Deployment of Windows servers/clients with Foreman is substantially complicated by the fact that access to the unencrypted root pass inside templates is only possible by exploiting the 'if a password starts with $, leave it alone' mechanism, which means users need to input a root password starting with a $. Windows unattended.xml files require a plaintext or base64-encoded password.

Adding template access to the unencrypted root password by providing a "plaintext" "encryption" option on the host creation page would make Windows deployment much more hassle-free.

I am new to Ruby, but I managed to get something working by modifying the new PasswordCrypt class/service, something like this:

class PasswordCrypt
  ALGORITHMS = {'plaintext' => '', 'MD5' => '$1$', 'SHA256' => '$5$', 'SHA512' => '$6$'}

  def self.passw_crypt(passwd, hash_alg = 'MD5')
    raise Foreman::Exception.new(N_("Unsupported password hash function '%s'"), hash_alg) unless ALGORITHMS.has_key?(hash_alg)

    if hash_alg == 'plaintext'
        return passwd.crypt("#{ALGORITHMS[hash_alg]}#{SecureRandom.base64(6)}")
    else
        return passwd
    end
  end

  def self.grub2_passw_crypt(passw)
    self.passw_crypt(passw, 'MD5')
  end
end

The only apparent required changes are then to some strings in app/controllers/api/v1/operatingsystems_controller.rb, app/controllers/api/v2/operatingsystems_controller.rb and locale files.