody think of a solution to this?
John