0

I am working on a project using PowerShell, and the challenge that I have now is how to run PowerShell itself.

I have access to a domain credential that has login capability on the server I am running it from, and I am planning on using WQL queries as triggers to run the script at different times.

Is there a way to do this without leaving the credential information as plaintext? I have and use stored domain credentials within the script, but I cannot find a way to use those credentials to run the script itself.

Any idea how to do this, or creative ways to get around the issue? I cannot use Task Scheduler for this project.

Acerbity
  • 417
  • 1
  • 11
  • 29
  • I wasn't aware of a way I could use runas with a stored credential, so I am not sure if it will work or not. – Acerbity Jul 21 '15 at 17:41
  • Maybe you can do `runas /user:whatever "powershell script.ps1" < mypwd.txt`? – Alyssa Haroldsen Jul 21 '15 at 17:43
  • Would there be a secure way to store the password though? That's my real sticking point right now. – Acerbity Jul 21 '15 at 17:44
  • If this was UNIX, I would suggest making file read-only. How were you planning on storing the credentials in the script itself? – Alyssa Haroldsen Jul 21 '15 at 17:45
  • It's a well documented procedure to store the password in an md5 hash. That part is done and working, now I just need to figure out how to launch it. – Acerbity Jul 21 '15 at 17:51
  • Wait, the password is stored as an md5 hash? As in, you pass the hash back and forth? How do you retrieve the password in the script? – Alyssa Haroldsen Jul 21 '15 at 17:58
  • Like this. http://blogs.technet.com/b/robcost/archive/2008/05/01/powershell-tip-storing-and-using-password-credentials.aspx – Acerbity Jul 21 '15 at 18:42
  • Oh, well that makes more sense. It isn't an md5 hash, it's platform-dependent encryption. It's still not "securely stored", but at the very least, it's not plaintext. Why not create an intermediary powershell script that then runs your primary script under the correct user, decrypting the encrypted password in a file and just piping into `runas` or the powershell equivalent? – Alyssa Haroldsen Jul 21 '15 at 18:48
  • OK, I'll give that a try. Thanks for your help! – Acerbity Jul 21 '15 at 19:20

0 Answers0