I have a batch file that runs a script using a specific user's credentials being called from a text file. The problem is, anyone can follow the path and open said text file and see that user's sign-on credentials. I put them in stream files for added perplexity but by viewing the path in the batch file, anyone can figure it out.
script.bat:
@ECHO OFF
SET credentialsFile=.\SomeFile.txt:username.txt
SET anotherFile=.\SomeFile.txt:password.txt
SET /p username=<%credentialsFile%
SET /p password=<%anotherFile%
Script here that needs to use %username% and %password% for execution
This is being run on a server that several people have access to. What can be done to completely hide the contents of the text file from everyone but the batch file that calls it and the user who's credentials are being used? Or another way of going about this instead of a text file?
**Note that this script is to run on startup and so the goal is to avoid requiring user input on execution in case the server were to go down in the middle of the night
I agree that PSCredential
objects may be a good solution for your use case. To help you along, here is an example script that can store UserName and Password in .txt
files and then use them to create a PSCredential
object.
The Password is stored as a SecureString
- unreadable if you simply open the.txt file. The secure string is used to create the PSCredentia
l object. The SecureString
can only be read by the same user account on the same machine that created it.
# This method will encrypt using the Windows Data Protection API, which
# we are only able to access the password file with one account and only
# on the same device that created the password file.
# Get the UserName and store it in a file
$UserName = Read-Host -Prompt "Enter username for script" | Tee-Object "UserName.txt"
# Get the Password and store it as a secure string in a file
# e.g. abc123
Read-Host -Prompt "Enter password for $Credential" -AsSecureString | ConvertFrom-SecureString | Out-File "Password.txt"
# Get our password from the secure string we stored on disk
$Password = Get-Content "Password.txt" | ConvertTo-SecureString
# Create a PS credential object using the username and password we've gathered
$Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $UserName,$Password
# This yields the plain text password.
# e.g. abc123
$Credential.GetNetworkCredential().Password
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.