Hi Readers,
Today I am sharing a way to encrypt the password & using it in powershell scripts.
I have used this way a few times now.
Attaching the code in below link & example on how to use it..
http://gallery.technet.microsoft.com/scriptcenter/Encrypt-Password-and-use-dd07f253
extract the zip file –> just run the batch file after that..
Enter the password that you want to encrypt.
encrypted password will be exported to securepassword.txt file.
Note:- Please encrypt the password on the same machine from where you will be running the script in which you will be using the password.
Shell Code:-
$password = read-host -prompt “Enter your Password”
write-host “$password is password”
$secure = ConvertTo-SecureString $password -force -asPlainText
$bytes = ConvertFrom-SecureString $secure
$bytes | out-file .\securepassword.txt
How to use it Code:-
$encrypted = “01000000d08c9ddf0115d1118c7a00c04fc297eb010000002”
$user = “lab\vikass”
$password = ConvertTo-SecureString -string $encrypted
$cred = new-object -typename System.Management.Automation.PSCredential -argumentlist $user,$password
Regards
Sukhija Vikas
Hello
How can we modify this to use a secure key to encrypt the password with and decrypt it on a different machine with the same secure key?
Thanks
There is a Key parameter that you need to use
$Key = (3,4,2,3,56,34,254,222,1,1,2,23,42,54,33,233,1,34,2,7,6,5,35,43)
$bytes = ConvertFrom-SecureString $secure -Key $Key
Thank you so much for this!
Hello,
Script 1
$File = “C:\Users\raj\Desktop\encryptpass\Password.txt”
[Byte[]] $key = (1..16)
$Password = “Password” | ConvertTo-SecureString -AsPlainText -Force
$Password | ConvertFrom-SecureString -key $key | Out-File $File
Script 2
$encrypted =”76492d1116743f0423413b16050a5345MgB8AGoAdABuAFIAcQBrADgARgBzAFcAUgBrADYAdgA5AFQAdgBzAGcAcQBhAFEAPQA9AHwAMgBhADMAOABlAGUANQBhADEAOQBmAGYAOABiAGMAOQBkADgAOQBiADUAMgA2AGIAMABjADUAMAAwAGYAMwAyAGUAMgBiAGMAMQAzAGEANwBlADAANwA5AGIANgBjAGYAMgAzAGEAOAA5AGQAZAA0ADYAMQAxAGQAMQA3ADEAOABhADAAYwA5ADYAZQA0AGYAYQBiAGYAZAA4ADAAMAA3AGIANgAyADcAYQAyAGMAZgA5AGIAYgA5AGYAYQA5ADkA”
$user = “Raj”
[Byte[]] $key = (1..16)
$password=$encrypted | Convertto-SecureString -Key $key
$group = “Administrators”
NET USER $User $password /add /y
NET LOCALGROUP $group $User /add
WMIC USERACCOUNT WHERE “Name=’$User'” SET PasswordExpires=FALSE
Script 2 is executing on a remote machine and adding the user but unable to login. Is there anything that i missed?
you need to encrypt the password on same machine with same login where the script is running.
The requirement is add local account in new machines through build process.
Hi Vikas,
I am using this below script for checking/login into multiple servers.
servers=Get-Content “D:\ServersList.txt”
foreach($server in $servers){
cmdkey /generic:$server /user:”Domain\UserName” /pass:”Password”
mstsc /v: $server
#to bypass the security alerts or certificate errors that has to be done manually
sleep 5
cmdkey /delete:$server
}
now I want to use the method which you have explained above, I am not into much scripting so I am getting hard time to understand the same.
can you please help?