How to Pass Credentials in PowerShell

In this post we are going to look at the multiple different ways to use user credentials in PowerShell.

Bare in mind, the examples listed in this post aren’t the only options available when it comes to using credentials in PowerShell, but these examples are a good place to start.

$username = “domain\username”$password = “NotSecurePassword”
$Credentials = New-Object System.Management.Automation.PSCredential$Username,$Password Manuel entry for single command use:$Credentials = Get-Credential

By specifying the ‘Get-Credential’ cmdlet we can enter the user credentials we require

For a script with multiple commands requiring credentials –

You will need to do something similar to the below example as to avoid having to continually input your credentials.

In summary, we are going to enter the required domain password, pass it to the ‘ConvertFrom-SecureString’ cmdlet, which will save the password to a text file in a encrypted string format at the file path C:\test\password.txt

$Credentials = Get-Credential$Credentials.Password | ConvertFrom-SecureString | Set-Content C:\test\password.txt
$Username =$Credentials.Username
$Password = Get-Content “C:\test\password.txt” | ConvertTo-SecureString$Credentials = New-Object System.Management.Automation.PSCredential $Username,$Password

Not necessary but if you want to pass your domain password into it’s own variable you can do this:

$Password =$Credentials.GetNetworkCredential().Password

Avoid putting in the domain/username field –

Alternatively if you want to save putting in both your username and your password every time you run the script, you can set it so you will only need to input your password when the script runs.

To do this you would put your domain\username in the script, similar to this –

$username = “domain\username” and then include the below command at the beginning of the script, which will force you to enter in your domain password upon running the script. read-host -assecurestring | convertfrom-securestring | out-file C:\test\password.txt It will look similar to this:$username = “domain\username”
$password = cat C:\test\password.txt | convertto-securestring$cred = new-object -typename System.Management.Automation.PSCredential -argumentlist $username,$password

Just like the example above, this will export your domain password to the C drive test folder in an encrypted text document.

7 thoughts on “How to Pass Credentials in PowerShell”

1. Ben

nice..please remember, proper English is to use the word ‘below’ after the object you’re talking about..
in other words, pilots wouldn’t say ‘hey , look at the below objects!” they would instead say, ‘hey,look at the objects below’.
why do people in IT think it’s OK to say things like ‘look at the below table’ instead of ‘look at the table below’?
when did that become the norm?

Like

haha I’ll keep it in mind next time I use the phrase. Thanks

Like

• Michael Liben

Probably Yoda or Reverse Polish Notation (remember those HP calculators?)

Like

• Ben2

Why do programmers have to be so edgy.
I think its reasonable and a great webpage and am quite tired of programmers like ben.

Like

2. Vivek Sharma

I think we have missed a lot here

The first set of code will never run, where you are entering the password manually. You ar enot converting it to secure string and PSCredential will not accept it as proper input.

Wont’t work

==================================================================================
$username = “domain\username”$password = “NotSecurePassword”
$Credentials = New-Object System.Management.Automation.PSCredential$Username,$Password ==================================================================================== Will Work =============================================================================$username = “domain\username”
$password = “NotSecurePassword” | ConvertTo-SecureString -AsPlainText -Force$Credentials = New-Object System.Management.Automation.PSCredential $Username,$Password
============================================================================

Or better Try this one liner
============================================================================
$Credentials = New-Object System.Management.Automation.PSCredential domain\username,(‘NotSecurePassword’ | ConvertTo-SecureString -AsPlainText -Force) Regards, Vivek Sharma Like 3. oliv An another way : Save credentials in a .xml file and use it (them) later$Account = “MyDomain\MyAccount”
$AccountPassword = “123456” | ConvertTo-SecureString -AsPlainText -Force$Credentials = New-Object System.Management.Automation.PSCredential($Account,$AccountPassword)
# and for later use, export it to a file
$Credentials | Export-CliXml -Path c:\temp\credential.xml # Perhaps better, sore all credentials in a unique .xml file and use it later$Directory = “C:\temp”
$PasswordFile = Join-Path -Path$Directory -ChildPath “AllCredentials.xml” # Define a HashTable that contains multiples credentials
$Hash = @{ Srv1 = Get-Credential -Message “Please enter the credentials for Account on SRV1 – form : Domain\Account or IP\Account or Machine\Account” Srv2 = Get-Credential -Message “Please enter the credentials for Account on SRV2 – form : Domain\Account or IP\Account or Machine\Account” Srv3 = Get-Credential -Message “Please enter the credentials for Account on SRV3 – form : Domain\Account or IP\Account or Machine\Account” } # Show$hash : it contains all credentials
$Hash | Export-Clixml -Path$PasswordFile

# later you can add a new value in he hash table with the method add (key, value)
$hash.add(“Srv4” , (Get-Credential -Message “Please enter the credentials for Account on SRV3 – form : Domain\Account or IP\Account or Machine\Account”)) # You can use later by importing the previously saved credential$Credentials = Import-Clixml -Path $PasswordFile Invoke-Command -ComputerName srv1 -Credential$Credentials.Srv1 -ScriptBlock { MyCommand}
Invoke-Command -ComputerName srv2 -Credential $Credentials.Srv2 -ScriptBlock { MyCommand} Invoke-Command -ComputerName srv3 -Credential$Credentials.Srv3 -ScriptBlock { MyCommand}
Invoke-Command -ComputerName srv4 -Credential $Credentials.Srv4 -ScriptBlock { MyCommand} # Biggest advantages : easy to implement and 100% secure. # : The file contain multiples passwords, AND Domain\accounts or machine\accounts # Biggest drawback : Only use on the same account on the same computer # Limitation : Only use on the same account on the same computer, # but you can generate the hash with a runas “AccountthatRunTheScheduledTask” # and one limitation disappears. Like 4. JABIR Just a thought; I think if we keep the passwords in the text file (even though its in a secure form) and once the file is in the wrong hands, one can decrypt the password easily by running the command below:$(New-Object System.Management.Automation.PSCredential “a”,\$(Get-Content path\to\password.txt | ConvertTo-SecureString)).GetNetworkCredential().Password

Like