We appreciate you taking the time to vote and add your suggestions to make our products awesome! Your request will be submitted to the community for review and inclusion into the backlog.

We recommend reviewing what is submitted before posting, in case your idea has already been submitted by another community member. If it has been submitted, vote for that existing feature request (by clicking the up arrow) to increase its opportunity of being added to Cireson solutions.

For more information around feature requests in the Cireson Community click here.

Powershell Activity - Run As

Add the possibility to run powershell activities with another account.

This will be truly helpful to do non scsm tasks like AD tasks without storing the creds in clear in the script. Or even without doing something like that : https://blogs.technet.microsoft.com/robcost/2008/05/01/powershell-tip-storing-and-using-password-credentials/
2 votes

Submitted · Last Updated

Comments

  • Roland_KindRoland_Kind Partner Advanced IT Monkey ✭✭✭

    as a possible workaround to avoid clear text cred in PS and avoiding a file store you can use the following approach:

    ## convert password strings to secure string and create encrypted string from secure string
    ##
    ## $key= (12,34,45,78,91,121,143,242,113,16,32,23,42,54,33,233,1,34,212,72,62,51,135,143) # 192 bit key --> this is important so that the hashed pw can be used on every computer - without a given key, the hash can only be used on the computer where the hash has been generated


    ## $sc=ConvertTo-SecureString 'yourPlainTextPasswordString' -AsPlainText -Force
    ## $st=ConvertFrom-SecureString -SecureString $sc -Key $key
    ##

    ## this have to be done once

    your pS script only contains:
      

    $key= (12,34,45,78,91,121,143,242,113,16,32,23,42,54,33,233,1,34,212,72,62,51,135,143)
    $secString_wf="76492d1116743f04234...... "  #string output from ConvertFrom-SecureString ...
    $password_wf = ConvertTo-SecureString -String $secString_wf -key $key
    $username_wf = "username"

  • Bruno_SerafimBruno_Serafim Customer IT Monkey ✭
    Hi Roland,

    Thank you for your answer.
    Just a question, where is stored the hashed password ?
  • Roland_KindRoland_Kind Partner Advanced IT Monkey ✭✭✭

    Hi Bruno,

    the password hash is stored in the PS script itself  e.g. in the var $secString_wf as shown in the example above. Of course - I know, it is not 100% secure - but - and that was my intention - better than clear text password.

Sign In or Register to comment.