Reputation: 33
How to store local administrator username and password in powershell script
I am creating a PowerShell script that a user can just run to edit an entry in registry. My problem is that I cannot figure out how to store local admin username and password in the same script so that the user can just double click the script and run it without having to enter username and password manually.
Here is my code:
$username = "testpc\administrator"
$pasword = get-content C:\Users\test1\documents\testpassword.txt
$credential = new-object -typename system.management.automation.pscredential -argumentlist $username, $password
This does not work at all. Please let me know what I am doing wrong here.
Upvotes: 0
Views: 1550
Answers (2)
Reputation: 1140
Actually @vrdse is right. you can create the script with the KEY as parameter and:
create a scheduled job with the credentials of your user and add the script as task.
give the user the right to execute the job but NOT to edit or to delete
give a shortcut to the scheduled job (or a runner script) to the user and make a how-to document to show him,/her how the parameter should be used.
I use clear text passwords as temporary testing stuff to make sure users CANNOT use my script (so it is exactly the opposite of your action).
You can capture credential during execution:
$cred = get-gredential -message 'This script needs a real admin user'
Enter-PSSession -Credential $cred -ComputerName 127.0.0.127
You can build a credential (do not store privileged user data):
$user = 'SuchAGreatDomainName\IAmLowPrivilegedUserName'
$Password = 'SuperSecretPassEverybodyKnows'
$secpassword = ConvertTo-SecureString $Password -AsPlainText -Force
$credential = New-Object System.Management.Automation.PSCredential($user, $secpassword)
Invoke-RestMethod -Uri $Uri -Credential $Credential
Upvotes: 0
Reputation: 3154
Usually I'd ask for an error, but in this case I'll advise different, just because your approach isn't acceptable.
- Don't store passwords unencrpted in script. Never.
- Don't store passwords encrypted in scripts, which are meant to be read by someone else, especially not a user with less privileges. Never!
- Go, figure other ways to solve your problem. Always!
In this case I see two solutions with the given information:
- change the ACL for the registry key that need to be changed by the user
- Create a scheduled task which runs as SYSTEM. Make sure the user cannot edit the script.
Upvotes: 2
Related Questions
- save PSCredential in the file
- Adding Local Admin & Applying Password
- How to add credentials parameter in Powershell Script?
- How To Pass User Credentials from One Powershell Script to Another?
- How will I save my credentials every loop in Powershell
- Add username and password to Powershell script
- How to save credentials of technical user in PowerShell
- Store credentials in Powershell session
- PowerShell Script - Get account information from an outside file
- Powershell - Pass credentials