PowerShell v1脚本提示输入密码

gquia 发布于 2019-03-09 powershell 最后更新 2019-03-09 14:37 0 浏览

我正在尝试将远程服务器身份验证添加到PS1批处理文件脚本。 所以我可以这样做:

Copy-Item  $src $destination -Credential $Creds
我创建了一个密码文件,目前与脚本位于同一个目录中。它只是包含密码字符串。 导致提示的行:
  Read-Host -AsSecureString | ConvertFrom-SecureString | Out-File password.txt
当我删除Read-Host命令时,提示消失,脚本按预期执行。 题 什么是进行远程服务器身份验证的正确方法? 这是脚本上下文中的新代码:
[...]
if(-not(Test-Path $destination)){mkdir $destination | out-null}
Read-Host -AsSecureString | ConvertFrom-SecureString | Out-File password.txt
  $PW = Get-Content password.txt | ConvertTo-Securestring
  $Creds = New-Object -Typename System.Management.Automation.PSCredential -Argumentlist "SERVER02\Administrator",$PW
ForEach ($sourcefile In $(Get-ChildItem $source | Where-Object { $_.Name -match "Daily_Reviews\[\d{1,12}-\d{1,12}\].journal" }))
{
[...]
Copy-Item  $src $destination -Credential $Creds
[...]
}
已邀请:

aut_ut

赞同来自:

如果您不担心机器之间的密码文件的可移植性,您可以使用这种相当安全的方法:

# Capture once and store to file - DON'T PUT THIS PART IN YOUR SCRIPT
$passwd = Read-Host "Enter password" -AsSecureString
$encpwd = ConvertFrom-SecureString $passwd
$encpwd
$encpwd > $path\password.bin
# Later pull this in and restore to a secure string
$encpwd = Get-Content $path\password.bin
$passwd = ConvertTo-SecureString $encpwd
$cred = new-object System.Management.Automation.PSCredential 'john',$passwd
$cred
# NOTE: The "secret" required to rehyrdate correctly is stored in DPAPI - consequence:
#       You can only rehydrate on the same machine that did the ConvertFrom-SecureString
如果您需要调试它以查看$ passwd是否正确,您可以在调试时执行此操作:
$bstr = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($passwd)
$str =  [System.Runtime.InteropServices.Marshal]::PtrToStringBSTR($bstr)
[System.Runtime.InteropServices.Marshal]::ZeroFreeBSTR($bstr)
$str