locked
Scheduled Task - Embedded Credentials in Script RRS feed

  • Question

  • I have a script that I run each week that sends a user group membership each week.  I am using the built-in Send-MailMessage command.  The script will prompt me for a valid Exchange user account and password.  Is there a way to pass this information to the script using the Task Scheduler for Windows 2008 R2?

    Thanks!

    Thursday, March 14, 2013 9:45 PM

Answers

  • The script will run under the credentials the sheduled task is set to run with.

    To expand on Tim's suggestion:

    #this will take a password from your input and save it to a file in an encrypted format.

    #you only need to do this once (unless the password for the user changes)

    read-host -assecurestring | convertfrom-securestring | out-file C:\securestring.txt

    #You can read the password back into a script with this:

    $pass = cat C:\securestring.txt | convertto-securestring

    #this creates a credential object containg the username and password

    $mycred = new-object -typename System.Management.Automation.PSCredential -argumentlist “<username>”,$pass

    # use $mycred as the credentials for Powershell commands

    invoke-command -computer <computername> -credential $mycred -scriptblock {....}

    The secure string created can only be decrypted by the user who created it, on the computer it was created on... so your scheduled task should use those credentials.


    Inspired by Carlsberg.

    • Marked as answer by seag33k Friday, March 15, 2013 9:42 PM
    Friday, March 15, 2013 9:05 PM
  • Excellent!  In case others are trying to do the same thing, I completed it with the following:

    $mycreds = New-Object System.Management.Automation.PSCredential ("username_replacehere", $secpasswd)
    #SEND EMAIL USING SEND-MAILMESSAGE
    send-mailmessage -to "My Email<myemail@domain.com>" -from "Your Email<youremail@domain.com>" -subject "email1" -body "this is body1" -smtpserver smtp.domain.com -credential $mycreds
    • Marked as answer by Yan Li_ Monday, March 18, 2013 5:38 AM
    Friday, March 15, 2013 9:42 PM

All replies

  • $passwd = ConvertTo-SecureString "<password>" -AsPlainText -Force
    $creds = New-Object System.Management.Automation.PSCredential ("<user>", $passwd)
    
    I've used this to capture creds and put them into a file so that it could then later be read in by another script.

    .:|:.:|:. tim

    Friday, March 15, 2013 12:30 AM
  • Thanks for the information.

    From this code, the password would be stored in my script in clear text? Is there any way to pass the credentials from the schedule task to the script? Or any other way to script this so the password isn't in clear text?

    Thanks!

    • Proposed as answer by Natip Friday, April 6, 2018 1:40 PM
    • Unproposed as answer by Natip Friday, April 6, 2018 1:40 PM
    Friday, March 15, 2013 8:43 PM
  • The script will run under the credentials the sheduled task is set to run with.

    To expand on Tim's suggestion:

    #this will take a password from your input and save it to a file in an encrypted format.

    #you only need to do this once (unless the password for the user changes)

    read-host -assecurestring | convertfrom-securestring | out-file C:\securestring.txt

    #You can read the password back into a script with this:

    $pass = cat C:\securestring.txt | convertto-securestring

    #this creates a credential object containg the username and password

    $mycred = new-object -typename System.Management.Automation.PSCredential -argumentlist “<username>”,$pass

    # use $mycred as the credentials for Powershell commands

    invoke-command -computer <computername> -credential $mycred -scriptblock {....}

    The secure string created can only be decrypted by the user who created it, on the computer it was created on... so your scheduled task should use those credentials.


    Inspired by Carlsberg.

    • Marked as answer by seag33k Friday, March 15, 2013 9:42 PM
    Friday, March 15, 2013 9:05 PM
  • Excellent!  In case others are trying to do the same thing, I completed it with the following:

    $mycreds = New-Object System.Management.Automation.PSCredential ("username_replacehere", $secpasswd)
    #SEND EMAIL USING SEND-MAILMESSAGE
    send-mailmessage -to "My Email<myemail@domain.com>" -from "Your Email<youremail@domain.com>" -subject "email1" -body "this is body1" -smtpserver smtp.domain.com -credential $mycreds
    • Marked as answer by Yan Li_ Monday, March 18, 2013 5:38 AM
    Friday, March 15, 2013 9:42 PM