encrypt password

This topic contains 1 reply, has 2 voices, and was last updated by Profile photo of Max Kozlov Max Kozlov 2 weeks, 6 days ago.

  • Author
    Posts
  • #57977
    Profile photo of dds69
    dds69
    Participant

    hi everyone,

    In the company where I am currently, we want to put a script (powershell) in place so that it can list the different files opened by the users. This is to find out who to open what because a lot of files are shared and sometimes left open by a user to the detriment of other users.

    Here is the script we are currently using:

    openfiles /query /s monServeur /u monCompte /p monMotDePasse /fo CSV > C:\temp\fichiers_ouverts.csv

    The problem with this script is that the password is clear in the file and even if only the IT department can access it it hardly see the passwords in clear. So for this small evolution of the script:

    $user = Read-host "Veuillez entrer l'utilisateur de la session"
    $password = Read-Host "Saisissez le mot de passe"
    
    openfiles /query /s monServeur /u $user /p $password /fo CSV >> C:\temp\fichiers_ouverts.csv

    So here the password is requested from the user and therefore appears in clear when typed. For this we want that when typing the password the characters are replaced by dots or stars. So we added the "-AsSecureString" option.

    The problem with this option is that the script no longer retrieves the correct password.
    We saw that the password was of SecureString type and from there we can not use this password, even using the ConvertTo or ConvertFrom option.

    Would someone have an information about the syntax to follow so that the encrypted password can be accepted during the request made in the script?

    Best Regards

    dds69

  • #57980
    Profile photo of Max Kozlov
    Max Kozlov
    Participant

    I think easiest way to do what you want – remove user/password from file, make scheduled task with correct "runas" user/password and run it by request or by time 😉

    or

    Change you "script" lines to $Credential = (Get-Credential).GetNetworkCredential()
    and use it as $Credential.UserName $Credential.Password

You must be logged in to reply to this topic.