[英]Powershell Remoting with credential
While running remoting commands like Enable-PsSession
, Invoke-command
etc. we need to provide credentials with those commands.在运行诸如Enable-PsSession
、 Invoke-command
等远程命令时,我们需要为这些命令提供凭据。
I don't want to provide the credentials every time while executing these command.我不想在执行这些命令时每次都提供凭据。
Also lets say I stored the username in variable & using the variable while executing the command.也可以说我将用户名存储在变量中并在执行命令时使用该变量。 I want to do this for the password as well.我也想为密码这样做。 Could I do that ?我可以这样做吗?
Eg:例如:
Invoke-Command -ComputerName mycomputer -ScriptBlock { Get-ChildItem C:\ } -credential mydomain\administrator
So here I am providing the password everytime while executing these command.所以在这里我每次在执行这些命令时都提供密码。
How should the commands take username & password automatically either from variable & some other mechanism ?命令应该如何从变量和其他一些机制中自动获取用户名和密码?
You can do:你可以做:
$cred = get-credential #fill you credential in the pop-up window
and then:接着:
Invoke-Command -ComputerName mycomputer -ScriptBlock { Get-ChildItem C:\ } -credential $cred
Remember that the password in $cred
is easily recoverable in clear text!请记住, $cred
中的密码很容易以明文形式恢复!
Encrypt everything.加密一切。 Create an object calling the decrypted info as the password.创建一个对象,调用解密信息作为密码。 Use it like that:像这样使用它:
read-host -assecurestring | convertfrom-securestring | out-file C:\localdrivespace\username-password-encrypted.txt
$username = "domain\username"
$password = cat C:\localdrivespace\username-password-encrypted.txt | convertto-securestring
$cred = new-object -typename System.Management.Automation.PSCredential -argumentlist $username, $password
Powershell will default to the credentials of the user running the powershell session, if none are specified explicitly.如果没有明确指定,Powershell 将默认为运行 powershell 会话的用户的凭据。
So if you run Powershell as a user with administrative privileges on the remote machine, you don't have to enter credentials when running the commands.因此,如果您以在远程计算机上具有管理权限的用户身份运行 Powershell,则在运行命令时不必输入凭据。
What you can do is you can create a scheduled task with stored credentials for a service account, and allow users (or just yourself) access to run the task.您可以做的是,您可以使用服务帐户的存储凭据创建计划任务,并允许用户(或仅您自己)访问以运行该任务。
http://blogs.technet.com/b/heyscriptingguy/archive/2011/01/12/use-scheduled-tasks-to-run-powershell-commands-on-windows.aspx http://blogs.technet.com/b/heyscriptingguy/archive/2011/01/12/use-scheduled-tasks-to-run-powershell-commands-on-windows.aspx
Or you can store credentials in the Windows credential manager, which means they're encrypted using your Windows user.或者您可以将凭据存储在 Windows 凭据管理器中,这意味着它们是使用您的 Windows 用户加密的。
https://gist.github.com/toburger/2947424 https://gist.github.com/toburger/2947424
However with the credential manager solution, any user able to run scripts in your context will be able to extract the password in clear text.但是,使用凭证管理器解决方案,任何能够在您的上下文中运行脚本的用户都能够以明文形式提取密码。
This isn't a problem though, if you only use this for yourself, or if every admin running the scripts does so from his own user context.不过,这不是问题,如果您只为自己使用它,或者如果每个运行脚本的管理员都从他自己的用户上下文中这样做。
Any automated script requiring a password is flawed.任何需要密码的自动化脚本都是有缺陷的。 Comments in the other answers show how easy it is to reverse a secure string.其他答案中的评论表明反转安全字符串是多么容易。
$cred = get-credential mydomain\\me
创建凭证变量: $cred = get-credential mydomain\\me
$cred | export-clixml credfile.xml
将凭据存储在 xml 导出文件中: $cred | export-clixml credfile.xml
$cred | export-clixml credfile.xml
$cred=import-xmlcli \\hidden\\credfile.xml
需要时加载凭据: $cred=import-xmlcli \\hidden\\credfile.xml
enter-pssession -computername server -credential $cred
执行需要凭据的命令: enter-pssession -computername server -credential $cred
This is what I do.这就是我所做的。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.