Fatal编程技术网
  • powershell/
  • Powershell 如何传递凭据以重命名命令?

Powershell 如何传递凭据以重命名命令?

powershell

Powershell 如何传递凭据以重命名命令?,powershell,Powershell,我正在PowerShell脚本中运行以下命令,以简单地重命名计算机。该脚本将由计算机启动脚本GPO执行,因此我需要在命令中传递凭据。由于我看不到脚本在启动时执行时会发生什么,所以我正在以普通用户身份登录时运行脚本来测试它 (Get-WmiObject win32_computersystem).Rename( $NewName,'Password','domain\username') 该命令返回返回值“5”-访问被拒绝。如何传递用户名和密码?(我了解脚本中密码的安全风险) 发现以下内容: 看

我正在PowerShell脚本中运行以下命令,以简单地重命名计算机。该脚本将由计算机启动脚本GPO执行,因此我需要在命令中传递凭据。由于我看不到脚本在启动时执行时会发生什么,所以我正在以普通用户身份登录时运行脚本来测试它

(Get-WmiObject win32_computersystem).Rename( $NewName,'Password','domain\username')
该命令返回返回值“5”-访问被拒绝。如何传递用户名和密码?(我了解脚本中密码的安全风险)

发现以下内容:

看起来需要设置身份验证级别才能传递凭据(可以选择使用Get-Credential CMDLet)。恐怕目前我还没有可用的盒子来测试此功能。

发现以下内容:

看起来需要设置身份验证级别才能传递凭据(可以选择使用Get-Credential CMDLet)。很抱歉,目前我还没有可用的测试框。

如果您总是在同一台机器上运行此功能,或者相关帐户漫游,那么IIRC您可以依靠DPAPI存储密钥,如下所示:

# Capture once and store to file
$passwd = Read-Host "Enter password" -AsSecureString
$encpwd = ConvertFrom-SecureString $passwd
$encpwd
$encpwd > $path\password.bin

# Later pull this in and restore to a secure string
$encpwd = Get-Content $path\password.bin
$passwd = ConvertTo-SecureString $encpwd

# Extract a plain text password from secure string
$bstr = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($passwd)
$str =  [System.Runtime.InteropServices.Marshal]::PtrToStringBSTR($bstr)
[System.Runtime.InteropServices.Marshal]::ZeroFreeBSTR($bstr)
$str
如果不起作用,您可以使用此方法,但不如上述方法安全:

$key = 1..32 | ForEach-Object { Get-Random -Maximum 256 }
$passwd = Read-Host "Enter password" -AsSecureString
$encpwd = ConvertFrom-SecureString $passwd -Key $key
$encpwd

# Could easily modify this to store username also
$record = new-object psobject -Property @{Key = $key; EncryptedPassword = $encpwd}
$record
$record | Export-Clixml $path\portablePassword.bin

# Later pull this in and restore to a secure string
$record = Import-Clixml $path\portablePassword.bin
$passwd = ConvertTo-SecureString $record.EncryptedPassword -Key $record.Key

# Extract a plain text password from secure string
$bstr = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($passwd)
$str =  [System.Runtime.InteropServices.Marshal]::PtrToStringBSTR($bstr)
[System.Runtime.InteropServices.Marshal]::ZeroFreeBSTR($bstr)
$str
如果您总是在同一台机器上运行此项或关联的帐户漫游,那么IIRC您可以依靠DPAPI存储密钥,如下所示:

# Capture once and store to file
$passwd = Read-Host "Enter password" -AsSecureString
$encpwd = ConvertFrom-SecureString $passwd
$encpwd
$encpwd > $path\password.bin

# Later pull this in and restore to a secure string
$encpwd = Get-Content $path\password.bin
$passwd = ConvertTo-SecureString $encpwd

# Extract a plain text password from secure string
$bstr = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($passwd)
$str =  [System.Runtime.InteropServices.Marshal]::PtrToStringBSTR($bstr)
[System.Runtime.InteropServices.Marshal]::ZeroFreeBSTR($bstr)
$str
如果不起作用,您可以使用此方法,但不如上述方法安全:

$key = 1..32 | ForEach-Object { Get-Random -Maximum 256 }
$passwd = Read-Host "Enter password" -AsSecureString
$encpwd = ConvertFrom-SecureString $passwd -Key $key
$encpwd

# Could easily modify this to store username also
$record = new-object psobject -Property @{Key = $key; EncryptedPassword = $encpwd}
$record
$record | Export-Clixml $path\portablePassword.bin

# Later pull this in and restore to a secure string
$record = Import-Clixml $path\portablePassword.bin
$passwd = ConvertTo-SecureString $record.EncryptedPassword -Key $record.Key

# Extract a plain text password from secure string
$bstr = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($passwd)
$str =  [System.Runtime.InteropServices.Marshal]::PtrToStringBSTR($bstr)
[System.Runtime.InteropServices.Marshal]::ZeroFreeBSTR($bstr)
$str