Best Practice - DomainJoin - AES256 encrypted
General information
Starting with DomainJoin Package 1.14 (part of the WinPE_PreBoot_Support_1.9.13 package), an AES256 encrypted password can be used for domain join via the variable "DomainJoinCredentialsPasswordAesEncrypted".
Encrypt password
To do this, you must use the EmpCrypt.exe tool for encryption.
D:\Empirum\AddOns\Encrypter\EmpCrypt.exe /AES256 <Password>
This AES256 encrypted password must then be entered and saved in EMC > Configuration > Variable Configurations > DomainJoin in DomainJoinCredentialsPasswordAesEncrypted.
If an AES256 encrypted password is entered, the value "DomainJoinCredentialsPassword" is ignored.
The WinPE boot image must then be recreated.
Log
After installing the operating system, the log entries will look like this:
A note appears stating that the password is encrypted using AES256.
The number of characters is displayed so that you can check whether the AES256 encrypted password has been used.