I frequently use different credentials to connect to some of my servers. Oh man, I wish I have just one account J As Configuration Manager is based on WMI, my most frequently used cmdlet is Get-WmiObject. And I use its Credential parameter to pass credentials I need for specific server. You can save your credentials to a variable by using the Get-Credential cmdlet.
PS> $cred = Get-Credential domain\makovec
But after some time it’s boring to do this every time I start my session. So, I am saving my credentials to a file and load it in $profile. I have three functions for working with credentials.
- New-DMCredential – creates a new file with credentials stored inside.
- Get-DMCredential – load credentials from a file (and then save it to a variable).
- Show-DMCredential – ehh, sometimes I forgot current password (especially after holiday). This one shows me password in clear text.
I got this idea of storing it this way from Lee Holmes’s PowerShell Cookbook. I’ve just written a function around his code. You can see dDM alias used in the following examples. This alias is used as a file name for stored credentials (used as output of New-DMCredential function and input of Get-DMCredential). The name of variable holding credential object is also based on this alias name.
PS> New-DMCredential -UserName domain\makovec -Alias dDM
It creates file with credentials. To be clear – the file doesn’t contain data in a clear text. It’s encrypted using Data Protection API.
I can use this stored credentials to assign them to a variable (this is the line I have in my $profile):
PS> Get-DMCredential -UserName domain\makovec -Alias dDM
When I want to connect to one of my servers I can use this variable:
PS> Connect-ConfigMgrProvider -ComputerName MyServer -Credential $dDM
Or I can see my password when needed:
PS> Show-DMCredential $dDM Pa$$w0rd
Here are the functions I use. I’ve commented it inline.
function New-DMCredential { [CmdletBinding()] param( [Parameter( Mandatory = $true, Position = 0 )] [string]$UserName, [Parameter( Mandatory = $true, Position = 1 )] [string]$Alias ) # Where the credentials will be stored $path = 'c:\Scripts\Resources\cred\' # get credentials for given username $cred = Get-Credential $UserName # and save encrypted text to a file $cred.Password | ConvertFrom-SecureString | Set-Content -Path ("$path\$Alias") } function Get-DMCredential { [CmdletBinding()] param( [Parameter( Mandatory = $true, Position = 0 )] [string]$UserName, [Parameter( Mandatory = $true, Position = 1 )] [string]$Alias ) # where to load credentials from $path = 'c:\Scripts\Resources\cred\' # receive cred as a PSCredential object $pwd = Get-Content -Path ("$path\$Alias") | ConvertTo-SecureString $cred = New-Object System.Management.Automation.PSCredential $UserName, $pwd # assign a cred to a global variable based on input Invoke-Expression "<code>$Global:$($Alias) = </code>$cred" Remove-Variable -Name cred Remove-Variable -Name pwd } function Show-DMCredential { param($cred) # Just to see password in clear text [Runtime.InteropServices.Marshal]::PtrToStringAuto([Runtime.InteropServices.Marshal]::SecureStringToBSTR($cred.Password)) }
I can probably change this script to module and make it a bit more user friendly. I will do that soon. At the moment–you can do that as your homework :).