- GET PLAIN TEXT FROM SECURESTRING POWERSHELL HOW TO
- GET PLAIN TEXT FROM SECURESTRING POWERSHELL UPDATE
- GET PLAIN TEXT FROM SECURESTRING POWERSHELL PASSWORD
$ConfigData = AllNodes = NodeName = '*' PSDscAllowPlainTextPassword = $True } NodeName = 'dsc-01' DomainName = '' } ) } Configuration SimpleExampleWithCredentials SimpleExampleWithCredentials -ConfigurationData $ConfigData -DomainCredential ( Get-Credential ) The LCM uses the credentials to execute the appropriate tasks from the configuration. You can supply credentials by adding a parameter to your configuration and using the parameter in a DSC resource. But not all resources will work with those credentials because the LCM will not be able to access remote systems. The Local Configuration Manager executes DSC configurations using the system account.
GET PLAIN TEXT FROM SECURESTRING POWERSHELL HOW TO
In this post, I will explain how to use credentials in the configuration. This is a crucial requirements when the configuration is applied on a workgroup host and the source location is inaccessible by the system account. For example, if you are copying files or directories using the file resource, the Local Configuration Manager needs appropriate credentials to access the source location. Many resources for Desired State Configuration require credentials to successfully execute the specified task. Tags #Credentials #Desired State Configuration #DSC #PowerShell #PSDSC
GET PLAIN TEXT FROM SECURESTRING POWERSHELL PASSWORD
$pass = Get-Content c:\ps\passwordfile.txt | ConvertTo-SecureString -Key $keyĪs you can see, the password is not empty, so it has been successfully decrypted and may be used on other computers.Handling Plain Text Credentials in PowerShell DSC $Cred.Password| ConvertFrom-SecureString –Key $key| Set-Content c:\ps\passwordfile.txt Then use the following instead of the key in both cases: If you don’t want to take the trouble of a separate file with the AES key, you can integrate the encryption key directly into the script. $pass = Get-Content c:\ps\passwordfile.txt | ConvertTo-SecureString -Key (get-content \\srv1\Shared\password_aes.key) You can transfer them to another computer and try to get the password from the file (you can store the file with the key in your shared network folder). So, you have got two files: a file containing the encrypted password (passwordfile.txt) and another one with the encryption key (password_aes.key).
GET PLAIN TEXT FROM SECURESTRING POWERSHELL UPDATE
Save this key to the text file password_aes.key.ĭon’t forget that if you specify a domain account in your PowerShell script and your domain has a regular password change policy, you will have to update this file after each password change (you can create a separate password policy for the specific accounts using fine-grained password policies). You can specify the external encryption key using –Key or –SecureKey parameters.įor example, you can generate a 256-bit AES key in PowerShell and use it to decrypt the file. If the script is started under another user (service) account or on another computer, you will have to use another encryption method different from DPAPI. Change the value of argument "password" to a non-null value."
"Cannot process argument because the value of argument "password" is null. ConvertTo-SecureString : Key not valid for use in specified state.
You won’t be able to decrypt the password file without key. The matter is that DPAPI encryption uses the private keys stored in the user profile. However, if you try and copy the passwordfile.txt to another computer or use for another user (not for the one who created the password), you will see that $creds.password variable is empty and doesn’t contain a password. This way you got a PSCredential object with user credentials in the $creds variable. $creds = New-Object -TypeName -ArgumentList $username, $pass $pass = Get-Content c:\ps\passwordfile.txt | ConvertTo-SecureString
0 kommentar(er)
