Ich möchte euch heute 2 PowerShell Funktionen zeigen die mir in der Vergangenheit schon das ein oder andere mal weiter geholfen haben.
Im groben geht es darum Login Daten verschlüsselt in einer XML Datei abzuspeichern um diese später in einem anderen PowerShell Script weiter verwenden zu können.
z.B. wenn automatisiert Dateien von einem Windows File Server auf eine NAS ohne AD Anbindung kopiert werden müssen.
Ob diese Art der Verschlüsselung sicher genug ist, müsst ihr für euch selbst entscheiden.
Aber jetzt zu den PS Funktionen!
Funktion zum Exportieren von Login Informationen in eine XML Datei
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
function Export-PSCredential {
param (
#$Credential = (Get-Credential),
$Credential = "",
$Path = "credentials.enc.xml",
[switch]$Help)
$HelpInfo = @'
Function : Export-PSCredential
Date : 02/24/2011
Purpose : Exports user credentials to an encoded XML file. Resulting file
can be imported using function: Import-PSCredential
Usage : Export-PSCredential [-Credential [domain\]username][-Path ][-Help]
where
-Credential specify the user account for which we will create a credential file
password will be collected interactively
-Path specify the file to which credential information will be written.
if omitted, the file will be "credentials.enc.xml" in the current
working directory.
-Help displays this help information
Note : Import-PSCredential can be used to decode this file into a PSCredential object and
MUST BE executed using the same user account that was used to create the encoded file.
'@
if ($help){
write-host $HelpInfo
return
}
$Credential = (Get-Credential $credential)
# Look at the object type of the $Credential parameter to determine how to handle it
switch ( $Credential.GetType().Name ) {
# It is a credential, so continue
PSCredential { continue }
# It is a string, so use that as the username and prompt for the password
String { $Credential = Get-Credential -credential $Credential }
# In all other caess, throw an error and exit
default { Throw "You must specify a credential object to export to disk." }
}
# Create temporary object to be serialized to disk
$export = "" | Select-Object Username, EncryptedPassword
# Give object a type name which can be identified later
$export.PSObject.TypeNames.Insert(0,’ExportedPSCredential’)
$export.Username = $Credential.Username
# Encrypt SecureString password using Data Protection API
# Only the current user account can decrypt this cipher
$export.EncryptedPassword = $Credential.Password | ConvertFrom-SecureString
# Export using the Export-Clixml cmdlet
$export | Export-Clixml $Path
Write-Host -foregroundcolor Green "Credentials saved to: " -noNewLine
# Return FileInfo object referring to saved credentials
Get-Item $Path
}
Downloads: 0
Version: 1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
function Import-PSCredential {
param ( $Path = "credentials.enc.xml",
[switch]$Help)
$HelpInfo = @'
Function : Import-PSCredential
Date : 02/24/2011
Purpose : Imports user credentials from an encoded XML file.
Usage : $cred = Import-PSCredential [-Path ][-Help]
where
$cred will contain a PSCredential object upon successful completion
-Path specify the file from which credentials will be read
if omitted, the file will be "credentials.enc.xml" in the current
working directory.
-Help displays this help information
Note : Credentials can only be decoded by the same user account that was used to
create the encoded XML file
'@
if ($help){
write-host $HelpInfo
return
}
# Import credential file
$import = Import-Clixml $Path
# Test for valid import
if ( !$import.UserName -or !$import.EncryptedPassword ) {
Throw "Input is not a valid ExportedPSCredential object, exiting."
}
$Username = $import.Username
# Decrypt the password and store as a SecureString object for safekeeping
$SecurePass = $import.EncryptedPassword | ConvertTo-SecureString
# Build the new credential object
$Credential = New-Object System.Management.Automation.PSCredential $Username, $SecurePass
Write-Output $Credential
}
Downloads: 0
Version: 1
Hal Rottenberg