With the release of SmartDeploy version 3.0.2046, we have changed the encryption process used for assets like Answer File credentials, client messaging, etc. These changes were made to increase the security of your SmartDeploy environment.
How the new encryption works
Rather than using general encryption keys, scoped keys will be used at a per-function level. This means servers, media (Deployment Packages, USB & CD\DVD Boot and Offline Deployment Media as well as WDS Boot Media) and clients will all have separate encryption keys.
Recommended actions for SmartDeploy users
After updating to version 3.0.2046, we also recommend updating all existing media, recreating answer files, and updating your SmartDeploy clients — to take advantage of the latest security enhancements.
Reason: We’ve made every effort to ensure backward compatibility and while old answer files and existing media will continue to work, there may be issues in decrypting some information that would manifest as a padding error or cryptographic exception. See section below for more details on what is no longer supported or will require a workaround.
For assistance with updating boot media, recreating answer files, and updating SmartDeploy clients, please see the following KBs:
- Generating an answer file
- Creating boot media
- Updating the SmartDeploy client
- General SmartDeploy support
Important changes to note:
Starting from version 3.0.2046, the following processes will no longer be supported, or will require a workaround:
- Version downgrades: Once you have updated to version 3.0.2046, we do not recommend downgrading as the new encryption process is incompatible with older versions. If you must downgrade, follow the steps at the end of this article to ensure the process will complete.
- Manually copying answer files to SmartDeploy media: Manually copying answer files to SmartDeploy media is no longer supported. If you need to add an answer file to media, this process should be completed through the Media Wizard.
- Deploying to older SmartDeploy clients: Deployment from Computer Management to SmartDeploy clients older than version 3.0.2046 will be blocked by the UI. Before deploying any asset to a client, it should be updated to 3.0.2046 or later (which can still be done through Computer Management). (Not applicable if you’re using offline media.)
Downgrading from SmartDeploy version 3.0.2046 or greater
We do not recommend downgrading from version 3.0.2046 (or greater), but if you must do so, you can follow the steps below to downgrade your SmartDeploy server.
- Uninstall SmartDeploy from Programs and Features
- Once uninstalled delete the C:\Program Folders\SmartDeploy\SmartDeploy\Resources folder
- Download and run the DropAuthTable script, located here: https://download.smartdeploy.com/DropAuthTable.ps1
- Install the older version of SmartDeploy.
