Adding credentials to a script.

by john808 at 2012-11-20 02:15:22

Hi all,

I’m having some issues adding credentails to a script. I should add I am a noob to powershell.

To let you know about the script, it basically fetches information from remote servers about the hard drive size and space left. The script is from the MS repository and works fine. I’ve added "-credential" followed by my user name and this works fine except I’m prompted for my password for every server. This is no good as I want to automate the script and not have to sit entering my password 20+ times.

Having searched for explainations I’ve found some possible answers but don’t really understand them. I think the following link explains what I need but I don’t really understand it h**p://technet.microsoft.com/en-us/magazine/ff714574.aspx. Is this the correct way to achive what I want or is there another way?

I hope I’ve explained myself clearly, any help will be greatly appreciated.

Regards,

John.
by nohandle at 2012-11-20 03:45:42
To save the credentials in veriable do $credential = get-credential then provide $credential as argument to the -credential parameter.
To save the credentials to file you have to do $credential.password | convertFrom-secureString | out-file file

to load it back to the script you have to
load the password form file to variable using get-content and convertTo-secureString cmdlets
create a credential object $credential = new-object System.Management.Automation.PSCredential (string $username, securestring $password)

Important: the exported securestring can be imported only on the computer and under the user who created it.
by Infradeploy at 2012-11-20 03:53:23
Why not use the credential variable once, and use it for 20 computers to do things remotely in one script?
by john808 at 2012-11-20 04:32:06
Thanks for the replies.

I think nohandle’s explaination has helped me gain a better understanding. I was having trouble working out how to enter the user name and password details to the credentials.

I’ll give it a go and hopefully get things working.
by nohandle at 2012-11-20 09:47:23
[quote="nohandle"]new-object System.Management.Automation.PSCredential [/quote]
one more thing: Do not try to memorize that type for future use as I did. :slight_smile: You can do$cred=Get-credential <#fill anything in the dialog#>
$cred.getType().fullname
to learn the type name. And likewise for other types, of course.
by john808 at 2012-11-26 07:06:08
Sorry guys I’m having difficulty with this :frowning:

This is from the article I posted the link to…

"The first step for storing a password on disk is usually a manual one. Given a credential that you have stored in the $credential variable, you can safely export its password to password.txt using the following command:
PS >$credential.Password | ConvertFrom-SecureString | Set-Content c]

From reading the above, my understanding is that I must first create a variable called $credential? The problem I have here is I’ve been able to create the variable with my user name but not the password. for example "$credential = domain\username" but I don’t know how to include the password as well? I feel I’m misunderstanding something very simple here but can’t work it out.

I have more questions but figure I’ll start at the beginning.

Thanks for your time.
by DonJ at 2012-11-26 07:12:27
If you run

$cred = Get-Credential DOMAIN\Username

You’ll be prompted for the password. $cred will contain both the username and the password, although the password will be a SecureString and you won’t be able to see it. This is by design. PowerShell is explicitly designed to make it difficult to include a clear-text password in a script, because it’s a horrible security idea.

To go back to your original question, rather than passing a username to -Credential, you’d create a full username/password credential by using Get-Credential, as outlined here. You’d store that in a variable, such as $cred. You’d then pass that variable to the -Credential parameter. Because the variable includes a password (albeit one you can’t see), you won’t be prompted.

You typically do not want to store a password on disk (the discussion here has gone down that path without really outlining why it’s a bad idea). If your goal is to have this script always run with a -Credential, but NEVER prompt for it, then you’d be better off purchasing something like PrimalScript. That will let you wrap the script in an encrypted executable, and apply a credential to it outside of PowerShell. So the credential remains encrypted, not in clear-text.
by john808 at 2013-01-10 01:56:49
Hi Me again!

I’ve been having a fresh look at this script issue I’m having and seem to have moved forward a little. From nohandle’s advice I have been able to securely save the credentials to file using the details you provided(higlighted in read below).

The problem I’m currently having is loading the secure credentials into my script? I understand the need to load the credentials variable back into the to script but I don’t know how to do it "using get-content and convertTo-secureString cmdlets". I’m also not familiar with "$credential = new-object System.Management.Automation.PSCredential (string $username, securestring $password)".

Any help appreciated.

[quote="nohandle"]To save the credentials in veriable do $credential = get-credential then provide $credential as argument to the -credential parameter.
To save the credentials to file you have to do $credential.password | convertFrom-secureString | out-file file


to load it back to the script you have to load the password form file to variable using get-content and convertTo-secureString cmdlets
create a credential object $credential = new-object System.Management.Automation.PSCredential (string $username, securestring $password)

Important: the exported securestring can be imported only on the computer and under the user who created it.[/quote]
by nohandle at 2013-01-10 03:07:12
#Import the data
$username = 'username'
$passwordAsString = Get-Content -Path c:\Temp\ExportedPassword.txt

#build the credential object
$passwordAsSecurestring = $passwordAsString | ConvertTo-SecureString
$credential = new-object System.Management.Automation.PSCredential ($username, $passwordAsSecurestring)

#here is your credential object
$credential
by john808 at 2013-01-10 08:35:27
Perfect!

Thanks for your help nohandle.