use of credential-entry in embedded powershell-script

Hi Markus,

With the RDM PowerShell session, you can embed a script and use as many credentials as you want. Here is a sample of this possibility.

1- Create a PowerShell session entry type.



2- In the new PowerShell session properties, set the Credentials property you want to use as the authentication. Enable the Load RDM CmdLet option. Then set the Embedded Script option and click on the Edit embedded script link to open the script editor.



3- In the following script, I use the $USERNAME$ and $PASSWORD$ RDM variables to use the PowerShell session credential. And the second credential is fetch using the RDM PowerShell cmdlets.



Here is the result of this embedded PowerShell script.



I hope you get the overall idea of this sample. It is important to enable the Allow password in variable option in both the PowerShell entry and the linked credential entry to be able to use the RDM variables. Let me know if you have any questions about it.

Best regards,

Hi Erica,
thank you for your suggestion. I was hoping to get you looking into my question 😁

But if i enable "Load RDM cmdlet" it is asking for credentials in first place and after that it's processing my script.
So 1st credentials are processed after credentials-dialogue.
I have RDM 2020.3.16.0 - is there a change in behaviour in version you use?

KR
Markus

Hi Markus,

Is your RDM data source configured to prompt for your credentials?

If so, that's a normal behaviour as loading the RDM PowerShell module will load the DVLS data source in an independent context and will prompt for your credentials.

Best regards,

Hi Erica,

yes, I have no credentials configured. The whole idea is to move the script into RDM to store credentials and token in a secure place without anyone else to be able to use it.
Would it work if I load the module manually within the script after processing the credential-variables?

And last but not least:
Can I run a powershell script automated within RDM/DPS like synchronizer-sessions?

Hi Erica,

Note: I have to use single quotes for $pw. If I use double quotes a password containing $ gets cut at the position of $.

Hi Markus,

Sure it is possible to connect to a data source and provide the credentials. Here is a sample of commands to achieve this. Be sure that the password variable has been converted to a secure string format.

Import-Module RemoteDesktopManager.PowerShellModule
$ds = Get-RDMDataSource -Name 'DVLS'
Set-RDMCurrentDataSource $ds -Username $user -Password $passwd

About the double quotes, I should have used single quote in my screen capture instead of double quotes to avoid that behaviour. The following article explains how PowerShell deals with quotes.
https://devblogs.microsoft.com/scripting/weekend-scripter-understanding-quotation-marks-in-powershell/

Best regards,

Hi Erica,

I got my script up and running. Thank you.

Last Question: Can I run it automated with DPS Scheduler or another possibility?

Hi Markus,

Thank you for your feedback and glad that you got your script running.

Sadly, there is no task scheduler available in DVLS to automatically run a script. But you can create your own scheduled task on the machine where the script will be run and use the RDM Command Line Arguments to open the PowerShell script entry you have created. Please see this online article about it.
https://kb.devolutions.net/rdm_command_line_arguments.html

Best regards,

Hi Erica,
I've looked into it, but it won't work.

it requires saved credentials, which is the goal to remove ...
we would need to change one exposed credential with another ...

Hi Markus,

Indeed to use the command line arguments, you need to have a data source with saved credentials. Sorry that I sent you on a wrong path.

I have tested something else and again that doesn't work. Because the Open-RDMSession cmdlet will open another RDM instance and again will prompt for the credentials, I'm still unable to complete the task. Here is what I have done so far.

$username = "MyUsername"
$passwd = ConvertTo-SecureString -AsPlainText -Force "MyPassword"
$dsID = "b0637f1d-cb2b-4727-8726-3f602e75bb5e"
Import-Module RemoteDesktopManager.PowerShellModule
Set-RDMCurrentDataSource -ID $dsID -Username $username -Password $passwd
$session = Get-RDMSession -Name TestScript
Open-RDMSession -ID $session.ID -ForceExternal -Silent

I am not even sure if it's possible. Let me ask my colleagues and will keep you posted.

Best regards,

Hi Erica,

thank you for your help.

It would be great if there is a solution for such tasks.
We have a lot of sync-scripts that ATM run on a server with credentials in windows credential store and it would be great if there is a possibility of running scripts in DPS/RDM without the need of external interaction. this way we could make sure everything is safe.

Hi Erica,

is there already a solution or is it WIP?

Hi Markus,

Thank you for asking.

Actually, the RDM PowerShell module requires information to authenticate on the data source. A solution could be to start the scheduled task using a domain service account and enable the Windows Authentication option in the data source configuration. The service account must exist in the DVLS users to be able to connect. Is it a viable solution for you?

Best regards,

For sure to utilize the order line contentions, you really want to have an information source with saved accreditations. Sorry that I sent you on an off-base way.

Hello,

Thank you for your feedback @sararose6t.

It's indeed preferable to have the credentials saved in the data source.

This page provide some information on how to use the RDM PowerShell.
https://kb.devolutions.net/kb_rdmpowershellcore.html

Let me know if you need further information.

Best regards,