Q

Can I encrypt CMD scripts so that they aren't readable but are still executable?

We have a number of CMD scripts that pass login credentials to either Microsoft SQL or remote client (rclient) to control operations on other servers. Is there a way to encrypt or encode these files so that they are not readable, but are still executable? We are running NT4 and 2000.
There are several possible approaches to this problem, including using the Data Protection API (DPAPI) to encrypt the connection string portion that holds the user credentials, using the network security identify of the user (using the Trusted Connection or Integrated Security attribute), storing credentials in a configuration file (don't do so in clear text) and securing the communication channel using IPSec or SSL. An excellent discussion on the methods available for securing connection strings for MS SQL Server is available in the Data access security chapter of the Building Secure ASP.NET applications. Several of these methods require the use of ASP.NET but others may be suitable in your circumstances.

By the way, I strongly recommend the entire document for every MS SQL Server administrator, programmer and even Windows administrators who work with Web and database applications. It's a total of 600 pages packed with security information and addresses real world scenarios.

I'm sorry I cannot direct you to "rclient" resources of the same caliber.

This was first published in April 2003

Dig deeper on Windows legacy operating systems

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchVirtualDesktop

SearchWindowsServer

SearchExchange

Close