Remove Credentials

This topic contains 6 replies, has 4 voices, and was last updated by  Max Kozlov 8 months ago.

  • Author
    Posts
  • #63844

    Odd Arne Bergset
    Participant

    Hello, I've written a PS script that logs on to a fileshare, and then open an excel file. My local userid has no access to the fileshare so the script will pick up the credentials from a XML file that's been created using the following PS command.

    Get-Credential | Export-Clixml -Path C:\temp\${env:USERNAME}_cred.xml

    The actual script that connects to the fileshare and open an excel file.

    $cred = Import-Clixml -Path C:\temp\${env:USERNAME}_cred.xml
    $file="\\UNC path_to_fileshare"
    New-PSDrive -Name uncpath -PSProvider filesystem -Root $file -Credential $cred
    invoke-Item uncpath:"file.xlsx"

    This works as I it should,but there is one thing that I'm not happy with, after I close the Excel file I want the credentials to accessing the file share to "go away", which they don't. As long as I'm logged on I can access everything on that spesific server that my userid are allowed to do.Do anyone know how if it's possible to restrict the credentials to only work for that session, or if there's any command I can add to the script that removes the credentials, I guess they get cached somewhere withinn windows

    Kind regards

    OddA

  • #63902

    Max Kozlov
    Participant

    may be net use $file /delete ?

    • #63913

      Odd Arne Bergset
      Participant

      Soory, that didn't work, if using "net use" the share doesn't even shows. Within the PS session I can see the drive if I use get-psdrive, but it won't show outside of the session,

  • #63916

    Dan Potter
    Participant

    Remove-psdrive, remove-variable cred? or just overwrite cred. $cred = $null

    The import-clixml is only going to work for the user/computer that generated it.

  • #64009

    Daniel Krebs
    Moderator

    Using the Remove-PSDrive cmdlet in the same session should do the trick.

  • #64074

    Odd Arne Bergset
    Participant

    I've tried different approaches for this, but it seems like when I first add the credentials for this the "hang around" until logoff, if I try within PS to do a dir uncpath: it will show what's in that folder, if I try to to do that in another PS session it says drive does not exist, which is correct. If i,in the original ps session, do remove-psdrive uncpath and then try dir uncpath: it also say drive not found. But if I try to load the Excel file from my desktop after I've done this part of the script

    $cred = Import-Clixml -Path C:\temp\${env:USERNAME}_cred.xml
    $file="\\UNC path_to_fileshare"
    New-PSDrive -Name uncpath -PSProvider filesystem -Root $file -Credential $cred

    the excel file will open without asking for credentials, also it will open if I close the PS windows, or of I add
    remove-psdrive uncpath to the script.
    my guess is that the credentials are cached by windows, and then can be reused outside the powershell session.

  • #64078

    Max Kozlov
    Participant

    it seems that sessions cached inside .net

     D:\> new-psdrive -name nano -PSProvider FileSystem  -Root '\\nanoserver\c$' -Credential $c
    
    Name           Used (GB)     Free (GB) Provider      Root                                                         CurrentLocation
    ----           ---------     --------- --------      ----                                                         ---------------
    nano                                   FileSystem    \\nanoserver\c$
    
     D:\> dir \\nanoserver\c$
    
        Directory: \\nanoserver\c$
    
    Mode                LastWriteTime         Length Name
    ----                -------------         ------ ----
    d-----       30.11.2016     20:27                Program Files
    d-----       16.07.2016     15:09                Program Files (x86)
    d-r---       30.11.2016      1:25                Users
    d-----       30.11.2016     20:31                Windows
    
    
     D:\> Remove-PSDrive nano
     D:\> dir \\nanoserver\c$
    
        Directory: \\nanoserver\c$
    
    Mode                LastWriteTime         Length Name
    ----                -------------         ------ ----
    d-----       30.11.2016     20:27                Program Files
    d-----       16.07.2016     15:09                Program Files (x86)
    d-r---       30.11.2016      1:25                Users
    d-----       30.11.2016     20:31                Windows
    
     D:\> get-psdrive
    
    Name           Used (GB)     Free (GB) Provider      Root                                                         CurrentLocation
    ----           ---------     --------- --------      ----                                                         ---------------
    Alias                                  Alias
    C                  85,95         25,83 FileSystem    C:\                                                            Users\MKozlov
    Cert                                   Certificate   \
    D                 388,20         77,57 FileSystem    D:\
    Env                                    Environment
    Function                               Function
    HKCU                                   Registry      HKEY_CURRENT_USER
    HKLM                                   Registry      HKEY_LOCAL_MACHINE
    K                   5,68          9,28 FileSystem    K:\
    V                                      FileSystem    V:\
    Variable                               Variable
    vi                                     VimInventory  \LastConnectedVCenterServer
    vis                                    VimInventory  \
    vmstore                                VimDatastore  \LastConnectedVCenterServer
    vmstores                               VimDatastore  \
    WSMan                                  WSMan
    
     D:\> dir \\nanoserver\c$
    
        Directory: \\nanoserver\c$
    
    Mode                LastWriteTime         Length Name
    ----                -------------         ------ ----
    d-----       30.11.2016     20:27                Program Files
    d-----       16.07.2016     15:09                Program Files (x86)
    d-r---       30.11.2016      1:25                Users
    d-----       30.11.2016     20:31                Windows
    
     D:\> [gc]::collect()
     D:\> [gc]::collect()
     D:\> dir \\nanoserver\c$
        Directory: \\nanoserver\c$
    
    Mode                LastWriteTime         Length Name
    ----                -------------         ------ ----
    d-----       30.11.2016     20:27                Program Files
    d-----       16.07.2016     15:09                Program Files (x86)
    d-r---       30.11.2016      1:25                Users
    d-----       30.11.2016     20:31                Windows
    
     D:\> start-sleep -sec 60
     D:\> dir \\nanoserver\c$
    dir : Cannot find path '\\nanoserver\c$' because it does not exist.
    At line:1 char:1
    

You must be logged in to reply to this topic.