Jeremy is correct in what he is advising as is Pradeep.
However, putting your credentials inline, plain text is a very serious security issue and is ill-advised to do so.
I get it, it saves you from entering creds for remoting but you can accoomlish the same thing by approaching this a bit differently.
1 - If you are already in the target host local admin group, then you don’t have to enter anything
Invoke-Command -ComputerName ‘SomeRemotehost’ -ScriptBlock {‘SomeCmd’}
There is also an Authentication switch, if you choose to use it.
Invoke-Command -ComputerName ‘SomeRemotehost’ -ScriptBlock {‘SomeCmd’} -Authentication Kerberos
There are several options to choose from:
Basic
Credssp (not recommended - but there use cases for it - and you have to config the host and target to use it anyway)
Default
Kerberos
Negotiate
NegotiateWithImplicitCredential
Though I really have not found a reason to do the above if I am admin on the remote host.
Now, I have found reason to do this with cmdlets like Invoke-WebRequest/RestMethod, but these also provide a
UseDefautlCredentials option.
2 - Use the normal Get-Credential prompt just once, store that in an XML file and call that file as needed.
For example —
‘blogs.technet.microsoft.com/robcost/2008/05/01/powershell-tip-storing-and-using-password-credentials’
‘Powershell: How to encrypt and store credentials securely for use with automation scripts. - InterWorks’
Yet, then, you’d probably say, what is someone gets this file?
Well, you are already thinking for storing your creds inline in a script. So that would be a moot conversation and
this approach is still more secure than the plain text inline thing.
If you are saying, you are not an admin on the remote host, and that you have to pass in the creds of an account that is, then
this file approach is still less risky than this plain text thing.
And if you are doing this remoteing thing across resources - think double hop auth issues, see this guidance…
‘blogs.technet.microsoft.com/ashleymcglone/2016/08/30/powershell-remoting-kerberos-double-hop-solved-securely’
As noted in other public resources. You could set this kind of thing in your PowerSHell Profile to assist with this sort of stuff.
#=====================================================================
Get-MyCredential
#=====================================================================
function Get-MyCredential
{
param
(
$CredPath,
[switch]$Help
)
$HelpText = @"
Get-MyCredential
Usage:
Get-MyCredential -CredPath `$CredPath
If a credential is stored in $CredPath, it will be used.
If no credential is found, Export-Credential will start and offer to
Store a credential at the location specified.
"@
if($Help -or (!($CredPath))){write-host $Helptext; Break}
if (!(Test-Path -Path $CredPath -PathType Leaf)) {
Export-Credential (Get-Credential) $CredPath
}
$cred = Import-Clixml $CredPath
$cred.Password = $cred.Password | ConvertTo-SecureString
$Credential = New-Object System.Management.Automation.PsCredential($cred.UserName, $cred.Password)
Return $Credential
}
And this one:
#=====================================================================
Export-Credential
Usage: Export-Credential $CredentialObject $FileToSaveTo
#=====================================================================
function Export-Credential($cred, $path)
{
$cred = $cred | Select-Object *
$cred.password = $cred.Password | ConvertFrom-SecureString
$cred | Export-Clixml $path
}
You use it like this:
$Credentials = Get-MyCredential (join-path ($PsScriptRoot) Syncred.xml)
If the credential file doesnt exist, you will be prompted the first time, at that point it will store the credentials in an encrypted string inside an XML file. The second time you run that line, the xmlfile is there and will be opened automatically.