mpande
Posts: 9
Joined: Tue Sep 28, 2021 1:52 pm

Secure Property User Password isn't specified value

Wed Oct 20, 2021 7:44 pm

Hi!

We're running into an issue with our installer. We have a property (a password) that has the hidden and secure check boxes check. That property is used in several places, and seems to work, but we've got a problem in that it appears it is being altered.

Under users and groups we have a windows user set up with "Use a property to set password" and that property is our secure hidden password. That user runs a service, and a scheduled task. The service runs successfully, and the scheduled task can also be run, so something is happening. Unfortunately we are unable to edit the scheduled task or log in as that user. The password is not recognized.

I've edited our installer as a test, changing the property so that it is no longer hidden or secure. When I do that I am able to edit the scheduled task and log in as that user. Unfortunately we have a large base of installs that were done using the secure hidden property. We don't know what the actual password be is for these sites. My interpretation of events is that maybe the encrypted version of the password is being used instead of the password itself, but I don't know for sure that that is what is going on.

How do we get out of this bind? Is there a way to determine what that actual password being used is? Echoing the property back in an inline script file gives us the value we specified, but not what is actually being used.

Catalin
Posts: 4527
Joined: Wed Jun 13, 2018 7:49 am

Re: Secure Property User Password isn't specified value

Thu Oct 21, 2021 11:51 am

Hello,

I have tested this scenario and I was able to replicate the behavior you described.

You are indeed right about the password being "altered".

The property that stores the password is encrypted before the User is created, therefore the password will be the encrypted version.

order.png
order.png (139.23KiB)Viewed 6035 times

If you want to find the value of the encrypted property, you can proceed as it follows:

- go to "Custom Actions" page

- add a MessageBox custom action that shows your property

- schedule the custom action after the "Remove Resources" action group, with its "Execution Time" set to "When the system is being modified (deferred)"

This should display the encrypted version of the password which you can use afterwards to login the computer.

Hope this helps!

Best regards,
Catalin
Catalin Gheorghe - Advanced Installer Team
Follow us: Twitter - Facebook - YouTube

mpande
Posts: 9
Joined: Tue Sep 28, 2021 1:52 pm

Re: Secure Property User Password isn't specified value

Thu Oct 28, 2021 4:47 pm

Thanks! We discovered what was actually being used as the password and addressed the immediate issue. Going forward how will this issue be addressed by advanced installer? When will a fix be released?

Catalin
Posts: 4527
Joined: Wed Jun 13, 2018 7:49 am

Re: Secure Property User Password isn't specified value

Thu Oct 28, 2021 5:06 pm

Hello,

You are always welcome! I am glad the solution helped.

Please note, however, that this is not a bug.

If you want to permanently get rid of this, you can edit the custom action's sequence in the "Table Editor" page, so the "AI_SecureProperty" action executes after the "AI_ProcessAccounts" action.

Best regards,
Catalin
Catalin Gheorghe - Advanced Installer Team
Follow us: Twitter - Facebook - YouTube


Catalin
Posts: 4527
Joined: Wed Jun 13, 2018 7:49 am

Re: Secure Property User Password isn't specified value

Thu Oct 28, 2021 5:18 pm

You are always welcome!

Best regards,
Catalin
Catalin Gheorghe - Advanced Installer Team
Follow us: Twitter - Facebook - YouTube

wholt@nabancard.com
Posts: 6
Joined: Mon Feb 01, 2021 11:15 pm

Re: Secure Property User Password isn't specified value

Mon Nov 15, 2021 6:52 pm

Why would you alter the password I have saved to use as the account password and make it something I cant use or know?

Let me explain what we are trying to do, and you can either tell me what we are doing wrong, or perhaps how to make it so its correct.

We want the user account passwords stored in AIP so that they are not hackable or exposed to someone.
The user pwd is saved in an AIP property called 'NopPwd'
This property is then use in AIP in:
1. User & Groups, setting up a windows user called 'NopUser'
2. During a custom action call which executes our CA Dll to install a complicated service and its dependencies, the property is passed in for it to use.

It seems odd to move the securing of the property data to later and risk exposer, but fine, hopefully we shall remember to do that in any future builds, but more importantly, is moving it below the AI_ProcessAccounts sufficient, given we also use it the custom action dll execution? Otherwise I could see the user being setup now with the correct and specified password, yet the one being passed to the dll being the new incorrect and mutated pwd value.

Catalin
Posts: 4527
Joined: Wed Jun 13, 2018 7:49 am

Re: Secure Property User Password isn't specified value

Wed Nov 17, 2021 5:18 pm

Hello,
Why would you alter the password I have saved to use as the account password and make it something I cant use or know?
That is what the "Secure property" option is intended to do - i.e. encrypt the property..
Let me explain what we are trying to do, and you can either tell me what we are doing wrong, or perhaps how to make it so its correct.
You are not doing anything wrong here. Also, please note I have given a solution for this above.
is moving it below the AI_ProcessAccounts sufficient, given we also use it the custom action dll execution? Otherwise I could see the user being setup now with the correct and specified password, yet the one being passed to the dll being the new incorrect and mutated pwd value.
If you are using this property in your custom action as well, you might want to do the encyrption after the custom action is executed, so it doesn't take the encrypted value.
The user pwd is saved in an AIP property called 'NopPwd'
Here, if possible, I would advise using a public property (uppercase only, e.g. NOP_PWD), as opposed to a private property. More information about this in the following article:

Windows Installer Properties

Hope this helps!

Best regards,
Catalin
Catalin Gheorghe - Advanced Installer Team
Follow us: Twitter - Facebook - YouTube

Return to “Common Problems”