Neither the Microsoft MMC nor PolicyPak Cloud enables you to enter in passwords. This is because when the GPOs are housed in the domain, it can be used by attackers to reverse engineer passwords stored in the GPOs.
In PolicyPak Cloud though this is less of a concern, because those fields are not readable by everyone; only admins who log on to the console. That being said this procedure is not guaranteed to be safe, because the final cPassword values are transmitted to the endpoint and could be reverse engnieered there. So you will have to use your judgement to see if this procedure is worth it for you.
So if you want to use a Group Policy Preferences item along with a password field… first start by populating your Preferences item (on-prem recommended) with as much data as you can like this; noting that the Connect as (or other fields are not changeable in the MMC editor.) Here’s two examples below.
Once you have the item, drag it to the desktop like this and open it for editing. The goal is to enter in by hand the missing details; typically the cPassword field.
To do get a cPassword, you need to provide an encrypted value in quotes.
Utilize this code and replace the “data” string with your intended password.
you can test here: https://onecompiler.com/ruby/3y33cr579
Examples:
- Encrypting "Local*P4ssword!" provides "j1Uyj3Vx8TY9LtLZil2uAuZkFQA/4latT76ZwgdHdhw"
- Encrypting "abc123" gives "Uz2Lr4XKoAyUj1HhrWbTLA"
Once you have the well-formed XML you should be able to drag it back into the MMC editor and test (if you want).
Or you can upload the XML to PolicyPak Cloud.
All well-formed XML will be accepted and should process on the endpoint.
Note that PolicyPak Preferences will need to be licensed for PolicyPak Cloud; and in domain-joined scenarios that component is automatically disabled until expressly enabled.
For more details on that, please read: https://kb.policypak.com/kb/article/1143-why-is-policypak-preferences-original-version-forced-disabled-by-default/