Powershell Secure password to work on any machine

2019-04-24 18:34发布

问题:

I need to write a powershell script that i can run on any machine to connect to a server. Does the secure-string encrypt using the machine or user i.e will a secure password work on any machine in the domain or can it only be decrypted on the machine it was created on. If it is the latter is there away to encrypt the password so i can run the script on any machine

回答1:

To work on other machines you'll need to create a key for use with the ConvertTo-SecureString and ConvertFrom-SecureString cmdlets.

PS C:\> $Key = (3,4,2,3,56,34,254,222,1,1,2,23,42,54,33,233,1,34,2,7,6,5,35,43)
PS C:\>$StandardString = ConvertFrom-SecureString  $SecureString -Key $Key

http://www.leeholmes.com/blog/2006/06/01/securestrings-in-powershell/

By default, the SecureString cmlets use Windows’ Data Protection API when they convert your SecureString to and from a plain text representation. The encryption key is based on your Windows logon credentials so only you can decrypt the data that you’ve encrypted. If you want the exported data to work on another system or separate user account, you can use the parameter sets that let you provide an explicit key.



回答2:

That's a great question. Here's a link to how to save your credential. I got this set up and I'm going to try my credential string on another computer logged in with another account. I'll let you know my result.

Update

I would have to say it didn't work for me. I went on the other person's machine logged in as them. I have my Credentials set up in a script called Get-MyCred:

$username = 'Domain\MyName'
$password = cat '\\server\share\securestring.txt' | convertto-securestring
$cred = new-object -typename System.Management.Automation.PSCredential -argumentlist $username, $password

return $cred

When I run the line where it gets my password I get an error on the other persons machine.

ConvertTo-SecureString : Key not valid for use in specified state.
At line:1 char:56
+ Get-Content O:\BCKUP\MyScripts\Cred\securestring.txt | ConvertTo-SecureString
+                                                        ~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo          : InvalidArgument: (:) [ConvertTo-SecureString], CryptographicException
+ FullyQualifiedErrorId : ImportSecureString_InvalidArgument_CryptographicError,Microsoft.PowerShell.Commands.ConvertToSecureStringCommand

I even get the error when I log into another computer with my credentials.