Saturday, January 18, 2014

Encrypt Password and use it in Powershell Script

Hi Readers,

Today I am sharing a way to encrypt the password & using it in powershell scripts.

I have used this way a few times now.

Attaching the code in below link  & example on how to use it..

http://gallery.technet.microsoft.com/scriptcenter/Encrypt-Password-and-use-dd07f253

extract the zip file --> just run the batch file after that..

Enter the password that you want to encrypt.



encrypted password will be exported to securepassword.txt file.





Note:- Please encrypt the password on the same machine from where you will be running the script in which you will be using the password.

 

 Shell Code:-

$password = read-host -prompt "Enter your Password"
write-host "$password is password"
$secure = ConvertTo-SecureString $password -force -asPlainText
$bytes = ConvertFrom-SecureString $secure
$bytes | out-file .\securepassword.txt

How to use it Code:-

$encrypted = "01000000d08c9ddf0115d1118c7a00c04fc297eb010000002"

$user = "lab\vikass"

$password = ConvertTo-SecureString -string $encrypted

$cred = new-object -typename System.Management.Automation.PSCredential -argumentlist $user,$password

Regards

Sukhija Vikas

8 comments:

  1. That's pretty helpfull, thank-you!

    ReplyDelete
  2. Hello
    How can we modify this to use a secure key to encrypt the password with and decrypt it on a different machine with the same secure key?
    Thanks

    ReplyDelete
  3. There is a Key parameter that you need to use
    $Key = (3,4,2,3,56,34,254,222,1,1,2,23,42,54,33,233,1,34,2,7,6,5,35,43)
    $bytes = ConvertFrom-SecureString $secure -Key $Key

    ReplyDelete
  4. Hello,

    Script 1

    $File = "C:\Users\raj\Desktop\encryptpass\Password.txt"
    [Byte[]] $key = (1..16)
    $Password = "Password" | ConvertTo-SecureString -AsPlainText -Force
    $Password | ConvertFrom-SecureString -key $key | Out-File $File

    Script 2
    $encrypted ="76492d1116743f0423413b16050a5345MgB8AGoAdABuAFIAcQBrADgARgBzAFcAUgBrADYAdgA5AFQAdgBzAGcAcQBhAFEAPQA9AHwAMgBhADMAOABlAGUANQBhADEAOQBmAGYAOABiAGMAOQBkADgAOQBiADUAMgA2AGIAMABjADUAMAAwAGYAMwAyAGUAMgBiAGMAMQAzAGEANwBlADAANwA5AGIANgBjAGYAMgAzAGEAOAA5AGQAZAA0ADYAMQAxAGQAMQA3ADEAOABhADAAYwA5ADYAZQA0AGYAYQBiAGYAZAA4ADAAMAA3AGIANgAyADcAYQAyAGMAZgA5AGIAYgA5AGYAYQA5ADkA"
    $user = "Raj"
    [Byte[]] $key = (1..16)
    $password=$encrypted | Convertto-SecureString -Key $key
    $group = "Administrators"
    NET USER $User $password /add /y
    NET LOCALGROUP $group $User /add
    WMIC USERACCOUNT WHERE "Name='$User'" SET PasswordExpires=FALSE

    Script 2 is executing on a remote machine and adding the user but unable to login. Is there anything that i missed?

    ReplyDelete
  5. you need to encrypt the password on same machine with same login where the script is running.

    ReplyDelete
  6. The requirement is add local account in new machines through build process.

    ReplyDelete
  7. Hi Vikas,

    I am using this below script for checking/login into multiple servers.

    servers=Get-Content "D:\ServersList.txt"
    foreach($server in $servers){
    cmdkey /generic:$server /user:"Domain\UserName" /pass:"Password"
    mstsc /v: $server
    #to bypass the security alerts or certificate errors that has to be done manually
    sleep 5
    cmdkey /delete:$server
    }

    now I want to use the method which you have explained above, I am not into much scripting so I am getting hard time to understand the same.

    can you please help?

    ReplyDelete