Reputation: 173
How can I silently run a remote PowerShell command without having to hard code my password?
I am trying to run:
Invoke-Command -Computer $computer -ScriptBlock {...}
But I get the error "Access is denied" winrm error and I am hesitant to use the following:
Invoke-Command -Computer $computer -Credential $cred -ScriptBlock {...}
where $cred is:
$username = "John Doe"
$password = "ABCDEF"
$secstr = New-Object -TypeName System.Security.SecureString
$password.ToCharArray() | ForEach-Object {$secstr.AppendChar($_)}
$cred = new-object -typename System.Management.Automation.PSCredential -
argumentlist $username, $secstr
It has to be run remotely and it must be silent. So I can't have the PSCredential pop up window mid script.
Can someone please show me or point me to a document that will lead me to a possible solution?
Thank you in advance.
Upvotes: 0
Views: 2361
Answers (1)
Reputation: 36342
One thing that you can do is encrypt the password and save it to disk. Then you can read that file, and convert the encrypted password to a secure string and make a credential object from that. Mind you, this must be done with the account that will be used to run the script.
'$uper$secret1' | ConvertTo-SecureString -AsPlainText -Force | ConvertFrom-SecureString | Set-Content .\AccountPass.txt
That will save your password to disk in a text file. If you open the text file it will look something like:
01000000d08c9ddf0115d1118c7a00c04fc297eb01000000b584d55e9c47c942904dd30531d3ad070000000002000000000003660000c0000000100000003060266c3c4333a41e7f0e92176fb3d50000000004800000a000000010000000a2c8bbb2a3666c092004bb5e66fd440320000000636a413a6905789e0f3521cea3d8703405897cd5948da955192bcccd08990ffc1400000068c1
5f8ac088ef0972dfce7d5a20ff3bbcdac4cc Now, the account that created the file will be the only one that can decrypt it, but that account can then run:
$Password = Get-Content .\AccountPass.txt | ConvertTo-SecureString
$Creds = New-Object System.Management.Automation.PSCredential ("$env:UserDomain\$env:UserName",$Password)
Now you have a credential object, without having to save a password in plaintext. As mentioned, the only account that can decrypt the password in the text file is the one that generated the text file, and the text file will have to be updated whenever the password is changed.
Upvotes: 2
Related Questions
- Using PowerShell credentials without being prompted for a password
- Is there another way to ask for credentials in Powershell but Get-Credential?
- Windows PowerShell give password in command Enter-PSSession
- Running a PowerShell script as administrator without typing in passwords
- Is there a way to switch user in powershell to run a command without password prompt?
- Run Powershell script that prompts for credentials before running command against remote device
- How to QUIETLY start Powershell.exe using different credentials (without getting prompted for username/password)?
- Pass password into -credential
- Powershell - Pass credentials
- Execute Powershell script in C# without UserName and Password