Author Posts

May 12, 2016 at 2:31 am

I am following the book "PowerShell In Depth" and in Credentials topic I found this Line

"When PowerShell performs that encryption, it does so using a locally
stored encryption key. Move the script and password file to another machine and it
won't work, because the local encryption key will be different"

But when I tried to import the encrypted Password from another server but using the same file(Which was stored on my roaming profile) I can still decrypt the Password.

So is the encryption key user dependent?

May 12, 2016 at 3:04 am

Hi Kiran,

When using a encryption key it will work between machines. If you don't specify an encryption key it will not work between machines

TechNet Convertto-SecuretString

Let me know if that helps, I can go into more detail if you want 🙂


May 12, 2016 at 3:31 am

Thank You Alex.I did not use -Key parameter but still was able to reproduce the Password in plain text that was in encrypted text format(Output of ConvertFrom-SecureString) between machines on same domain.
However the file was stored in my Roaming Profile.

May 12, 2016 at 3:50 am

Hmm that is interesting.

I wonder if it thinks its the same machines because its stored in your roaming profile.

Would be one to test (I don't have a roaming profile setup here). Let me see if I can test by putting it in a share.

May 12, 2016 at 3:53 am

The encryption keys are stored in your user profile, so roaming profiles should be fine cross-machine. There's also an AD feature called Credential Roaming which can make this work without needing to use roaming profiles.

May 12, 2016 at 3:55 am

Thank you Dave, that is interesting. Something to keep a note of 🙂

May 12, 2016 at 4:00 am

Thank You Dave It makes sense to me know.
Thank You Alex