We need to talk about PowerShell and credentials. There are several ways to securely handle credentials in a scripted environment such as PowerShell. During a demo, it is always required not to show passwords or usernames. It is not professional, and it does not look professional.
The PSCredential object represents a set of security credentials, such as a username and password. The object can be passed as a parameter to a function that is executed as the user account in that credential object. There are several ways to create a credential object. The first way to create a credential object is by using the PowerShell cmdlet Get-Credential. When run without parameters, it will prompt you for a username and password. You can also call the cmdlet with some optional parameters.
If you want to specify the domain name and username in advance, you can use the parameters Credential or UserName. When using the UserName parameter, you must also specify a message value.
PowerShell and credentials using Get-Credential
The easiest way is to use Get-Credential so that you can use the correct user/password during runtime.
MyCredential = Get-Credential
$UserName = $MyCredential.username
$Password = $MyCredential.passwordAnother way to retrieve credentials via PowerShell is by using Read-Host.
$UserName = Read-Host "Enter Username"
$Password = Read-Host "Enter Password" -AsSecureStringDuring demos, that is not very convenient. You can then use a password file located in a temporary folder. Before the demo starts, you can enter the credentials using the method mentioned above and export them to an encrypted file in a temporary folder.
$TEMP = "$env:TEMP"
$File = "$Temp\Password.txt"
$Password | ConvertTo-SecureString -AsPlainText -Force | ConvertFrom-SecureString | Out-File $File
$Password = Get-Content $File | ConvertTo-SecureStringIf you need a credentials object, for example to start a service with a user, then you need to create a credentials object at runtime.
$User = $UserName
$MyCredential=New-Object -TypeName System.Management.Automation.PSCredential `
-ArgumentList $User, (Get-Content $File | ConvertTo-SecureString)PS C:\Windows\system32> $MyCredential
UserName Password
——– ——–
mmels System.Security.SecureStringIf you quickly need a temporary password, you can do it as follows.
Doing it in a non secured dirty way
$password = "$OoJzasZ8M#6kbEh" | ConvertTo-SecureString -AsPlainText -ForceYou can find more information on this topic here.
You can contact me via this contact form.
