Skip to content
Tech Shizz Logo

An Engineers Blog

  • TechShizz
  • blog

PowerShell | Script Password Encryption | For Multi Site Administration

Posted on February 23, 2021 By rich No Comments on PowerShell | Script Password Encryption | For Multi Site Administration

With this we can centrally place PS scripts in OneDrive, and they will work on any machine (only if it has access to the AES key.) It’s easy to set up and I’ve scripted a credential update script so if a username or password changes anyone can update the credentials without messing with the script.

 Steps to set this up on a client server are:

  1. Create a One Drive for your IT Company, install on all Client servers. For my testing I used C:ICU as my one drive folder.Path to one drive folder must be standardized across all clients or the scripts wont work. So if we setup onedrive in the Root of C: on each server that would do this no problem.
  2. Add a text file in C: containing the Clients name .. eg. “Beech”
  3. Put the AES.key file in the Root of the One Drive folder. [ C:ICUAES.key ] 
  4. Create a corresponding Folder for each client in the One Drive folder. Foldername MUST be exactly the same as the Client name ine the text file. [ C:ICUBeech ]
  5. Run the Credential Updater | Insert the credentials. This will create the relevant files to store the credentials in the client’s folder (this can be done on ANY computer on ANY username.
  6. Configuration is complete | Run your desired script – you can now run any script that requires credentials without entering them!

The script in this example is used to remote into Office 365 but it could be adapted for anything.

The scripts will only work where they have access to the AES key file which was randomly generated 32 bit encryption key. As long as your company’s admin account password remains a secret there should be no security issue (Unless someone steals the HDD of the server) but you could get around that with Bit Locker.

Scripts

Creating a Key File

$KeyFile = "C:ICUAES.key"
$Key = New-Object Byte[] 32   # You can use 16, 24, or 32 for AES
[Security.Cryptography.RNGCryptoServiceProvider]::Create().GetBytes($Key)
$Key | out-file $KeyFile

Credential Updater

$client = Read-Host "Enter Client Folder"
$PasswordFile = "C:ICU$clientPassword.txt"
$key = Get-Content C:ICUAES.key
Read-Host "Enter Office 365 Tenant ID" | Out-File "C:ICU$clientUserID.txt"
$password = Read-Host "Enter Password" -AsSecureString
$password | ConvertFrom-SecureString -key $key | Out-File $PasswordFile

Script to connect to Office 365 Exchange Online

$clientname = Get-Content C:client.txt -Raw
$user = Get-Content C:ICU$clientnameUserID.txt
$PasswordFile = "C:ICU$clientnamePassword.txt"
$KeyFile = "C:ICUAES.key"
$key = Get-Content $KeyFile
$UserCredential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $User, (Get-Content $PasswordFile | ConvertTo-SecureString -Key $key)
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $UserCredential -Authentication Basic -AllowRedirection
Import-PSSession $Session

Post navigation

❮ Previous Post: Reporting Mailbox Folder Sizes with PowerShell
Next Post: Deploying Office via Group Policy ❯

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors

Subscribe to our newsletter!

Recent Posts

  • How to implement a lightning-fast ransomware playbook
  • How to achieve defence in depth in your business
  • How to implement a SecOps team phishing response plan
  • How to block an Office 365 Sign-in correctly
  • Microsoft finally patched serious Exchange 0-day over a month old!

Recent Comments

    Archives

    • November 2022
    • July 2021
    • March 2021
    • February 2021

    Categories

    • Cyber Security
    • Uncategorized

    Meta

    • Log in
    • Entries feed
    • Comments feed
    • WordPress.org

    Copyright © 2023 .

    Theme: Oceanly News Dark by ScriptsTown