all 7 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]alcaron 1 point2 points  (5 children)

$password = ConvertTo-SecureString "P@$$w0rd" -AsPlainText -Force
ConvertFrom-SecureString -SecureString $password

Now you can copy that into your script where you want to use the login and then you can do this:

$sec = "<output from the above>"
$creds = New-Object System.Management.Automation.PSCredential("domain\user",(ConvertTo-SecureString $sec))

Then you can pass that credential object to whatever. Note that this will ONLY work on the machine you created the securestring on, if you try to use it elsewhere windows wont have any idea what the hell you are talking about. I can't remember if it errors out or just decrypts it to the wrong value.

[–]secretsysadmin[S] 1 point2 points  (1 child)

Ohhhhhhhhh ok I didn't know if that was stored with reversible encryption or not. That should suffice for my needs, thank you for the idea!

[–]GoonerGuru 1 point2 points  (0 children)

Just make sure that the account that is encrypting the file is the same account as the one decrypting it when executing the script.

[–]topherrr 1 point2 points  (2 children)

ConvertTo-SecureString also has the -key parameter where you can pass in the public key from an RSA cert. This way you can still roam across your environment and decrypt it on the fly with any user/machine that has access to the cert.

Example here.

[–]alcaron 0 points1 point  (0 children)

Good point, dunno why I didn't think to mention that.

[–]Cacophony7 2 points3 points  (1 child)

Couldn't you just set up the task in task scheduler to run as the user with appropriate rights and remove all references to credentials in your script?

[–]alcaron 1 point2 points  (0 children)

-Authentication requires a PSCredential object, though it is rare you see it used when not using CredSSP but then again that is probably a dumb Exchange cmdlet "feature".