powershell script to login in remote machine
Forum rules
Do not post any licensing information in this forum.
Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
Do not post any licensing information in this forum.
Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
- mxtrinidad
- Posts: 399
- Last visit: Tue May 16, 2023 6:52 am
Re: powershell script to login in remote machine
If your intention is not to be prompt for credentials, you could use the following code snippet to accomplish it:
## - Code top build credential:
$MyUserName = "Domain\MyUserName";
$MyPassword = ConvertTo-SecureString '$pwd1n!' -asplaintext -force;
$MyCredentials2 = new-object -typename System.Management.Automation.PSCredential `
-argumentlist $MyUserName,$MyPassword
## - Test to check values are stored:
$MyCredentials2.GetNetworkCredential().UserName
$MyCredentials2.GetNetworkCredential().Password
## - User $MyCredential2 in Cmdlet:
Enter-PSSession -ComputerName -credential $MyCredentials2
Hope this helps!
## - Code top build credential:
$MyUserName = "Domain\MyUserName";
$MyPassword = ConvertTo-SecureString '$pwd1n!' -asplaintext -force;
$MyCredentials2 = new-object -typename System.Management.Automation.PSCredential `
-argumentlist $MyUserName,$MyPassword
## - Test to check values are stored:
$MyCredentials2.GetNetworkCredential().UserName
$MyCredentials2.GetNetworkCredential().Password
## - User $MyCredential2 in Cmdlet:
Enter-PSSession -ComputerName -credential $MyCredentials2
Hope this helps!
- mxtrinidad
- Posts: 399
- Last visit: Tue May 16, 2023 6:52 am
Re: powershell script to login in remote machine
Keep in mind! If you're sharing this script, you're giving away the credential information.
So, this is for you're own use.
So, this is for you're own use.
Re: powershell script to login in remote machine
I agree with Max. Using credentials in this way advertises the password in plain text.
If you encrypt the credentials into a file once then no one can see them as they are encrypted to you account. This means you have to be sure to secure your account correctly and not let others use it as they can then use the saved credentials.
To save encrypted credentials do this once.
Get-Credential youraccount | Export-CliXml mysecrets.clixml
To load the save encrypted credentials:
$cred = Import-CliXml mysecrets.clixml
Now you can use the credential object an you have never stored the unencrypted password in any file and the creds will work with any script. I load mine in my profile so they are always ready.
Never use Max's original code to give someone access to admin credentials since the password would be stored in plain text and it cannot be encrypted.
You can also use the Credential Vault to save the credentials.
I have built scripts that can be shared that will ask prompt the user for the credential the first time and create the file. Once they have run the script successfully once they will not be prompted on successive runs. If I trust the person with a specific accounts credentials I will give them to them privately so they can store them once.
All of this is against all security BP guidelines. In Windows it is much better to delegate than it is to allow access to protected accounts.
If you encrypt the credentials into a file once then no one can see them as they are encrypted to you account. This means you have to be sure to secure your account correctly and not let others use it as they can then use the saved credentials.
To save encrypted credentials do this once.
Get-Credential youraccount | Export-CliXml mysecrets.clixml
To load the save encrypted credentials:
$cred = Import-CliXml mysecrets.clixml
Now you can use the credential object an you have never stored the unencrypted password in any file and the creds will work with any script. I load mine in my profile so they are always ready.
Never use Max's original code to give someone access to admin credentials since the password would be stored in plain text and it cannot be encrypted.
You can also use the Credential Vault to save the credentials.
I have built scripts that can be shared that will ask prompt the user for the credential the first time and create the file. Once they have run the script successfully once they will not be prompted on successive runs. If I trust the person with a specific accounts credentials I will give them to them privately so they can store them once.
All of this is against all security BP guidelines. In Windows it is much better to delegate than it is to allow access to protected accounts.
- mxtrinidad
- Posts: 399
- Last visit: Tue May 16, 2023 6:52 am
Re: powershell script to login in remote machine
I agree with JVierra! Take in to consideration all security guidelines.
Always protect network credentials.
Always protect network credentials.
Re: powershell script to login in remote machine
The issue all revolves around a lack of training in LPA (Least Privilege Administration). One this is learned and understood the need for saving credentials should disappear and security should be greatly enhanced.
Here is a foundation MS document explain this and how to implement LPA. It is really not that hard once it is understood.,
https://docs.microsoft.com/en-us/window ... ive-models
Here is a foundation MS document explain this and how to implement LPA. It is really not that hard once it is understood.,
https://docs.microsoft.com/en-us/window ... ive-models
- mxtrinidad
- Posts: 399
- Last visit: Tue May 16, 2023 6:52 am
Re: powershell script to login in remote machine
You are welcome.
I have been a security pusher since NT 4. Getting it implemented at NT 4 was a real pain. Modern Windows greatly simplifies setting up very secure systems. I still always recommend that larger companies hire an IT security sepecialist to help in mapping out a security strategy tailored to the individual business.
Saving plain text passwords has been an issue since the first mainframes. How can it take a half century to get everyone to understand this. Baffles me.
Good luck all.
I have been a security pusher since NT 4. Getting it implemented at NT 4 was a real pain. Modern Windows greatly simplifies setting up very secure systems. I still always recommend that larger companies hire an IT security sepecialist to help in mapping out a security strategy tailored to the individual business.
Saving plain text passwords has been an issue since the first mainframes. How can it take a half century to get everyone to understand this. Baffles me.
Good luck all.