Passer au contenu principal
  • Passer des commandes rapidement et facilement
  • Afficher les commandes et suivre l’état de votre expédition
  • Créez et accédez à une liste de vos produits
Certains numéros d’article ont peut-être changé. Si ce n’est pas ce que vous recherchez, essayez de faire une recherche sur tous les articles. Rechercher des articles

Dell Command PowerShell Provider Secure Password feature

Résumé: Dell Command | PowerShell Provider (DCPP) Secure Password feature, ConvertTo-SecureString, ConvertFrom-SecureString

Cet article concerne Cet article ne concerne pas Cet article n’est associé à aucun produit spécifique. Toutes les versions du produit ne sont pas identifiées dans cet article.

Instructions

Affected Products:

  • Dell Command | PowerShell Provider

The concept behind secure passwords is that in production scripts we should not pass important passwords as plain view. This is a serious lack of security. So, using PowerShell we can secure a password or at least reduce password visibility. We first discuss general aspects of secure string and then discuss how Dell Command PowerShell Provider (DCPP) leverages the innate feature of PowerShell to secure password.

Consider that we want to read the username and password from the user at the console. We know that the username generally does not require any security and it can be visible to all. But for password we should not let strangers know the user’s password. We can facilitate this requirement with the commands as below:

$user = Read-Host "Enter Username"

$pass = Read-Host "Enter Password" -AsSecureString

The above is an overview of how we can add more security when we must secure critical information like a password. In the example above, the variable $pass is of type System.Security.SecureString. We get an introduction to two other widely used cmdlets PowerShell provides to facilitate secure fields before touching upon aspects of DCPP.

The two commands are ConvertTo-SecureString and ConvertFrom-SecureString. ConvertTo-SecureString converts a plain text to type System.Security.SecureString. An example is shown below:

"P@ssword1" | ConvertTo-SecureString -AsPlainText -Force

In the above example, the plain text P@assword1 is converted to type System.Security.SecureString. This is more of an information and may or may not be widely used.

The next cmdlet ConvertFrom-SecureString is a more widely used cmdlet which is used to convert secure strings into encrypted standard strings. The main limitation of ConvertTo-SecureString is that its output cannot be directly written into a file for future use. We have to use ConvertFrom-SecureString which converts System.Security.SecureString into an encrypted standard string which can be conveniently saved to a file, to overcome this limitation.

We are converting plain text P@ssword1 to secure string and then piping its output to ConvertFrom-SecureString to get an encrypted string which can safely and conveniently be saved into a file.

As an example, let us say on a computer if the admin password has been set and we must save this to a file. We can do this using:

Read-Host "Enter Admin Password" -AsSecureString |
ConvertFrom-SecureString | Out-File "C:\Scripts\AdminPassword.txt"

We can retrieve back this admin password into a variable as a secure object as:

$pass = Get-Content "C:\Scripts\AdminPassword.txt" | ConvertTo-SecureString

Now to consider how to leverage a secure password for DCPP. In DCPP, if the user’s computer has either System or Admin password set then for all set commands we have to pass the respective password. So, providing this password as plain text breaches security. We have to pass the password as System.Security.SecureString. Also, when we pass a SecureString password we have to pass it with a -PasswordSecure switch and not the normal –Password switch. An example is shown below where the user is trying to set AdvancedBatteryChargeCfg to Disabled and passing SecureString password:

Set-item AdvancedBatteryChargeCfg disabled –PasswordSecure $pass

Here $pass holds the system and admin password and is of type System.Security.SecureString. Similar to the above discussion we can read $pass as:

$pass = Read-Host "Enter system/admin password" –AsSecureString

We can save $pass to a file, if required, as:

$pass| ConvertFrom-SecureString | Out-File "C:\Scripts\AdminPassword.txt

Informations supplémentaires

Produits concernés

Dell Command | Powershell Provider
Propriétés de l’article
Numéro d’article: 000146459
Type d’article: How To
Dernière modification: 18 Jul 2024
Version:  8
Trouvez des réponses à vos questions auprès d’autres utilisateurs Dell
Services de support
Vérifiez si votre appareil est couvert par les services de support.