powershell script to login in remote machine

Ask your PowerShell-related questions, including questions on cmdlet development!
Forum rules
Do not post any licensing information in this forum.

Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
This topic is 6 years and 4 months old and has exceeded the time allowed for comments. Please begin a new topic or use the search feature to find a similar but newer topic.
Locked
jvierra
Posts: 15439
Last visit: Tue Nov 21, 2023 6:37 pm
Answers: 30
Has voted: 4 times
Been upvoted: 33 times

Re: powershell script to login in remote machine

Post by jvierra »

What does "but i want to write my credentials in open like:" mean. You have to be clear about what you are trying to do. "like" what?
User avatar
mxtrinidad
Posts: 399
Last visit: Tue May 16, 2023 6:52 am

Re: powershell script to login in remote machine

Post by mxtrinidad »

If your intention is not to be prompt for credentials, you could use the following code snippet to accomplish it:

## - Code top build credential:
$MyUserName = "Domain\MyUserName";
$MyPassword = ConvertTo-SecureString '$pwd1n!' -asplaintext -force;
$MyCredentials2 = new-object -typename System.Management.Automation.PSCredential `
-argumentlist $MyUserName,$MyPassword

## - Test to check values are stored:
$MyCredentials2.GetNetworkCredential().UserName
$MyCredentials2.GetNetworkCredential().Password

## - User $MyCredential2 in Cmdlet:
Enter-PSSession -ComputerName -credential $MyCredentials2

Hope this helps!
User avatar
mxtrinidad
Posts: 399
Last visit: Tue May 16, 2023 6:52 am

Re: powershell script to login in remote machine

Post by mxtrinidad »

Keep in mind! If you're sharing this script, you're giving away the credential information.
So, this is for you're own use.

:)
jvierra
Posts: 15439
Last visit: Tue Nov 21, 2023 6:37 pm
Answers: 30
Has voted: 4 times
Been upvoted: 33 times

Re: powershell script to login in remote machine

Post by jvierra »

I agree with Max. Using credentials in this way advertises the password in plain text.

If you encrypt the credentials into a file once then no one can see them as they are encrypted to you account. This means you have to be sure to secure your account correctly and not let others use it as they can then use the saved credentials.

To save encrypted credentials do this once.

Get-Credential youraccount | Export-CliXml mysecrets.clixml

To load the save encrypted credentials:

$cred = Import-CliXml mysecrets.clixml

Now you can use the credential object an you have never stored the unencrypted password in any file and the creds will work with any script. I load mine in my profile so they are always ready.

Never use Max's original code to give someone access to admin credentials since the password would be stored in plain text and it cannot be encrypted.

You can also use the Credential Vault to save the credentials.
I have built scripts that can be shared that will ask prompt the user for the credential the first time and create the file. Once they have run the script successfully once they will not be prompted on successive runs. If I trust the person with a specific accounts credentials I will give them to them privately so they can store them once.

All of this is against all security BP guidelines. In Windows it is much better to delegate than it is to allow access to protected accounts.
User avatar
mxtrinidad
Posts: 399
Last visit: Tue May 16, 2023 6:52 am

Re: powershell script to login in remote machine

Post by mxtrinidad »

I agree with JVierra! Take in to consideration all security guidelines.
Always protect network credentials.
jvierra
Posts: 15439
Last visit: Tue Nov 21, 2023 6:37 pm
Answers: 30
Has voted: 4 times
Been upvoted: 33 times

Re: powershell script to login in remote machine

Post by jvierra »

The issue all revolves around a lack of training in LPA (Least Privilege Administration). One this is learned and understood the need for saving credentials should disappear and security should be greatly enhanced.

Here is a foundation MS document explain this and how to implement LPA. It is really not that hard once it is understood.,

https://docs.microsoft.com/en-us/window ... ive-models
User avatar
mxtrinidad
Posts: 399
Last visit: Tue May 16, 2023 6:52 am

Re: powershell script to login in remote machine

Post by mxtrinidad »

Thanks JVierra! This is Great information.
jvierra
Posts: 15439
Last visit: Tue Nov 21, 2023 6:37 pm
Answers: 30
Has voted: 4 times
Been upvoted: 33 times

Re: powershell script to login in remote machine

Post by jvierra »

You are welcome.

I have been a security pusher since NT 4. Getting it implemented at NT 4 was a real pain. Modern Windows greatly simplifies setting up very secure systems. I still always recommend that larger companies hire an IT security sepecialist to help in mapping out a security strategy tailored to the individual business.

Saving plain text passwords has been an issue since the first mainframes. How can it take a half century to get everyone to understand this. Baffles me.

Good luck all.
This topic is 6 years and 4 months old and has exceeded the time allowed for comments. Please begin a new topic or use the search feature to find a similar but newer topic.
Locked