Forum / Remote Desktop Manager - PowerShell Repository

Using a password without having to enable 'View Password'

  • Create an Issue
  • Cancel

I want to use a common password stored in our RDM DB in a powershell script, but I don't want the person executing the script to know the password.

The documentation I've seen thus far indicated the credential must be flagged to view the password. Am I missing something?

If I'm indeed correct, maybe it should be a Feature Request for a PS Function to be created that can retrieve the Credential from RDM and return it to the user as a SecureString variable. This would allow for use/reuse by the user without knowing it.

Something like

$secrecredential = "PasswordFromRDMGoesHere" | ConvertTo-SecureString -AsPlainText -Force

Of course, you should probably log this separately in the session logs since once it's in a variable it could be 're-used' multiple times within a session with only 1 logged action of it being used.

Clock4 yrs

Hi,
I think that I have an idea on how could add this in a PowerShell entry type. I'm not sure if it will work but we will try it.

Regards

David Hervieux

signaturesignature

Clock4 yrs

Hi Christopher,

There is a security issue to create a command in PowerShell that returns the password as secure string to an user that shouldn't be able to view the password because there are ways to convert the secure string variable as string and be able to view the password.

Here's a way:

$Ptr = [System.Runtime.InteropServices.Marshal]::SecureStringToCoTaskMemUnicode($secureString)
$result = [System.Runtime.InteropServices.Marshal]::PtrToStringUni($Ptr)
[System.Runtime.InteropServices.Marshal]::ZeroFreeCoTaskMemUnicode($Ptr)
$result

Best regards,

Olivier Désalliers

signaturesignature

Clock4 yrs