I'm having some trouble creating a Powershell credential. I am reading an encrypted string from a file, converting the string to a securestring and using that to create the credential. The error I get is:
New-Object : Cannot convert argument "1", with value: "System.Security.SecureString", >for "PSCredential" to type "System.Security.SecureString": "Cannot convert >the "System.Security.SecureString" value of type "System.RuntimeType" to >type "System.Security.SecureString"."
Here is the code I'm using:
$cred = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList "athenpoly", $(Read-EncString F:\Scripting\1-Dev\RSA\p_ftp_dellpoly.rsa)
Function Read-EncString {
param ([String]$InputFile)
$encrypted = Import-Clixml $InputFile
$key = (3,42,5,77,67,12,76,9,8,9,4,5,6,55,32,81,23,12,3,55,2,9,6,1,5,32,4,55,6,8,56,12)
$csp = New-Object System.Security.Cryptography.CspParameters
$csp.KeyContainerName = "SuperSecretKeyContainer"
$csp.Flags = $csp.Flags -bor [System.Security.Cryptography.CspProviderFlags]::UseMachineKeyStore
$rsa = New-Object System.Security.Cryptography.RSACryptoServiceProvider -ArgumentList 5120,$csp
$rsa.PersistKeyInCsp = $true
$password = [char[]]$rsa.Decrypt($encrypted, $true) -join "" | ConvertTo-SecureString -Key $key
}
Any idea what I am doing wrong?
Here is how I set a credential when reading from a file:
$PassSec = ConvertTo-SecureString $($Pass) -AsPlainText -Force
$Cred = New-Object -TypeName System.Management.Automation.PSCredential -argumentlist $($Domain + "\" + $User),$passSec
Breakdown:
1. $Pass -> Password that is imported (Example: P#ssw0rd)
2. $Domain -> Domain name (Example: Contoso)
3. $User -> User Name (Example: Admin)
What this does is create the variable $cred with the username as Contoso\Admin with a password of P#ssw0rd. This ends up with the same things as the command:
$Cred = Get-Credentials "Contoso\Admin"
Only without the prompt.
Related
I have two functions, Save Credential to create a .cred file:
$cred = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList ($Username, $PWord)
$cred.Password | Out-File "some\path\$($cred.Username).cred" -Force
and Get Credential to retrieve the password:
$string = Get-Content "some\path\$($Username).cred" | ConvertTo-SecureString
$cred = New-Object System.Management.Automation.PSCredential -ArgumentList $Username, $string
return $cred
I cannot for the life of me figure out how to retrieve the password from the .cred file that I created. The errors I get are:
ConvertTo-SecureString: Input String was not in the correct format
New-Object: Exception calling .actor with 2 arguments. Cannot process argument because the value of argument "password" is null. change the value of argument password to a non-null value
What version are you bound to? I might not be following properly, but it looks like you don't care about the whole credential and just want the password, so couldn't it just be:
#set
$pwd = "replace me"
$securepwd = $pwd | ConvertTo-SecureString -AsPlainText -Force
$encryptedpwd = $securepwd | ConvertFrom-SecureString
Out-File -FilePath C:\temp\Reference.cred -InputObject $encryptedpwd
then
#get
$securepwd = (Get-Content -Path C:\temp\Reference.cred) | ConvertTo-SecureString
#commented out 3 lines shows how to decrypt in case you want to view it/verify it, but isn't necessary
#$Marshal = [System.Runtime.InteropServices.Marshal]
#$Bstr = $Marshal::SecureStringToBSTR($securepwd)
#$pswd = $Marshal::PtrToStringAuto($Bstr)
#$Marshal::ZeroFreeBSTR($Bstr)
$RunAs = New-Object System.Management.Automation.PSCredential ('Domain\Account', $securepwd)
I'm not as good as most folks on here though, just giving it a stab.
I need help with secure strings I understand that this way is not very secure. But this is on the admin side of the machine. However, I do not want the password in plain text for admins to see.
I've successfully got this method to work with this script:
$securepasswordkey = "76492d1116743f0423413b16050a5345MgB8AG4ARgBHAGIAWABmAEgAOABZAEoAbQBCAGYAegBsAEYATwAyAHEAcgAHwAOAA2ADUANwA5AGUAYwA4ADQAMgA1ADUAYQBhAGQAOAA2ADQANgA3AGUAMgA1AGMAYQA5AGQANwAwAGIAMAAxAGYAZgBhAGQAMwBiADYAMgBmAGIANwA5ADcAZABiADMAZgAyAGMAMABhAGYAYwA1AGQAOQA3AGMAMAAzADcAMwAzAGMAMQA1ADQAOABjADkAMwBhADcAMQBlAGUAZQA4AGYANwA5ADEAYgA0AGIAYgA0ADgA"
$key = (3,4,2,3,56,34,254,222,1,1,2,23,42,54,33,233,1,34,2,7,6,5,35,43)
$password = ConvertTo-SecureString -String $SecurePasswordKey -Key $key
$username = "$domain\administrator"
$cred = new-object -typename System.Management.Automation.PSCredential - argument $username, $password
The one above works successfully for hiding the password. However now i'm trying to accomplish it without the credential object and I'm having issues:
$Secure = "76492d1116743f0423413b16050a5345MgB8ADAATQA5ADAAQwBLAGIAKwBPAFEATwA2ADIASgBVADAAGIAZAAwADgAMwAzADIANQA0ADAAOQA0ADUAMgBhADMANgAyAGQANQA4AGUANwAyADgANABhAGIAOABjAGUAMgAyADAAYQBlADkAZgBlAGYAOQAxAGIAOQA="
$Key = (3,4,2,3,56,34,254,222,1,1,2,23,42,54,33,233,1,34,2,7,6,5,35,43)
$password = ConvertTo-SecureString -String $Secure -Key $key
$sqlQuery | sqlplus -silent "USERNAME/$password#(DESCRIPTION=(ADDRESS=(PROTOCOL=TCP)(Host=database.host.net)(Port=1522))(CONNECT_DATA=(SERVICE_NAME=database.host.net)))"
Your problem is here:
$password = ConvertTo-SecureString -String $Secure -Key $key
With this line of code, the $password variable contains a SecureString object, not a plain-text string. Here's a short function that returns a plain-text string from a SecureString object:
# Return a SecureString as a String.
function ConvertTo-String {
param(
[Security.SecureString] $secureString
)
$marshal = [Runtime.InteropServices.Marshal]
try {
$intPtr = $marshal::SecureStringToBSTR($secureString)
$string = $marshal::PtrToStringAuto($intPtr)
}
finally {
if ( $intPtr ) {
$marshal::ZeroFreeBSTR($intPtr)
}
}
$string
}
Add this function to your script, and you can now write this:
$password = ConvertTo-String (ConvertTo-SecureString -String $Secure -Key $key)
Now $password will contain a plain-text string.
Does anyone know how to use password in System.DirectoryServices.ActiveDirectory context. Password is stored in a file.
$UserName="DomainName.com\JohnP"
$PassFile="C:\Temp\Pass.PPP"
$password = get-content $PassFile | ConvertTo-SecureString -AsPlainText -Force
$creds = new-object -typename System.Management.Automation.PSCredential("$UserName",$password)
$a = new-object System.DirectoryServices.ActiveDirectory.DirectoryContext("Forest", "MyForest.com",$UserName,$Password)
It always returns "Server rejected the credentials". If I store password in $Password variable, it works. For example, below code works:
$UserName="DomainName.com\JohnP"
$PassFile="C:\Temp\Pass.PPP"
$password = "MyPassword"
$creds = new-object -typename System.Management.Automation.PSCredential("$UserName",$password)
$a = System.DirectoryServices.ActiveDirectory.DirectoryContext("Forest", "MyForest.com",$UserName,$Password)
Can someone please help as to how to use password from a file and then use with System.DirectoryServices.ActiveDirectory context.
Many thanks!
Nratwa
A [PSCredential] stores the password as a secure string, so it's encrypted.
To get the unencrypted password value:
$creds.GetNetworkCredential().Password
I'm using MongoDb v3.0.3 and want to create a user in a database with admin privileges using powershell. I hook into the C# driver but I don't get very far:
$pathToMongoDbCSharpDriver = "F:\Work\...\mongocsharpdriver.1.9.2\lib\net35"
Add-Type -Path "$pathToMongoDbCSharpDriver\MongoDB.Bson.dll"
Add-Type -Path "$pathToMongoDbCSharpDriver\MongoDB.Driver.dll"
$client = New-Object -TypeName MongoDB.Driver.MongoClient -ArgumentList "mongodb://localhost:30000"
$server = $client.GetServer()
$databaseName = "Dev"
$collectionName = "Settings"
$database = $server.GetDatabase($databaseName)
$collection = $database.GetCollection($collectionName)
$credentials = New-Object -TypeName MongoDB.Driver.MongoCredential("Admin", "password", $true);
$user = New-Object -TypeName MongoDB.Driver.MongoUser($credentials, $false)
$credentials fails because argument 1 it is not a MongoIdentity and I can't find any information about how to create one of these. Any help would be gratefully received
I use all the parameters in the argument list. The following works fine for me:
$Client = New-Object -TypeName MongoDB.Driver.MongoClient -ArgumentList "mongodb://dbuser:dbpass#localhost:27017/test"
I'm having a lot of difficulty with a PowerShell script that I'm trying to call a DirectoryServices query from. Currently, if I do a
$password = read-host "Password" -asSecureString
and subsequently
$credential = New-Object System.Management.Automation.PSCredential $username,$password
everything works fine. However if I try to pass the string parameter with a param($password) and then convert it to a secure string with this code:
$password = ConvertTo-SecureString -AsPlainText -Force $password
After extensive debugging I can see this is working fine in terms of converting the string to a securestring, but I get a bad user/password from DirectoryServices when I use the parameter. Everything works fine when read from the console. Any ideas on what I can do to accept a parameter OR take console input in the absence of a parameter?
This is what I was hoping would work, but doesn't:
if($password -eq $null) {
$password = read-host "Password" -asSecureString
} else {
$password = ConvertTo-SecureString -AsPlainText -Force $password
}
$credential = New-Object System.Management.Automation.PSCredential $username,$password
I recently created a script and was running into the same issue. The work around I found in my case was the following:
#Prompts for the username/password, enter the username in the form of DomainName\UserName
$Credential = get-credential
#Converts the password to clear text to pass it through correctly as passing through a secure string does not work.
$Password = $credential.GetNetworkCredential().password
#Converts the $Credential to just the DomainName/UsernName.
$Account = $credential.UserName
Hopefully this will work in your situation