none
how to use encrypted password to update a scheduled task RRS feed

  • Question

  • I now how to make a password encrypted and write it to a file.

    But then I have to use it to update a scheduled task.

    What I have so far:

    $credentials = get-credential
    $credentials.Password | ConvertFrom-SecureString | Set-Content 'c:\temp\password.txt'

    So now the password is encrypted in a file.

    Get the password -> $password = Get-Content 'c:\temp\password.txt' | ConvertTo-SecureString

    Then $password gives me -> System.Security.SecureString

    Now I want to update a scheduled task (set new time for task to run)

    $update = new-timespan -days 1 -hours 1 -minutes 1
    $newdate = (get-date) + $update
    $newschedtime= New-ScheduledTaskTrigger -At $newdate -Once

    $username = <user that is running the task>

    Set-ScheduledTask -Taskname "name_of_task" -trigger $newschedtime -user $UserName -password $password

    When I do this I get: The user name or password is incorrect.
    When I don't use $username but just the "domain\username" it gives me the same output, so I am doing something wrong with the password.

    Who can help me out.

    Tuesday, January 6, 2015 3:25 PM

Answers

  • Try this - 

    $password = gc 'C:\temp\password.txt' | Convertto-securestring
    $password = [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($password))
    $update = new-timespan -days 1 -hours 1 -minutes 1
    $newdate = (get-date) + $update
    $newschedtime= New-ScheduledTaskTrigger -At $newdate -Once
    $username = <user that is running the task>
    
    Set-ScheduledTask -Taskname "name_of_task" -trigger $newschedtime -user $UserName -password $password

    • Proposed as answer by Braham20 Wednesday, January 7, 2015 1:12 PM
    • Marked as answer by Mantsje Wednesday, January 7, 2015 2:16 PM
    Tuesday, January 6, 2015 3:44 PM

All replies

  • Try this - 

    $password = gc 'C:\temp\password.txt' | Convertto-securestring
    $password = [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($password))
    $update = new-timespan -days 1 -hours 1 -minutes 1
    $newdate = (get-date) + $update
    $newschedtime= New-ScheduledTaskTrigger -At $newdate -Once
    $username = <user that is running the task>
    
    Set-ScheduledTask -Taskname "name_of_task" -trigger $newschedtime -user $UserName -password $password

    • Proposed as answer by Braham20 Wednesday, January 7, 2015 1:12 PM
    • Marked as answer by Mantsje Wednesday, January 7, 2015 2:16 PM
    Tuesday, January 6, 2015 3:44 PM
  • Thanks it is working.

    The only thing I had to do also is to start powershel under the user that was running the task to store the password in a text file.


    • Edited by Mantsje Wednesday, January 7, 2015 12:48 PM
    • Marked as answer by Mantsje Wednesday, January 7, 2015 12:48 PM
    • Unmarked as answer by Mantsje Wednesday, January 7, 2015 2:16 PM
    Wednesday, January 7, 2015 12:46 PM
  • No problem, you should mark the response that answered the question as the answer, not your own post. As an aside, storing credentials the way you are doing is not very secure, anybody who has access to the file can easily turn it back into a readable string - it only takes a line of code to do.
    Wednesday, January 7, 2015 1:27 PM
  • Ok, you are right about that it is not that secure.
    Do you know a better way to do this?

    Wednesday, January 7, 2015 2:17 PM
  • Ok, you are right about that it is not that secure.
    Do you know a better way to do this?

    I may have been mistaken, I didn't initially realise that the profile used when creating the password file forms part of the key to decrypt it.  
    Wednesday, January 7, 2015 2:30 PM
  • $Credentials = (Get-Credential -Message 'Enter username and password')
    $UserName = $Credentials.UserName
    $Password =  [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($Credentials.password))
    This doesn't store the password - a bit more secure but it is in memory until that powershell session is closed - you can always run $password = $null if you want to clear the mem.

    kbj

    Monday, April 24, 2017 3:49 PM