Just a suggestion…

 

You can create a scheduled task that runs the PowerShell script with the needed 
credentials.

Ideally it would run from a server, and if it needs to run PowerShell on other 
systems it can use Invoke-Command, in which case the credentials are not stored 
on the remote systems in a retrievable way.

 

The action of the task could be something like this…

Program: powershell.exe

Additional arguments: -NoLogo -NoProfile -MTA -NonInteractive -ExecutionPolicy 
Bypass -File "D:\Path\Script.ps1"

 

 

From: Gilmanov, Nile [mailto:nile.gilma...@wabashnational.com] 
Sent: Tuesday, July 22, 2014 2:29 PM
To: scripting@lists.myitforum.com; scripting@lists.myitforum.com; 
scripting@lists.myitforum.com
Subject: RE: [scripting] PowerShell to store password securely in a script?

 

What about cert-based?

 

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com] On Behalf Of Daniel Ratliff
Sent: Tuesday, July 22, 2014 1:40 PM
To: scripting@lists.myitforum.com <mailto:scripting@lists.myitforum.com> 
Subject: RE: [scripting] PowerShell to store password securely in a script?

 

Thanks Keith, we may one day replace this custom solution we have with a 
commercial product, but for now our goal is just to see if PoSH + Compliance is 
a more successful method than WinBatch + Package deployment. 

 

A few other things I plan on looking at is maybe a DSC script or possibly 
something centrally managed to sync instead of a push method. 

 

Thanks for the ideas everyone.

 

Daniel Ratliff 

 

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com] On Behalf Of Keith Garner (Hotmail)
Sent: Tuesday, July 22, 2014 1:02 PM
To: scripting@lists.myitforum.com <mailto:scripting@lists.myitforum.com> 
Subject: RE: [scripting] PowerShell to store password securely in a script?

 

Client side security is a hard problem.  There are no easy answers.

 

At some point you are going to have to convert the secured password to plain 
text, and you are going to have to put the method to decode that piece of 
secure information in the powershell script, either the algorithm or the 
encryption key.

 

One technique is to just obfuscate the secret information with some encoding 
(not encryption), like Base64.

 

Might be time to take a hard look at your environment and ask yourself why you 
need to distribute the password in the first place, can you provide access to 
the resources with better access control, or other lockdown methods?

 

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com] On Behalf Of Daniel Ratliff
Sent: Tuesday, July 22, 2014 8:16 AM
To: scripting@lists.myitforum.com <mailto:scripting@lists.myitforum.com> 
Subject: RE: [scripting] PowerShell to store password securely in a script?

 

But I cannot take that securestring and deploy it to thousands of workstations. 
Its only valid on the machine/account its created on/with.

 

Daniel Ratliff

 

From: listsad...@lists.myitforum.com <mailto:listsad...@lists.myitforum.com>  
[mailto:listsad...@lists.myitforum.com] On Behalf Of Ryan
Sent: Tuesday, July 22, 2014 11:09 AM
To: scripting@lists.myitforum.com <mailto:scripting@lists.myitforum.com> 
Subject: Re: [scripting] PowerShell to store password securely in a script?

 

$Test = Read-Host -AsSecureString

$Test | ConvertFrom-SecureString | Out-File "c:\test.txt"

 

This will give you the encrypted password. To use that password, you just need 
to store it to a variable and use COnvertTo-SecureString

 

 

On Tue, Jul 22, 2014 at 9:55 AM, Daniel Ratliff <dratl...@humana.com 
<mailto:dratl...@humana.com> > wrote:

I feel like I am missing something glaringly obvious here. 

 

I have two requirements: 

1.       Store the password in the script, but not in plain text

2.       Use a single script with nothing external

 

Is there no way with PowerShell to store an encrypted password in a script and 
re-use that on multiple machines? 

 

Daniel Ratliff 

 


The information transmitted is intended only for the person or entity to which 
it is addressed
and may contain CONFIDENTIAL material. If you receive this material/information 
in error,
please contact the sender and delete or destroy the material/information.

 

 

 


The information transmitted is intended only for the person or entity to which 
it is addressed
and may contain CONFIDENTIAL material. If you receive this material/information 
in error,
please contact the sender and delete or destroy the material/information.

 

 


The information transmitted is intended only for the person or entity to which 
it is addressed
and may contain CONFIDENTIAL material. If you receive this material/information 
in error,
please contact the sender and delete or destroy the material/information.

 

 




Reply via email to