Multiple passwords with DSC

This topic contains 2 replies, has 2 voices, and was last updated by Profile photo of Chris Liquori Chris Liquori 7 hours, 50 minutes ago.

  • Author
    Posts
  • #61738
    Profile photo of Chris Liquori
    Chris Liquori
    Participant

    Hello,

    I am creating a DSC to restore custom Windows Services for our environment. Each service uses a different domain account to start the service. How can I store the account information without having to type in the passwords each time I re-create the mof file? I am using a psd1 for the data of each service except the credential field.

    Thanks for your help in advance.

    Chris

  • #61963
    Profile photo of Don Jones
    Don Jones
    Keymaster

    Storing passwords in MOFs is a little complicated, and requires you to have digital certificates (which must have a specific use-case flag in them). The certificate (with private key) must be deployed to the target node, and a copy of the certificate (without the private key) must be on whatever machine you're using to generate MOFs. We cover this in "The DSC Book," and you can also look at https://msdn.microsoft.com/en-us/powershell/dsc/securemof.

    This would still normally require you to type the passwords when you physically create the MOF. There isn't, at present, a way around that, short of storing your passwords in clear text (which is obviously not a bright idea). You could probably get around in by perhaps storing this information in a secured, encrypted SQL Server database (for example), which you'd query during MOF creation to create PSCredential objects. I've never tried that.

  • #62347
    Profile photo of Chris Liquori
    Chris Liquori
    Participant

    Hey Don,

    Thanks for the response. A secured database is a good idea, and going to purchase the DSC book for reference on secured MOFs.

    Thanks again.

    Chris

You must be logged in to reply to this topic.