Note: how to run a PowerShell script interactively? When you run this PowerShell script interactively, you are required to enter the password in the PowerShell window. The second line contains the Read-Host cmdlet. We only need to replace the second line in the script to achieve our goal of entering the password interactively: In the plaintext example above, we entered the password directly in the script. This is the easiest method of them all, but this method is only suitable for scripts that run interactively. Now let's get on with the good stuff. The remainder of this article will show you a couple of ways how to securely use passwords in a PowerShell script.Įnter the password interactively (Read-Host) From a security perspective, they do not hold any advantages. However, looking at the overall system as a whole, taking, among other things, security into consideration, plain text passwords should be avoided as much as possible. *As was pointed out to me in one of the comments below, technically speaking using plain text password does have some advantages. My apologies for "shouting", but plaintext passwords can get you in all sorts of trouble. TRY TO REFRAIN FROM USING PLAINTEXT PASSWORDS IN SCRIPTS. In the last line in the example above, you can see that the PowerShell variables $Account and $AccountPassword are both required to populate the variable $DatabaseCredentials. The PSCredential object is a combination of the user account and the password. PSCredential ( $Account, $AccountPassword ) If your SMTP server requires it, you can also add -UseSsl to Send-MailMessage.Ĭaveat: If you use DPAPI, the encrypted password file can only be decrypted on the machine that it was encrypted on.Īlso see the later post about how to send email via Yahoo Mail from PowerShell, including how to use a plain text password.$DatabaseCredentials = New-Object System. Send-MailMessage -From $MailFrom -To $MailTo -Subject $MailSubject -Body $MailBody -Port $SMTPPort -Credential $EmailCredential $MailBody = "Here's the details about the interesting thing" $MailTo = "Something interesting just happened" $EmailCredential = New-Object -TypeName -ArgumentList $SMTPUsername,$SecureStringPassword $SMTPUsername = Get-Content -Path $EncryptedPasswordFile | ConvertTo-SecureString Send-MailMessage -From -To -Subject "Something interesting just happened" -Body "Here's the details about the interesting thing" -SmtpServer -Port 587 -Credential (New-Object -TypeName -ArgumentList -Path | ConvertTo-SecureString))īut to make it easier to interpret, here’s the same thing broken down with variables: So now shove the whole lot together, on one line (because we can, and bigger is better, right?): New-Object -TypeName -ArgumentList -Path | ConvertTo-SecureString) So now we have the password in a file, and can use this to create a PSCredential object: You can also use 128, 192 or 256-bit AES encryption. We then pass this to ConvertFrom-SecureString which takes that object and spits it out as text, encrypted with Windows Data Protection API (DPAPI). How does this work? Read-Host prompts for text, because we’ve used the -AsSecureString switch it returns the text entered as a object. Now you’ve got a text file with an encrypted password in it. Read-Host -AsSecureString | ConvertFrom-SecureString | Out-File -FilePath the above, enter the password (which will be obscured with asterisks as you type it), and hit. So the clever way to do this is to create yourself an encrypted password file. Thus Get-Credential, in the form used above, will create the right kind of object that you can feed into Send-MailMessage, but it does it in the wrong kind of way – via a pop up a box for you to type your password into, which isn’t that handy for use in unattended scripting. Get-Credential -Message "Cough up" -Username "your_username"īut Get-Credential doesn’t have an option to accept the password as plain text, and storing a password as plain text is bad practice anyway. You can use Get-Credential to generate one of these: Sure, Send-MailMessage has a -Credentials options, but these need to be in the form of a object. However, what if you don’t have your own internal mailserver, and the only one available needs credentials? Many ISPs require authenticated SMTP now. You can even omit the -SmtpServer bit if you’ve previously set the $PSEmailServer preference variable. Send-MailMessage -From -To -Subject "Something interesting just happened" -Body "Here's the details about the interesting thing" -SmtpServer .uk You just need an SMTP server, and use Send-MailMessage: Email is a good way to send notifications from your PowerShell scripts, and it’s super easy.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |