• This should could get you going to create a password that others can use (based on NTFS permissions):

     

    First step is to save a a secure password to a file using AES. The below will run as a stand alone script:

                # Prompt you to enter the username and password
                $credObject = Get-Credential

    # The credObject now holds the password in a ‘securestring’ format
                $passwordSecureString = $credObject.password

    # Define a location to store the AESKey
                $AESKeyFilePath = “aeskey.txt”
               
    # Define a location to store the file that hosts the encrypted password
                $credentialFilePath = “credpassword.txt”

    # Generate a random AES Encryption Key.
                $AESKey = New-Object Byte[] 32
                [Security.Cryptography.RNGCryptoServiceProvider]::Create().GetBytes($AESKey)

    # Store the AESKey into a file. This file should be protected! (e.g. ACL on the file to allow only select people to read)

    Set-Content $AESKeyFilePath $AESKey # Any existing AES Key file will be overwritten

    $password = $passwordSecureString | ConvertFrom-SecureString -Key $AESKey

    Add-Content $credentialFilePath $password

     

     

    Then in your script where you need to use credentials use the following:

                #set up path and user variables
                $AESKeyFilePath = “aeskey.txt” # location of the AESKey               
                $SecurePwdFilePath = “credpassword.txt” # location of the file that hosts the encrypted password               
                $userUPN = "domainuserName" # User account login

    #use key and password to create local secure password
                $AESKey = Get-Content -Path $AESKeyFilePath
                $pwdTxt =
    Get-Content -Path $SecurePwdFilePath
                $securePass = $pwdTxt |
    ConvertTo-SecureString -Key $AESKey

    #crete a new psCredential object with required username and password
                $adminCreds = New-Object System.Management.Automation.PSCredential($userUPN, $securePass)

    #use the $adminCreds for some task
                some-Task-that-needs-credentials -Credential $adminCreds

    Please be aware that if the user can get access to the password file and the key file, they can decrypt the password for the user.

  • Justin became a registered member 2 years, 7 months ago

© 4sysops 2006 - 2021

CONTACT US

Please ask IT administration questions in the forums. Any other messages are welcome.

Sending

Log in with your credentials

or    

Forgot your details?

Create Account