We appreciate you taking the time to vote and add your suggestions to make our products awesome! Your request will be submitted to the community for review and inclusion into the backlog.
We recommend reviewing what is submitted before posting, in case your idea has already been submitted by another community member. If it has been submitted, vote for that existing feature request (by clicking the up arrow) to increase its opportunity of being added to Cireson solutions.
For more information around feature requests in the Cireson Community click here.
We recommend reviewing what is submitted before posting, in case your idea has already been submitted by another community member. If it has been submitted, vote for that existing feature request (by clicking the up arrow) to increase its opportunity of being added to Cireson solutions.
For more information around feature requests in the Cireson Community click here.
Options
Powershell Activity - Run As
Bruno_Serafim
Customer IT Monkey ✭
Add the possibility to run powershell activities with another account.
This will be truly helpful to do non scsm tasks like AD tasks without storing the creds in clear in the script. Or even without doing something like that : https://blogs.technet.microsoft.com/robcost/2008/05/01/powershell-tip-storing-and-using-password-credentials/
2
Comments
as a possible workaround to avoid clear text cred in PS and avoiding a file store you can use the following approach:
## convert password strings to secure string and create encrypted string from secure string
##
## $key= (12,34,45,78,91,121,143,242,113,16,32,23,42,54,33,233,1,34,212,72,62,51,135,143) # 192 bit key --> this is important so that the hashed pw can be used on every computer - without a given key, the hash can only be used on the computer where the hash has been generated
## $sc=ConvertTo-SecureString 'yourPlainTextPasswordString' -AsPlainText -Force
## $st=ConvertFrom-SecureString -SecureString $sc -Key $key
##
## this have to be done once
your pS script only contains:
#
$key= (12,34,45,78,91,121,143,242,113,16,32,23,42,54,33,233,1,34,212,72,62,51,135,143)
$secString_wf="76492d1116743f04234...... " #string output from ConvertFrom-SecureString ...
$password_wf = ConvertTo-SecureString -String $secString_wf -key $key
$username_wf = "username"
Hi Bruno,
the password hash is stored in the PS script itself e.g. in the var $secString_wf as shown in the example above. Of course - I know, it is not 100% secure - but - and that was my intention - better than clear text password.