Pass credentials with Powershell – 3 Ways


Here’s your typical scenario.   You have a script that requires credentials internally.  So to provide those credentials you would do something like

$MyCredentials=GET-CREDENTIAL –credential “CONTOSO\Username”

and you of course see a box like this normally on the screen


Then you would type in the password and life would go on about it’s Merry Little Way…

Build from clear text in a Script

The other method you could leverage would be to embed the credentials in a Powershell script like this.

This second method is of course very insecure as the credentials are stored directly and viewable within the script.   But the advantage to this is the ability to work with a legacy setup like a BAT, CMD or vbScript as the calling system.

You can pass the credentials to a Powershell and have it invoke the Cmdlets (like those in Exchange 2007) with the same flow and no modification to the source script.

Store Credentials in an XML file

Using the EXPORT-CLIXML and IMPORT-CLIXML gives us a better option.   We can store away the entire System.Management.Automation.PSCredential Object as an XML file.   It’s actually VERY easy to use.

Create your credentials in any of the normal manners.   Let’s use the Interactive one as an example

Instead of just doing this for Credentials and keying in the password

You can pipe the output EXPORT-CLIXML

Now if you ever need to re-use those credentials it’s just a simple matter of running an IMPORT-CLIXML and bringing the data back in as an Object.

Now wherever this XML file exists SHOULD be a secure location.  That goes without saying.   But the beautiful part here is if you have a series of systems or scripts that may need to have those credentials reset, you’re just into rebuilding a single XML file and just having the scripts use an IMPORT-CLIXML file to bring in the data.

Remember Powershell is just another technology to get you home earlier.   Leverage these credential methods in your environment in whatever suits your organization best.


Note: These cmdlets use the DPAPI to do the encryption, and DPAPI stores the encryption keys in your user profile. So when running a script that calls the credentials xml file it cannot be run from someone else’s profile.



No Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Install Vmware PowerCLI

PowerCLI is really easy to install now. From an Administrative Powershell window just enter: Install-Module -Name VMware.PowerCLI Minimum Powershell Version must be v3.   Offline Install of PowerCLI Accessing the PowerCLI Modules We’re now ready to download the PowerCLI modules. This task will require a system with internet access. This …

MDT – Joining a Computer to a Domain Using PowerShell

Using PowerShell scripts within a task sequence provides more flexibility than using the CustomSettings.ini file to join a computer to a domain. The parameters of the CustomSettings.ini file are common to any deployment you perform. That’s why creating a custom PowerShell script to join your domain will be customize to …

Windows Event Forwarding for Active Directory Security Logs with DSC

In this post, I will be teaching you how to configure Windows Event Logs Forwarding for Active Directory Security Logs that are stored on Domain Controllers. This is a real world example of how to use DSC in your environments and showcases the benefits of using DSC. If you are …