PXE phase use encrypted credentials

Ask your Windows PowerShell-related questions, including questions on cmdlet development!
Forum rules
Do not post any licensing information in this forum.

Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
Locked
User avatar
monoeagle
Posts: 107
Joined: Tue Oct 13, 2015 9:10 am

PXE phase use encrypted credentials

Post by monoeagle » Sun Jan 22, 2017 9:57 am

Hi@All,

Action:

PXE --> run SelfService(from the used deploymentsolution)
properties are set in the selfservice(OS-->Win10; name of the client)
run PS Script <--- the Important Part
Exit SelfService --> OS Install starts

problem:

the PS Script does change an DB object because of a lack of functionality.
The problem is that I need the credentials which can do that.

For the test I use "Get-Credentials" and give them as parameter to the appropriate function.

The field engineer will doesn't get the credentials, but I need to automate it.

Now I'm searching for options.

Option 1:

I can Use SecureString to generate a Credentials Blob and integrate it in the preOSInstallPackage.
If the PS Script runs I "restore" the Credentials, but it may be safe as if I doesn't use SecureString or not?

Option 2:

Don't use the PS as Script --> generate an Executable an make it safe??

Option 3:

I'm always open for suggestions.

kind regards

User avatar
jvierra
Posts: 13736
Joined: Tue May 22, 2007 9:57 am
Contact:

Re: PXE phase use encrypted credentials

Post by jvierra » Sun Jan 22, 2017 10:41 am

Credentials are not portable. They can only be used under the account that created the credential.

User avatar
monoeagle
Posts: 107
Joined: Tue Oct 13, 2015 9:10 am

Re: PXE phase use encrypted credentials

Post by monoeagle » Sun Jan 22, 2017 11:27 am

Hi jvierra,

whats the difference between

----
pc starts --> pxe --> selfservice
ps script started
get-credentials --> technician wrote the credentials(for the webservice), which are needed into the popped up dialog and press enter

script does what it is made for
OS installation starts

----
pc starts --> pxe --> selfservice
ps script started
I hardcode the credentials(for the webservice) into the script

script does what it is made for
OS installation starts
----

both ways works.

Or is your answer in the direction to the usage of the securestring?
That I can encrypt and encode it just unter the same user?

regards

User avatar
jvierra
Posts: 13736
Joined: Tue May 22, 2007 9:57 am
Contact:

Re: PXE phase use encrypted credentials

Post by jvierra » Sun Jan 22, 2017 12:37 pm

A secure string is dependent on the user account.

User avatar
monoeagle
Posts: 107
Joined: Tue Oct 13, 2015 9:10 am

Re: PXE phase use encrypted credentials

Post by monoeagle » Sun Jan 22, 2017 1:07 pm

ok thanks

Locked