使用PowerShell凭据而不提示输入密码

Question

我想重新启动属于域的远程计算机.我有一个管理员帐户,但我不知道如何从powershell使用它.

我知道有一个Restart-Computercmdlet,我可以通过凭据但是如果我的域名是,例如mydomain,我的用户名是myuser,我的密码是mypassword使用它的正确语法？

我需要安排重启,所以我不必输入密码.

Answer 1

问题Get-Credential是它总是会提示输入密码.然而,有一种解决方法,但它涉及将密码存储为文件系统上的安全字符串.

以下文章解释了这是如何工作的:

在没有提示的情况下使用PSCredentials

总之,您创建一个文件来存储您的密码(作为加密字符串).以下行将提示输入密码,然后将其c:\mysecurestring.txt作为加密字符串存储.你只需要这样做一次:

read-host -assecurestring | convertfrom-securestring | out-file C:\mysecurestring.txt

无论您-Credential在PowerShell命令中看到哪个参数,都意味着您可以传递一个PSCredential.所以在你的情况下:

$username = "domain01\admin01"
$password = Get-Content 'C:\mysecurestring.txt' | ConvertTo-SecureString
$cred = new-object -typename System.Management.Automation.PSCredential `
         -argumentlist $username, $password

$serverNameOrIp = "192.168.1.1"
Restart-Computer -ComputerName $serverNameOrIp `
                 -Authentication default `
                 -Credential $cred
                 <any other parameters relevant to you>

您可能需要不同的-Authentication开关值,因为我不了解您的环境.

Answer 2

还有另一种方式,但......

如果你 不想在脚本文件中输入密码,请不要这样做(在脚本中存储密码不是一个好主意,但我们中的一些人只是想知道如何.)

好的,这是警告,这是代码:

$username = "John Doe"
$password = "ABCDEF"
$secstr = New-Object -TypeName System.Security.SecureString
$password.ToCharArray() | ForEach-Object {$secstr.AppendChar($_)}
$cred = new-object -typename System.Management.Automation.PSCredential -argumentlist $username, $secstr

$cred 将获得John Doe的凭证,密码为"ABCDEF".

替代方法是准备好使用密码:

$password = convertto-securestring -String "notverysecretpassword" -AsPlainText -Force

Answer 3

关于存储凭证,我使用两个函数(通常在从我的配置文件加载的模块中):

#=====================================================================
# Get-MyCredential
#=====================================================================
function Get-MyCredential
{
param(
$CredPath,
[switch]$Help
)
$HelpText = @"

    Get-MyCredential
    Usage:
    Get-MyCredential -CredPath `$CredPath

    If a credential is stored in $CredPath, it will be used.
    If no credential is found, Export-Credential will start and offer to
    Store a credential at the location specified.

"@
    if($Help -or (!($CredPath))){write-host $Helptext; Break}
    if (!(Test-Path -Path $CredPath -PathType Leaf)) {
        Export-Credential (Get-Credential) $CredPath
    }
    $cred = Import-Clixml $CredPath
    $cred.Password = $cred.Password | ConvertTo-SecureString
    $Credential = New-Object System.Management.Automation.PsCredential($cred.UserName, $cred.Password)
    Return $Credential
}

还有这个:

#=====================================================================
# Export-Credential
# Usage: Export-Credential $CredentialObject $FileToSaveTo
#=====================================================================
function Export-Credential($cred, $path) {
      $cred = $cred | Select-Object *
      $cred.password = $cred.Password | ConvertFrom-SecureString
      $cred | Export-Clixml $path
}

你这样使用它:

$Credentials = Get-MyCredential (join-path ($PsScriptRoot) Syncred.xml)

如果凭证文件不存在,则第一次会提示您,此时它会将凭证存储在XML文件中的加密字符串中.第二次运行该行时,xmlfile就会出现并自动打开.

Answer 4

我必须从需要不同凭据的远程服务器运行SCOM 2012功能.我通过将密码解密函数的输出作为输入传递给ConvertTo-SecureString来避免使用明文密码.为清楚起见,此处未显示.

我喜欢强烈地输入我的声明.$ strPass的类型声明正常工作.

[object] $objCred = $null
[string] $strUser = 'domain\userID'
[System.Security.SecureString] $strPass = '' 

$strPass = ConvertTo-SecureString -String "password" -AsPlainText -Force
$objCred = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList ($strUser, $strPass)