Passing specific credentials to remote session

Welcome Forums General PowerShell Q&A Passing specific credentials to remote session

Viewing 6 reply threads
  • Author
    Posts
    • #111881
      Participant
      Topics: 28
      Replies: 44
      Points: 165
      Rank: Participant

      I have a sort of crazy situation.   I have to run a powershell script from a SharePoint console app.

      This will be running a remote session on a different server.   I need to be able to run that remote session with a specific set of credentials in order to update an AD security group.

      How can I do that?

      Edit:  This script is being triggered by a console app and needs to run unattended with no need to provide a password.   The credentials will not change.  I am looking for a way to provide the credentials via a token file or similar.

    • #111886
      Participant
      Topics: 12
      Replies: 541
      Points: 1,314
      Helping Hand
      Rank: Community Hero
    • #111889
      Participant
      Topics: 28
      Replies: 44
      Points: 165
      Rank: Participant

      It would appear that I left out a critical component of the description.   I need this to run without having to enter a password each time.  It will be the same set of credentials and needs to be able to run unattended.

      Can I take what you have above and create a token file that can be referenced and used?

      • #111907
        Participant
        Topics: 12
        Replies: 541
        Points: 1,314
        Helping Hand
        Rank: Community Hero

        The Get-SBCredential cmdlet persists the encrypted credential object to disk for unattended execution (you type in the pwd the first time)

        To update the persisted credential (on disk) – say after pwd change, use

        use

        for built in help and examples
        Also see https://superwidgets.wordpress.com/2016/08/05/powershell-script-to-provide-a-ps-credential-object-saving-password-securely/

    • #111892
      Senior Moderator
      Topics: 9
      Replies: 1370
      Points: 5,048
      Helping Hand
      Rank: Community MVP

      You can build a Credential object. create a script like below

      Call .\ThisScript.ps1

      for unattended .\ThisScript.ps1 -Password (ConvertTo-SecureString -AsPlainText -Force -String ‘Password’)

    • #111910
      Participant
      Topics: 28
      Replies: 44
      Points: 165
      Rank: Participant

      Is it possible to do without 3rd party tools?

      • #111916
        Participant
        Topics: 12
        Replies: 541
        Points: 1,314
        Helping Hand
        Rank: Community Hero

        Juli, your last question suggests that you did not read the Get-SBCredential function or understand what it does and how. I recommend that you do.

    • #111950
      Keymaster
      Topics: 18
      Replies: 4872
      Points: 1,903
      Helping HandTeam Member
      Rank: Community Hero

      MS deliberately makes it difficult to persist credential objects, because of the security risk that represents. So there’s nothing native in PowerShell that makes it easy and straightforward and safe to keep a credential object on-disk.

      The “right” way to do this is to use JEA, which is a Microsoft add-in for PowerShell. You can also set this up without JEA, it’s just a bit more manual; “Secrets of PowerShell Remoting” explains these “constrained endpoints.” The theory is that you set up an endpoint which has a persistent “run as” credential, and you let the script log into that to run its command. The credential is stored safely that way.

    • #111970
      Participant
      Topics: 2
      Replies: 1014
      Points: 2,105
      Helping Hand
      Rank: Community Hero

      Take a look at

      Using Credential Manager in PowerShell
      Using Credential Manager in PowerShell

      Provides access to credentials in the Windows Credential Manager
      https://www.powershellgallery.com/packages/CredentialManager/2.0

       

Viewing 6 reply threads
  • The topic ‘Passing specific credentials to remote session’ is closed to new replies.