powershell script to login in remote machine

This topic contains 4 replies, has 4 voices, and was last updated by  postanote 2 weeks, 5 days ago.

  • Author
    Posts
  • #83287

    Gaurav Kumar
    Participant

    Hi Guys,

    I need help. i want to enter in remote machine via my local user machine.
    am using $cred = get-credential to store my credential but i want to write my credentials in open like:
    Enter-PSSession -ComputerName -credential $cred. i am using this but this scripts open a popup to enter my credentials but i want to write my username and password in the same field of credentials. i dont want to open any popup window for password.
    if anybody know then please help me.
    Thanxx in advance.

    Best Regards
    Gaurav Kumar

  • #83288

    Pradeep Arora
    Participant

    A simple search on web reveals:

    $password = ConvertTo-SecureString "PlainTextPassword" -AsPlainText -Force
    $cred= New-Object System.Management.Automation.PSCredential ("username", $password )
    
    • #83294

      Gaurav Kumar
      Participant

      No this is not working i am doing this (Invoke-Command -ComputerName computerName -ScriptBlock { script to be run } -credential username) i nee to write credential in this same line like i am writing credential so there am able to write only username not password.

  • #83300

    Jeremy Murrah
    Participant

    when you are typing "-credential username" powershell is trying to turn the string value "username" into a credential object required by the -credential parameter. The way it does that is through the credentials dialog box. If you want to avoid that popup you can use the code that Pradeep suggested. Run those two lines first to create your credential object then use "-credential $cred" instead of "-credential username"

  • #83305

    postanote
    Participant

    Jeremy is correct in what he is advising as is Pradeep.

    However, putting your credentials inline, plain text is a very serious security issue and is ill-advised to do so.

    I get it, it saves you from entering creds for remoting but you can accoomlish the same thing by approaching this a bit differently.

    1 – If you are already in the target host local admin group, then you don't have to enter anything

    Invoke-Command -ComputerName 'SomeRemotehost' -ScriptBlock {'SomeCmd'}

    There is also an Authentication switch, if you choose to use it.

    Invoke-Command -ComputerName 'SomeRemotehost' -ScriptBlock {'SomeCmd'} -Authentication Kerberos

    There are several options to choose from:

    Basic
    Credssp (not recommended – but there use cases for it – and you have to config the host and target to use it anyway)
    Default
    Kerberos
    Negotiate
    NegotiateWithImplicitCredential

    Though I really have not found a reason to do the above if I am admin on the remote host.
    Now, I have found reason to do this with cmdlets like Invoke-WebRequest/RestMethod, but these also provide a
    UseDefautlCredentials option.

    2 – Use the normal Get-Credential prompt just once, store that in an XML file and call that file as needed.

    For example —
    'blogs.technet.microsoft.com/robcost/2008/05/01/powershell-tip-storing-and-using-password-credentials'
    'interworks.com/blog/trhymer/2013/07/08/powershell-how-encrypt-and-store-credentials-securely-use-automation-scripts'

    Yet, then, you'd probably say, what is someone gets this file?

    Well, you are already thinking for storing your creds inline in a script. So that would be a moot conversation and
    this approach is still more secure than the plain text inline thing.

    If you are saying, you are not an admin on the remote host, and that you have to pass in the creds of an account that is, then
    this file approach is still less risky than this plain text thing.

    And if you are doing this remoteing thing across resources – think double hop auth issues, see this guidance...
    'blogs.technet.microsoft.com/ashleymcglone/2016/08/30/powershell-remoting-kerberos-double-hop-solved-securely'

    As noted in other public resources. You could set this kind of thing in your PowerSHell Profile to assist with this sort of stuff.

    #=====================================================================
    # Get-MyCredential
    #=====================================================================
    function Get-MyCredential
    {
    param
    (
    $CredPath,
    [switch]$Help
    )
    $HelpText = @"

    Get-MyCredential
    Usage:
    Get-MyCredential -CredPath `$CredPath

    If a credential is stored in $CredPath, it will be used.
    If no credential is found, Export-Credential will start and offer to
    Store a credential at the location specified.

    "@
    if($Help -or (!($CredPath))){write-host $Helptext; Break}
    if (!(Test-Path -Path $CredPath -PathType Leaf)) {
    Export-Credential (Get-Credential) $CredPath
    }
    $cred = Import-Clixml $CredPath
    $cred.Password = $cred.Password | ConvertTo-SecureString
    $Credential = New-Object System.Management.Automation.PsCredential($cred.UserName, $cred.Password)
    Return $Credential
    }

    # And this one:
    #=====================================================================
    # Export-Credential
    # Usage: Export-Credential $CredentialObject $FileToSaveTo
    #=====================================================================
    function Export-Credential($cred, $path)
    {
    $cred = $cred | Select-Object *
    $cred.password = $cred.Password | ConvertFrom-SecureString
    $cred | Export-Clixml $path
    }

    You use it like this:
    $Credentials = Get-MyCredential (join-path ($PsScriptRoot) Syncred.xml)

    If the credential file doesnt exist, you will be prompted the first time, at that point it will store the credentials in an encrypted string inside an XML file. The second time you run that line, the xmlfile is there and will be opened automatically.

You must be logged in to reply to this topic.