I have been a Mainframe Software Developer for 52+ years. I am now trying to learn PowerShell. (Old dog, ... new tricks) Your PowerShell videos are excellent. Thank you for teaching an old dog new tricks! You make it so easy to learn new 'stuff'...
Thank you for making this video. This video is an example of how a proper instructional video should look like. I'll check out your other videos when I get a chance.
Good video! We use the hash way but slightly differently. We use it for calling new PSSessions on older versions of SharePoint, like this: $pw = Convert-SecureString -force -String "00110000cdsds" $cred = New-Object -typename system.management.autoamtion.PSCredential("Domain\user", $pw) Your way is MUCH easier! Totally going to be using a "safe"
Thanks for sharing, I knew you could do something like that but never worked through it. I think that is the tough thing about passwords for people who are new or not super strong with PowerShell. There are soo many options. That is why I threw together some of my favorites. Try to give a bunch of options in one place. :) Thanks again.
i was wondering myself about this security thing and password storing, and was coming up with the same solutions, but i didn't know about the credentials manager part. but i see this also requires that you login as the user, and creates the creds. The thing is, i guess its not then possible to use MSA Manage Service accounts to run the task scheduler. i also think for easier creating the encrypted xml, it should be possible to do a invoke-command as a different user, to not need logging out, where it gets easier to manage. And for the secure folder. NTFS permission also needs to be added as well.
Hi Shane, love the videos. Tough question: If I wanted to deploy a package to run a PowerShell script silently via SCCM, the script will run as LocalSystem. If I need to pass credentials to the script to access a file share, any good way of obfuscating the password?
Great video. I am urgently looking for a solution to a problem and I'm wondering if you can tell me if Windows Credentials Manager can be adopted to it. I have an executable that requires the user name and password strings to be passed to it as command-line arguments. For example: MyExecutable.exe /user:{UserNameString or variable} /password:{PasswordString or variable}. How do I retreive the strings from Windows Credentials Manager and pass them as a string or a variable containing the string? Your assistance would be most appreciated.
Hey David - I haven't tried before but I would have guessed the credential manager credential cmdlets I show at the end of the video can do this. But not positive. Sorry I am not more help.
Great video as always... was wondering (probably not) if there's an equivalent workaround for modern authentication (2FA). When I use the CredentialManager method, I was hoping that it would at least get past the credentials part of the authentication and would only be waiting for me to approve (2FA) the login from the authenticator app, but it just brings up the login screen and I still have to manually enter the credentials.
Hey Shane. Great to get started with your videos omn powershell. My question is how to pass an password to e.g. a 7zip encription command ion a command line. Best! Sander (Netherlands)
You just don't do that as 7zip would require some sort of API or why of writing to the software. Powershell and .Net has compress functions, but don't know if they are support the encryption part.
Shane, I tried creating $credentuals = Get-Credential and entered my user ID and password and pressed enter. It came up with the prompt only. Your screen displayed $filename and $credentuals. Why is my screen different?
The 'Connect-MsolService' doesn't seem to work for me. I pass it the credentials and then it brings up a sign in window, asking me to sign into microsoft account. I then sign in with the same credentials and they work. May be it doesn't work for everyone.
Hi Shane, Got a question. Does every user loged on a server has free access to the windows credential manager ? Or has every user his own set of credentials in de windows credential vault ?
Just to clear things up. The password is not hashed inside "secretfile.txt" - if it was hashed there would be no way to reverse it (and the software needs a way to reverse it otherwise it couldn't use the password for authentication) - it's encrypted with "the account key" - that means it's very very hard to decrypt it within windows - because the key is inside a file that windows wouldn't let you access. _(With a live system it can be reversed of course)_
Get info. However, How would you resolve an error like this is Powershell, when attempting to execute certain commands?The term 'Connect-msolService' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again. At line:1 char:20 + Connect-msolService
Never mind I figured it out, see below. $cred = New-Object System.Management.Automation.PSCredential -ArgumentList "$un,$sp" Change to $cred = New-Object System.Management.Automation.PSCredential -ArgumentList ($un,$sp) Not sure why I had to use rounded brackets, but it work. Does anyone have a clue why I need the rounded brackets?
I had to run "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12" in my shell first before I could actually connect to the NuGet repository, prior to that the connection was failing.
Great video Shane ! , I want to automate connecting to Oracle DB through sqlplus and run a sql file, I tried the following way : $password = Get-Content "C:\Passwords\password.txt" | ConvertTo-SecureString $credential = New-Object System.Management.Automation.PsCredential("username",$password) echo exit | sqlplus -S -L username/(Credential.getnetworkCredential()).Password@Database @data.sql > output.txt This is not able to connect to DB , If I enter pain text password it works fine. This is not really a goodway to hide password. Please help me , how to hide password and get the connection to Oracle DB work . I really appreciate your help. Thank you
Hi Shane, I am learning powershell and I added credential manager credentials to my script, which is automatic, but they will disappear every sunday :( Is there any other way other than this?
I looked at this briefly yesterday. There seems to be a lot of web searches that cover it. Can you give any examples of things you have tried or what you are trying to accomplish? Happy to help if I can.
hi.. what i do wrong.. when i just do get-storedcredential i recived message "WARNING: Unable to convert Credential object without username or password to PSCredential object" whan i "$cred = get-storedcredentail -target test" $cred is empty... any tip?
I don't have a direct video 3. I just have a bunch of other stuff. Tell me what you would like to see in the next video and I will try to help. Always looking for new ideas.
Shane Young just more PS videos for newbies like vid 1 &2. Or other video Directed more for those who want to become MS sys admin (automation)or other roles similar in the industry. I want to be prepared, i love your videos btw. :D
I've been trying add computers to a domain, using your passwords with powershell. Then I would push with PDQ deploy. I've been testing on a local machine, before I try a push. It's not working. Could someone take a look, see below. $un = "everest\tr584417" $pw = "Password!" $sp = "$pw" | ConvertTo-SecureString -AsPlainText -Force $cred = New-Object System.Management.Automation.PSCredential -ArgumentList "$un,$sp" Add-Computer -DomainName everest.net -OUPath "ou=desktops,ou=rockford,ou=medplans,ou=us,ou=all-computers,ou=firstsource,dc=everest,dc=net" -Credential $cred The error message, see below. Add-Computer : Value cannot be null. Parameter name: s At line:1 char:1 + Add-Computer -DomainName everest.net -OUPath "ou=desktops,ou=rockford,ou=medplan ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : NotSpecified: (:) [Add-Computer], ArgumentNullException + FullyQualifiedErrorId : System.ArgumentNullException,Microsoft.PowerShell.Commands.AddComputerCommand Now from a local machine I can run this script without any errors, see below. Add-Computer -DomainName everest.net -OUPath "ou=desktops,ou=rockford,ou=medplans,ou=us,ou=all-computers,ou=firstsource,dc=everest,dc=net" -cred everest\tr584417 -pass Remove-Item move.ps1 Restart-Computer The remove-item, is just for security, so as not to have any files on the machine.
I have been a Mainframe Software Developer for 52+ years. I am now trying to learn PowerShell. (Old dog, ... new tricks) Your PowerShell videos are excellent. Thank you for teaching an old dog new tricks! You make it so easy to learn new 'stuff'...
Glad I could help. Mainframe stuff is classic. Very cool. Hopefully PowerShell lives up to what you want.
Great lessons, Shane Young! I love your training style and look forward to watching all of your videos!!! Thanks again.
Talking about delivering the right stuff on time. 3 x hurrah for Shane!
Thanks Even. There are about 40 more videos to follow to help you keep learning.
Hey Shane, thanks for your help. I really appreciate your explanations, and guidance!
Glad to help. 😀
Thank you for making this video. This video is an example of how a proper instructional video should look like. I'll check out your other videos when I get a chance.
You are welcome. 😎
Good video! We use the hash way but slightly differently. We use it for calling new PSSessions on older versions of SharePoint, like this:
$pw = Convert-SecureString -force -String "00110000cdsds"
$cred = New-Object -typename system.management.autoamtion.PSCredential("Domain\user", $pw)
Your way is MUCH easier! Totally going to be using a "safe"
Thanks for sharing, I knew you could do something like that but never worked through it. I think that is the tough thing about passwords for people who are new or not super strong with PowerShell. There are soo many options. That is why I threw together some of my favorites. Try to give a bunch of options in one place. :) Thanks again.
Fantastic Explanation ! Thanks Shane
My pleasure!
Wonderful.. just what I looking for thanks a lot Mr Shane!!
You're very welcome!
Good Stuff! Thanks your video gave me some solutions for some of my scripts
The second method is very useful. thank you.
Welcome 😊
i was wondering myself about this security thing and password storing, and was coming up with the same solutions, but i didn't know about the credentials manager part. but i see this also requires that you login as the user, and creates the creds. The thing is, i guess its not then possible to use MSA Manage Service accounts to run the task scheduler.
i also think for easier creating the encrypted xml, it should be possible to do a invoke-command as a different user, to not need logging out, where it gets easier to manage.
And for the secure folder. NTFS permission also needs to be added as well.
Thanks for sharing
Excellent video, thanks for doing this...
Hi Shane, love the videos. Tough question: If I wanted to deploy a package to run a PowerShell script silently via SCCM, the script will run as LocalSystem. If I need to pass credentials to the script to access a file share, any good way of obfuscating the password?
Not sure. 😑 I am sure there is but I haven’t done it before so I am not much help.
amazing content! Please keep up the good work - subscribed + enabled the bell icon, of course
Awesome. Thanks.
Thank you for your videos you are one of a handful of accounts I subscribe to.
Awesome 🤩 Thanks for the support
You are a star, I’m totally new to PS 😀
Thank you. 😎
Great video. I am urgently looking for a solution to a problem and I'm wondering if you can tell me if Windows Credentials Manager can be adopted to it. I have an executable that requires the user name and password strings to be passed to it as command-line arguments. For example: MyExecutable.exe /user:{UserNameString or variable} /password:{PasswordString or variable}. How do I retreive the strings from Windows Credentials Manager and pass them as a string or a variable containing the string? Your assistance would be most appreciated.
Hey David - I haven't tried before but I would have guessed the credential manager credential cmdlets I show at the end of the video can do this. But not positive. Sorry I am not more help.
Hello Shane, this is great stuff i couldnt find anywhere. Thank you very much
I just loved the video Thank you very much Sir !! You are awesome !!
😻
Great video as always... was wondering (probably not) if there's an equivalent workaround for modern authentication (2FA). When I use the CredentialManager method, I was hoping that it would at least get past the credentials part of the authentication and would only be waiting for me to approve (2FA) the login from the authenticator app, but it just brings up the login screen and I still have to manually enter the credentials.
Great question. I don’t know though. 😐
Hey Shane. Great to get started with your videos omn powershell. My question is how to pass an password to e.g. a 7zip encription command ion a command line.
Best!
Sander (Netherlands)
Not sure. Never have done it. Sorry.
You just don't do that as 7zip would require some sort of API or why of writing to the software. Powershell and .Net has compress functions, but don't know if they are support the encryption part.
Is there an updated link to the source code? "Link to download the PowerShell from the video" is broken.
Hey Tony the web site I hosted in started charging too much. I don’t have any of the code anymore. Sorry 😔
That was Gangsta.... Thank you!
😎
Good Stuff Shane
Thanks 😊
This doesn't seem to work when I'm using MFA though. Any suggestions, sir?
I don’t. Sorry. I am sure there are options. If you tweet me @shanescows I can try to help you find the answer.
cant get it to work...saved file to safe, but how do I call it in my script -credential secretfile...?
Shane, I tried creating $credentuals = Get-Credential and entered my user ID and password and pressed enter. It came up with the prompt only. Your screen displayed $filename and $credentuals. Why is my screen different?
Prompt is correct. I must have done something else.
The 'Connect-MsolService' doesn't seem to work for me. I pass it the credentials and then it brings up a sign in window, asking me to sign into microsoft account. I then sign in with the same credentials and they work. May be it doesn't work for everyone.
Hi Shane,
Got a question. Does every user loged on a server has free access to the windows credential manager ?
Or has every user his own set of credentials in de windows credential vault ?
Each user has his or her own instance of credential manager. Per user.
@@ShanesCows Thank you for you answer ! BTW : I love your powershell videos :-)
Hi Shane, the link to download the powershell is empty :/
Sorry, the site I used no longer is open. :( Sorry.
Is there a way to add a "Generic Credential" to all users?
Not that I know of.
This is so great
Happy to help. Have a great day. 🐶
Just to clear things up. The password is not hashed inside "secretfile.txt" - if it was hashed there would be no way to reverse it (and the software needs a way to reverse it otherwise it couldn't use the password for authentication) - it's encrypted with "the account key" - that means it's very very hard to decrypt it within windows - because the key is inside a file that windows wouldn't let you access. _(With a live system it can be reversed of course)_
Thanks. I agree that hash wasn't the perfect word. Thanks for the better, detailed explanation. - Shane
The credential store is also not the most secure way to store passwords. I believe there is another way by using certificates, wasn't covered here.
Get info. However, How would you resolve an error like this is Powershell, when attempting to execute certain commands?The term 'Connect-msolService' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
At line:1 char:20
+ Connect-msolService
Hi Robert - That is one of the Office 365 cmdlets. To install it I have a video that will help. ua-cam.com/video/rEy2mlFVWa4/v-deo.html
To find a way to over ride a BIOS password on a Microsoft Surface so that I can format the SSD.
Sorry I don't know.
Never mind I figured it out, see below.
$cred = New-Object System.Management.Automation.PSCredential -ArgumentList "$un,$sp"
Change to
$cred = New-Object System.Management.Automation.PSCredential -ArgumentList ($un,$sp)
Not sure why I had to use rounded brackets, but it work.
Does anyone have a clue why I need the rounded brackets?
do you have any powershell examples on managing (creating, modifying) GPOs via Powershell?
I don’t. Sorry.
I don’t. Sorry.
Is there anyway of legally getting copies of your videos for offline viewing. Great reference videos.
+Ian McPherson never thought about it. 😀 email me and we can figure something out. Shane.Young at BoldZebras com
I had to run "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12" in my shell first before I could actually connect to the NuGet repository, prior to that the connection was failing.
Crazy. Glad you got it. 😀
To figure how I can get a Surface Pro that shows its battery as being 255% not to show that %.
Sorry I don't know.
Great video Shane ! , I want to automate connecting to Oracle DB through sqlplus and run a sql file, I tried the following way :
$password = Get-Content "C:\Passwords\password.txt" | ConvertTo-SecureString
$credential = New-Object System.Management.Automation.PsCredential("username",$password)
echo exit | sqlplus -S -L username/(Credential.getnetworkCredential()).Password@Database @data.sql > output.txt
This is not able to connect to DB , If I enter pain text password it works fine.
This is not really a goodway to hide password. Please help me , how to hide password and get the connection to Oracle DB work .
I really appreciate your help. Thank you
amazing ..thanks alot
Hi Shane, I am learning powershell and I added credential manager credentials to my script, which is automatic, but they will disappear every sunday :( Is there any other way other than this?
Hi Megha - What do you mean they disappear?
Whenever the system restarts, the credentials disappear from credential manager
This must be a system policy from your administrator or something. That is not a problem I have ever encountered. Sorry.
Yea I searched on google many people have this problem, thank you for your reply though, I will try to find what’s wrong
Hey
Can you make a video for passing user name and pwd to "windows Security" popup while access webpage
I looked at this briefly yesterday. There seems to be a lot of web searches that cover it. Can you give any examples of things you have tried or what you are trying to accomplish? Happy to help if I can.
Very good
hi.. what i do wrong.. when i just do get-storedcredential i recived message "WARNING: Unable to convert Credential object without username or password to PSCredential object" whan i "$cred = get-storedcredentail -target test" $cred is empty... any tip?
ok , my foult , i notice there is more then one credentail type in credentail menager..
Glad you got it. :)
Great video, thanks for sharing, i also created a video on how to encypt powershell credentials with a certificate. Thats works like a charm as well.
Awesome 😎
To get 2 Microsoft Surface to see that there is a 128gb SSD in itself. So far it does not see those SSD.
Sorry I don't know.
hi i just came from video 2. where is video 3 for PS? im a bit confused with all these new cmdlets :(
I don't have a direct video 3. I just have a bunch of other stuff. Tell me what you would like to see in the next video and I will try to help. Always looking for new ideas.
Shane Young just more PS videos for newbies like vid 1 &2. Or other video Directed more for those who want to become MS sys admin (automation)or other roles similar in the industry. I want to be prepared, i love your videos btw. :D
thanks!
hope you don't mind me saying but Nicola Young looks like Elizabeth Holmes in that black top haha
We both found it funny. 🤩
Thanks..
Looks like you are making your way through all the videos. Glad they are helping. Shane
I've been trying add computers to a domain, using your passwords with powershell. Then I would push with PDQ deploy. I've been testing on a local machine, before I try a push. It's not working.
Could someone take a look, see below.
$un = "everest\tr584417"
$pw = "Password!"
$sp = "$pw" | ConvertTo-SecureString -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential -ArgumentList "$un,$sp"
Add-Computer -DomainName everest.net -OUPath "ou=desktops,ou=rockford,ou=medplans,ou=us,ou=all-computers,ou=firstsource,dc=everest,dc=net" -Credential $cred
The error message, see below.
Add-Computer : Value cannot be null.
Parameter name: s
At line:1 char:1
+ Add-Computer -DomainName everest.net -OUPath "ou=desktops,ou=rockford,ou=medplan ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Add-Computer], ArgumentNullException
+ FullyQualifiedErrorId : System.ArgumentNullException,Microsoft.PowerShell.Commands.AddComputerCommand
Now from a local machine I can run this script without any errors, see below.
Add-Computer -DomainName everest.net -OUPath "ou=desktops,ou=rockford,ou=medplans,ou=us,ou=all-computers,ou=firstsource,dc=everest,dc=net" -cred everest\tr584417 -pass
Remove-Item move.ps1
Restart-Computer
The remove-item, is just for security, so as not to have any files on the machine.
Hey Shane, If I want to ask questions concerning Power Shell is your tweeter adress is Shane Young PowerApps MVP.
@shanescows