Page 1 of 1

PXE phase use encrypted credentials

Posted: Sun Jan 22, 2017 9:57 am
by monoeagle
Hi@All,

Action:

PXE --> run SelfService(from the used deploymentsolution)
properties are set in the selfservice(OS-->Win10; name of the client)
run PS Script <--- the Important Part
Exit SelfService --> OS Install starts

problem:

the PS Script does change an DB object because of a lack of functionality.
The problem is that I need the credentials which can do that.

For the test I use "Get-Credentials" and give them as parameter to the appropriate function.

The field engineer will doesn't get the credentials, but I need to automate it.

Now I'm searching for options.

Option 1:

I can Use SecureString to generate a Credentials Blob and integrate it in the preOSInstallPackage.
If the PS Script runs I "restore" the Credentials, but it may be safe as if I doesn't use SecureString or not?

Option 2:

Don't use the PS as Script --> generate an Executable an make it safe??

Option 3:

I'm always open for suggestions.

kind regards

Re: PXE phase use encrypted credentials

Posted: Sun Jan 22, 2017 10:41 am
by jvierra
Credentials are not portable. They can only be used under the account that created the credential.

Re: PXE phase use encrypted credentials

Posted: Sun Jan 22, 2017 11:27 am
by monoeagle
Hi jvierra,

whats the difference between

----
pc starts --> pxe --> selfservice
ps script started
get-credentials --> technician wrote the credentials(for the webservice), which are needed into the popped up dialog and press enter

script does what it is made for
OS installation starts

----
pc starts --> pxe --> selfservice
ps script started
I hardcode the credentials(for the webservice) into the script

script does what it is made for
OS installation starts
----

both ways works.

Or is your answer in the direction to the usage of the securestring?
That I can encrypt and encode it just unter the same user?

regards

Re: PXE phase use encrypted credentials

Posted: Sun Jan 22, 2017 12:37 pm
by jvierra
A secure string is dependent on the user account.

Re: PXE phase use encrypted credentials

Posted: Sun Jan 22, 2017 1:07 pm
by monoeagle
ok thanks