Just a suggestion…
You can create a scheduled task that runs the PowerShell script with the needed
credentials.
Ideally it would run from a server, and if it needs to run PowerShell on other
systems it can use Invoke-Command, in which case the credentials are not stored
on the remote system
I saw some notes on that, but in all honestly I know squat about certificates.
My only real experience is with script signing certs as we will eventually move
to an AllSigned execution policy for our PoSH scripts.
Daniel Ratliff
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myit
What about cert-based?
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On
Behalf Of Daniel Ratliff
Sent: Tuesday, July 22, 2014 1:40 PM
To: scripting@lists.myitforum.com
Subject: RE: [scripting] PowerShell to store password securely in a script?
Thanks Keith, we may
At some point the password has to be decoded in a standardized way on any
machine, which makes it retrievable.
There are ways to obscure the password from someone using notepad, but
that's pretty much it.
Even with obfuscation of the source by putting it in a binary exe,
PowerShell is an interpr
Thanks Keith, we may one day replace this custom solution we have with a
commercial product, but for now our goal is just to see if PoSH + Compliance is
a more successful method than WinBatch + Package deployment.
A few other things I plan on looking at is maybe a DSC script or possibly
somethi
Client side security is a hard problem. There are no easy answers.
At some point you are going to have to convert the secured password to plain
text, and you are going to have to put the method to decode that piece of
secure information in the powershell script, either the algorithm or the
$Test = Read-Host -AsSecureString
$Test | ConvertFrom-SecureString | Out-File "c:\test.txt"
This will give you the encrypted password. To use that password, you just
need to store it to a variable and use COnvertTo-SecureString
On Tue, Jul 22, 2014 at 9:55 AM, Daniel Ratliff wrote:
> I feel
That’s why we want a compliance script with ConfigMgr, there is no .ps1 file,
no content, it’s just runs in memory and bits of it may be logged but not the
entire thing.
Yeah I think that may be our best option. Working through the examples below.
http://get-powershell.com/post/2008/11/11/Encry
Ah, I see.
Thinking this through logically, do you think you could do it securely with
a plain text script? If anyone got their hands on the script, they would
have whatever password you specified since the code is there to use it.
If you want to do it, you can specify the key in ConvertTo-Secure
Add-ADGroupMember -Identity 'DestinationGroup' -Members $(Get-ADGroupMember
-Identity 'SourceGroup')
On Tue, Jul 22, 2014 at 10:33 AM, Marcum, John wrote:
> I'm sure this is really easy but…. I need to copy all of the users in
> Group A to Group B with PoSh. How do I do that?
>
>
>
> I see tha
Hi,
I believe the simplest solution is this:
Get-ADGroupMember -Identity | Add-ADPrincipalGroupMembership
-MemberOf
You'll see reference to that second cmdlet in the help for Add-ADGroupMember
Best wishes,
Andrew
http://cantoriscomputing.wordpress.com/
From: jmar...@babc.com
To: scrip
But I cannot take that securestring and deploy it to thousands of workstations.
Its only valid on the machine/account its created on/with.
Daniel Ratliff
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On
Behalf Of Ryan
Sent: Tuesday, July 22, 2014 11:09 AM
To: scri
I am hoping to not have to do that. We want to deploy this as a compliance
script with ConfigMgr.
They currently do that today with Winbatch, so we aren't gaining much by just
re-scripting it as PowerShell.
Daniel Ratliff
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.
Hi Daniel,
Maybe you can convert to Exe your powershell file.
http://www.gunnalag.com/2013/06/04/converting-powershell-script-into-an-executableapplication/
Best regards
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On
Behalf Of Daniel Ratliff
Sent: mardi 22 juille
thanks. That's what I was looking for.
The other post using the Quest tools works too but I wanted to do it without
using Quest.
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On
Behalf Of Mathieu Kindelberger
Sent: Tuesday, July 22, 2014 9:54 AM
To: scripting@list
Hi John,
You can use this command : Get-ADGroup GroupA -properties members | foreach
{Add-ADGroupMember -id GroupB -MEMBERS ($_.Members) }
Best regards
From: listsad...@lists.myitforum.com [mailto:listsad...@lists.myitforum.com] On
Behalf Of Marcum, John
Sent: mardi 22 juillet 2014 16:33
To: Scr
I feel like I am missing something glaringly obvious here.
I have two requirements:
1. Store the password in the script, but not in plain text
2. Use a single script with nothing external
Is there no way with PowerShell to store an encrypted password in a script and
re-use that on
I'm sure this is really easy but I need to copy all of the users in Group A
to Group B with PoSh. How do I do that?
I see that Get-ADGroup GroupA -properties members gets me all the members and
Add-ADGroupMember -Identity GroupB would be used to add the members into the
second group. How do
18 matches
Mail list logo
