如何传递凭据以重命名命令? [英] how to pass credentials to rename command?

问题描述

我在 PowerShell 脚本中运行以下命令以简单地重命名计算机.该脚本将由计算机启动脚本 GPO 执行，因此我需要在命令中传递凭据.如果脚本在启动时执行，我看不到脚本发生了什么，我正在通过以普通用户身份登录时运行脚本来测试它

I'm running the following command in a PowerShell script to simply rename a computer. The script will be executed by a computer startup script GPO, so I need to pass credentials within the command. As I can't see what's happening with the script if it's executed at startup I'm testing it by running the script while logged on as a normal user

(Get-WmiObject win32_computersystem).Rename( $NewName,'Password','domain\username')

该命令返回5"的 ReturnValue - 拒绝访问.如何传递用户名和密码?(我了解脚本中密码的安全风险)

The command returns a ReturnValue of '5' - Access Denied. How can I pass the username and password? (I understand the security risk regarding a password in the script)

__GENUS          : 2
__CLASS          : __PARAMETERS
__SUPERCLASS     : 
__DYNASTY        : __PARAMETERS
__RELPATH        : 
__PROPERTY_COUNT : 1
__DERIVATION     : {}
__SERVER         : 
__NAMESPACE      : 
__PATH           : 
ReturnValue      : 5
PSComputerName   : 

推荐答案

如果你总是在同一台机器上运行它或者关联的帐户漫游，那么 IIRC 你可以依赖 DPAPI 来存储密钥，如下所示:

If you're always running this on the same machine or the associated account roams then IIRC you can rely on DPAPI to store the key like so:

# Capture once and store to file
$passwd = Read-Host "Enter password" -AsSecureString
$encpwd = ConvertFrom-SecureString $passwd
$encpwd
$encpwd > $path\password.bin

# Later pull this in and restore to a secure string
$encpwd = Get-Content $path\password.bin
$passwd = ConvertTo-SecureString $encpwd

# Extract a plain text password from secure string
$bstr = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($passwd)
$str =  [System.Runtime.InteropServices.Marshal]::PtrToStringBSTR($bstr)
[System.Runtime.InteropServices.Marshal]::ZeroFreeBSTR($bstr)
$str

如果这不起作用，您可以使用此方法，但它不如上述方法安全:

If that doesn't work, you can use this approach but it not as secure as the above approach:

$key = 1..32 | ForEach-Object { Get-Random -Maximum 256 }
$passwd = Read-Host "Enter password" -AsSecureString
$encpwd = ConvertFrom-SecureString $passwd -Key $key
$encpwd

# Could easily modify this to store username also
$record = new-object psobject -Property @{Key = $key; EncryptedPassword = $encpwd}
$record
$record | Export-Clixml $path\portablePassword.bin

# Later pull this in and restore to a secure string
$record = Import-Clixml $path\portablePassword.bin
$passwd = ConvertTo-SecureString $record.EncryptedPassword -Key $record.Key

# Extract a plain text password from secure string
$bstr = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($passwd)
$str =  [System.Runtime.InteropServices.Marshal]::PtrToStringBSTR($bstr)
[System.Runtime.InteropServices.Marshal]::ZeroFreeBSTR($bstr)
$str

这篇关于如何传递凭据以重命名命令?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！