PowerShell - Are passwords cached/stored on remote PCs?

Welcome Forums General PowerShell Q&A PowerShell - Are passwords cached/stored on remote PCs?

This topic contains 2 replies, has 2 voices, and was last updated by

12 months ago.

  • Author
  • #94027

    Points: 18
    Rank: Member

    I am trying to understand how PowerShell scripts authenticate with a remote PC. I am not talking about PowerShell remoting, but with cmdlets, etc. A colleague is suggesting I use psexec with the SYSTEM switch so that the kerberos token is sent to the remote PC, but not the ID or password. I initially thought PowerShell was doing that same as long as I wasn't specifying my username/password in the script itself (get-credential, etc).

    Example of PowerShell script that runs on remote PC:

    $Computer = 'COMPUTER1'
    	$filter = "(&(objectCategory=computer)(objectClass=computer)(cn=$Computer))"
    	$ComputerObject = ([adsisearcher]$filter).FindOne()
    	$CertStore = New-Object System.Security.Cryptography.X509Certificates.X509Store "\\$Computer\My", "LocalMachine" -ErrorAction Stop
    	If ($CertStore.Certificates)
    		Foreach ($Cert in $CertStore.Certificates)
            ### PERFORM ACTION WITH EACH CERT... ###
        ### CATCH ERRORS ###

    Is the above not secure? Any suggestions, etc. would be greatly appreciated. I'd prefer to use PowerShell as it was designed instead of having to use psexec. Psexec will not be efficient when running runspaces, jobs, etc. with 10+ scripts running at once. Is there a way to have PowerShell use the local system account if this IS an issue?

  • #94033

    Points: 1,811
    Helping HandTeam Member
    Rank: Community Hero

    "Secure" is not an absolute term; nothing is "secure." Some things can be "more secure" than others.

    Aside from PowerShell Remoting, PowerShell really has nothing to do with authentication to remote computers. That's handled entirely by the underlying technology, and so what happens will differ depending on what you're doing. The "go forward" direction in PowerShell is to use Remoting, which does not cache credentials.

    I'm not certain what the System.Security.Cryptography.X509Certificates.X509Store class does in terms of authentication, but I seriously doubt the remote computer is caching anything from the connection. I'm guessing it's just using Kerberos to delegate whatever credential you're using to run PowerShell locally. That's pretty standard in Windows. Give that you're not _specifying_ a password, it'd be difficult for your script to pass along a password. Your local computer certainly doesn't cache a clear-text password; even NTLM pass-through authentication typically uses a different mechanism than that. But again, this is more about the underlying technology. PowerShell isn't doing a thing with your credential in this case, it's being done by the .NET System.Security.Cryptography.X509Certificates.X509Store class.

    • #94071

      Points: 18
      Rank: Member

      Thanks for the clarification!

The topic ‘PowerShell - Are passwords cached/stored on remote PCs?’ is closed to new replies.

denizli escort samsun escort muğla escort ataşehir escort kuşadası escort