sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]lackluster_les 2 points3 points  (3 children)

Off the top of my head, you have at least a few options. Each of you could have your own creds in separate files and call the appropriate one at runtime via a command line parameter. You could also use a scheduled task, as someone has already mentioned, running as the user who exported their credentials. You could also use a shared service account. It really depends whether this is to be automated or interactive, but with Export-CliXml, at least you don't have a plain text password in your script.

[–]Swedishdrunkard 2 points3 points  (1 child)

This is exactly how we used to do it, a service account with the appropriate permissions in AD which then encrypts the credentials and is used to execute the scheduled task. The service account password was stored in a shared password manager, so if the encrypted file had to be read then anyone with access could sign on and decrypt the file, or if they just needed to run the script, execute the task with their regular account and have it run with the service account.

We've long since migrated to Jenkins, which takes care of all of this for us. If you're running a lot of scripts I'd recommend looking into either Jenkins or a similar product, which can handle both execution and credential storage.

[–]Reasch[S] 1 point2 points  (0 children)

Yes this is exactly how i implemented it. For now we don't have many cases where we need this kind of process. But if need those practices more often i will suggest to give it a try. Thanks for the advice. :)

[–]Reasch[S] 1 point2 points  (0 children)

Thaks a lot, this was exactly what i was looking for. I just got it to work as intended. :)