API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Apr 17th, 2017
96
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.27 KB | None | 0 0
raw download clone embed print report
  1. function Export-PSCredential
  2. {
  3. <#
  4. .SYNOPSIS
  5. Exports a credential object into an XML file or registry value with an encrypted password. An important note is that the encrypted password can ONLY be read by the user who created the exported file
  6. unless a passphrase is provided.
  7.  
  8. .PARAMETER Credential
  9. Specifies the Credential to export to a file. Use Get-Credential to supply this.
  10.  
  11. .PARAMETER Path
  12. Specifies the file to export to. Default is (CurrentDir)\encrypted.xml.
  13.  
  14. .PARAMETER RegistryPath
  15. Specifies the path to the registry to export the credentials to. Use HKLM and HCKU for HKEY_LOCAL_MACHINE and HKEY_CURRENT_USER respectively. Example: HKCU:\Software\Acme Inc\MyCredentials
  16.  
  17. .PARAMETER Name
  18. Specifies the name of the registry value to store the credentials under. Only specify with RegistryPath.
  19.  
  20. .PARAMETER KeyPhrase
  21. Specifies the key phrase to use to encrypt the password. If not specified, then a key derived from the user's AD Account is used. This makes the password only decryptable by the user who encrypted it.
  22. If a key is specified, then anybody with the key can decrypt it.
  23.  
  24. .EXAMPLE
  25. PS> (Get-Credential bsti) | Export-PSCredential
  26. # Encrypts the credential for username bsti and exports to the current directory as encrypted.xml
  27.  
  28. .EXAMPLE
  29. PS> (Get-Credential bsti) | Export-PSCredential -Path C:\temp\mycreds.xml
  30. # Encrypts the credential for username bsti and exports to the current directory as encrypted.xml
  31.  
  32. .EXAMPLE
  33. PS> (Get-Credential bsti) | Export-PSCredential -RegistryPath "HKCU:\Software\Acme Inc\MyCreds" -Name "switch1"
  34. # Encrypts the credential for username bsti and exports to the registry at the given path, under the value switch1.
  35.  
  36. .EXAMPLE
  37. PS> (Get-Credential bsti) | Export-PSCredential -Path C:\temp\mycreds.xml -KeyPhrase "ThisisMyEncryptionPassword123"
  38. # Encrypts the credential for username bsti and exports it to the filesystem. Anyone with the keyphrase can decrypt it.
  39.  
  40. .OUTPUTS
  41. Returns the [System.IO.FileInfo] object representing file that was created or the path to the registry key the credentials were exported to.
  42.  
  43. #>
  44.  
  45. [CmdletBinding(SupportsShouldProcess=$true,DefaultParameterSetName="filesystem")]
  46. param
  47. (
  48. [Parameter(Mandatory=$true,ValueFromPipeline=$true)]
  49. [Management.Automation.PSCredential] $Credential,
  50.  
  51. [Parameter(ParameterSetName="filesystem")]
  52. [ValidateScript({ Test-Path -Path (Split-Path -Path $_) -PathType Container } )]
  53. [string] $Path = $(Join-Path -Path (Get-Location) -ChildPath "encrypted.xml"),
  54.  
  55. [Parameter(Mandatory=$true,ParameterSetName="registry")]
  56. [string] $RegistryPath,
  57.  
  58. [Parameter(Mandatory=$true,ParameterSetName="registry")]
  59. [string] $Name,
  60.  
  61. [string] $KeyPhrase
  62. )
  63.  
  64. process
  65. {
  66. foreach ( $cred in $Credential )
  67. {
  68. # Create temporary object to be serialized to disk
  69. $export = "" | Select-Object Username, EncryptedPassword
  70.  
  71. # Give object a type name which can be identified later
  72. $export.PSObject.TypeNames.Insert(0,"ExportedPSCredential")
  73. $export.Username = $Credential.Username
  74.  
  75. # Encrypt SecureString password using Data Protection API
  76. # Only the current user account can decrypt this cipher unless a key is specified:
  77.  
  78. $params = @{}
  79. if ( $KeyPhrase )
  80. {
  81. $params.Add("Key", (Get-EncryptionKey -KeyPhrase $KeyPhrase))
  82. }
  83.  
  84. $export.EncryptedPassword = $Credential.Password | ConvertFrom-SecureString @params
  85.  
  86. if ( $PSCmdlet.ParameterSetName -ieq "registry" )
  87. {
  88. # Export to registry
  89.  
  90. # Make sure the registry key exists:
  91. if ( !(Test-Path -Path $RegistryPath) )
  92. {
  93. New-Item -Path $RegistryPath -Force | Out-Null
  94. }
  95.  
  96. # Set/Update the credential in the registry store:
  97. Set-ItemProperty -Path $RegistryPath -Name $Name -Value ("{0}:{1}" -f $export.UserName, $export.EncryptedPassword) -Force
  98. }
  99. else
  100. {
  101. # Export using the Export-Clixml cmdlet
  102. $export | Export-Clixml $Path
  103.  
  104. # Return FileInfo object referring to saved credentials
  105. Get-Item -Path $Path
  106. }
  107. }
  108. }
  109. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!