I do have a powershell script which contains performing a password reset for single user. Here's the script I made below
Cls
$sam = Read-Host -Prompt 'Username?'
$Pass = 'samplepass123'
$Pass1 = ConvertTo-SecureString $Pass -AsPlainText -Force
#Reset the account password
Set-ADAccountPassword $sam -NewPassword $Pass1 -Reset
Write-Host $sam,$Pass
The problem is, I am searching throughout the internet to rerun the script by pressing any key from the Powershell CMD and/or pressing q to stop the script but no luck for me.
Thank you in advance who will help on my problem!
Related
I'd like to have a script that creates a local user based on choices from the user.
I currently do it by putting the command in a variable then I invoke it.
$pw = Read-Host "Enter password" -AsSecureString
$command = "New-LocalUser -Name $name -Password $pw $accountparam $accexpiredate $passwordparam $pwexpiredate $canchangepwparam"
iex $command
Everything is working fine except the password, the command fails with the following error :
Unable to convert the "System.Security.SecureString" value from the "System.String" type to the "System.Security.SecureString" type
If I remove the password parameter and let PowerShell automatically ask it then it works, but I'd like to manually ask it.
Can someone help me ?
Well I fixed it, here is the solution in case someone is asking himself the same question and finds this
$command = "New-LocalUser -Name $name -Password (ConvertTo-SecureString '$pw' -AsPlainText -Force) $accountparam $accexpiredate $passwordparam $pwexpiredate $canchangepwparam"
I'm trying to create a powershell script to allow my kids to reboot my Raspberry Pi from their Windows computer if need be. I've tested everything and have gotten it to work, but the only hitch is that it's prompting for a username and password. I realize the line that's doing it is:
New-SSHSession -ComputerName "myPi" -Credential (Get-Credential)
I've done some searching, but I can't seem to figure out if it's possible to replace the "(Get-Credential)" section to automatically enter the username/password.
And yes, I'm aware of the security risks. They could do much more damage to the Windows machine than they could ever do on the Pi, and the settings on the Pi are very easily restored, so no worries from my end.
Something like this should work:
$user = "someuser"
$pass = ConvertTo-SecureString -String "somepassword" -AsPlainText -Force
$creds = new-object -typename System.Management.Automation.PSCredential -argumentlist $user,$pass
New-SSHSession -ComputerName "myPi" -Credential $creds
You could also call a file that has the password encrypted in it. Note this can only be decrypted by the account it was generated on on the computer it was generated on.
$pass = "Password"
$Username = "Username"
$outfile = "c:\filelocation.xml"
$secureStringPwd = $pass | ConvertTo-SecureString -AsPlainText -Force
$credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList ($Username,$secureStringPwd)
$credential | Export-CliXml -Path $OutFile
Addressing Bill.
Correct, hard coding the password in the script is bad practice. Below is how I would change the first portion.
The above came from a custom script that's purpose was to create many cred accounts off a input json is why I wrote it that way.
$outfile = "c:\filelocation.xml"
Get-Credential | export-clixml -path $OutFile
You then can call the file in your script like so but this has to be done on the same user and computer that the creds file was generated on.
$Creds = Import-Clixml -Path "c:\file.xml"
New-SSHSession -ComputerName "myPi" -Credential $creds
Good point Edited -argumentlist.
Another option could be to do a 1 time setup with get-credential then convert the password to plaintext using convertfrom-securestring and then in the file you can take your password plaintext secure string and so something similar to the other answers:
$user = "someuser"
$pass = "YOUR LONG PASSWORD GUID FROM ABOVE" | convertTO-securestring
$creds = new-object -typename System.Management.Automation.PSCredential -argumentlist $user,$pass
New-SSHSession -ComputerName "myPi" -Credential $creds
This lets you do a one time setup, but avoids having multiple files or having your password appear in a readable way in the script.
If you go this way you need to do the setup FROM the account that will run the script ON the machine that will run the script, because it uses those for the encryption as far as I know.
I am bit of a lazy guy, so I have created a script that opens many applications for me. Works fine as ISE opened with Administrator credentials, also opens apps with admin creds, however some of them need a different credentials.
Is it possible, to make powershell remember typed in password each time I log in and open it? (I know that variables are stored only till ps is opened)
Thing is - I cannot store a visible password in profile/text file or in a script, as this is a jump server used by many people. Is it somehow possible to type a password once, make PS encrypt it and each time I will open PS, it will decrypt it and use? or any workaround possible around this?
edit with code:
It's the only part I would like to change
$currentPW = "some password"
$credentials = New-Object System.Management.Automation.PSCredential ("domain\username",$CurrentPW)
start "c:\application.exe" -credential $credentials
It kinda works but it would require me, to input the password everytime I log in to device, so I could go for option like:
$currentPW = read-host "Provide your password"
$credentials = New-Object System.Management.Automation.PSCredential ("domain\username",$CurrentPW)
start "c:\application.exe" -credential $credentials
but this would require me to input the password each time I log in to system and open PS as it does not remember variables after restart.
So...is it even possible to make this work?^^
You can use ConvertTo-SecureString to encrypt the password using the users account key, then save this secure string to a file to load at a later time.
This assumes you are the only one with access to the logon account (not an account with shared credentials), as anyone who can logon as the account can decrypt the file.
$username = "domain\username"
$passwordFile = "C:\folder\EncryptedPassword.txt"
#if password file exists: populate $securePwd from file contents
If (Test-Path $passwordFile) {
$pwdTxt = Get-Content $passwordFile
$securePwd = $pwdTxt | ConvertTo-SecureString
}
#if no file: prompt for password, create file and populate $securePwd
Else {
$password = Read-Host "Provide your password"
$securePwd = $password | ConvertTo-SecureString -AsPlainText -Force
$securePwd | ConvertFrom-SecureString | Set-Content $passwordFile
}
$credentials = New-Object System.Management.Automation.PSCredential -ArgumentList $username, $securePwd
Start-Process "c:\application.exe" -Credential $credentials
If you have PowerShell 3.0 or newer, you can also combine Get-Credential with Export-CliXml to export a PSCredential object as an XML file. Example:
Get-Credential | Export-CliXml "C:\XML Files\credential.xml"
You can then import the credentials using Import-CliXml. Example:
$credential = Import-CliXml "C:\Xml Files\credential.xml"
Note that the password is encrypted using DPAPI, so you can only import the credentials using Import-CliXml on the same computer using the same user account that was used to export the credentials using Export-CliXml.
I have several domains and one admin account in each one. It is a great pain to log into each domain to change password every month..
I have therefore written a script that will connect to all domains and check to see if I have already changed the password or if I am still using the old one.
If I am using the old one the script should update it.
I connect to the domains (sequentially) with
$oldPassword = Read-Host "Enter old password" -AsSecureString
$newPassword = Read-Host "Enter new password" -AsSecureString
$oldCredentials = new-object -typename System.Management.Automation.PSCredential -argumentlist "$domain\$adminusername",$oldPassword
Connect-QADService -Service $domain -Credential $oldCredentials
and if I get a successfull connection with $oldcredentials I try to change pwd with
GET-QADUSER $adminusername | SET-QADUSER -UserPassword $newPassword
I am guessing that I am not passing the secure string correctly to SET-QADUSER but I've found no documentation on another way to do it.
Please advice:)
SET-QADUSER -UserPassword accept [string] type not [System.Security.SecureString].
Try to pass just a string as password.
Is there any way to do expect and spawn with powershell.
I have to parse a CLI program with powershell which is asking for password is there any way to input this password via powershell.
In perl or python even in bash you can use expect/spawn
Is there any solution in powershell ?
One way to do this would be to create a text file with the encrypted password one time, then call this file as the password in as many scripts as necessary.
Create the password file once:
$pwd = Read-Host 'Enter password for encrypting:' -AsSecureString | ConvertFrom-SecureString | Out-File -Path 'C:\SpecialFiles\CLIPassword.txt'
Then you can use it whenever it's needed:
$pass = (Get-Content -Path 'C:\SpecialFiles\CLIPassword.txt' | ConvertTo-SecureString)
$creds = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList (<insert CLI UserName>, $pass)
Then when you need to supply the username and password to your script, you simply pipe
$creds | <command>
or if the command supports the -Credential parameter
<command> -Credential $creds
If your command needs the user name and password entered separately, you can do that by specifying the property name:
<command> -UserName $creds.UserName -Password $creds.Password
You can use Read-Host to prompt the user for input. See here for more information.
$pass = Read-Host 'What is your password?' -AsSecureString
$decodedpass = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto([System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($pass))
I'm sure what you want to do with spawn, but you can execute other scripts or executables by just calling them
.\MyOtherScript.ps1