Windows users cannot use root password for Windows provisioning, because Foreman automatically encrypt it into Linux PAM format before Host/hostgroup save. A simple global flag which disables this behavior could enable Windows users to use this root flag. It was a pain to debug this and this is confusing, so new option would be helpful.

Also we have slight inconsistency - root password in host/hostgroup is always auto-encrypted, while global setting "Root password" only accepts password in plain text. This confuses Windows users as they can use global passsword just fine, but once they try to store own password in host/hostgroup it does not work.