Do parameters / arguments get sent over the network in plain text or encrypted
I have a powershell script that I'd like to push out that will remove a computer off a domain, and add to a different domain. I can't use the get-credential cmdlet if it is being pushed out silently. I'd like to pass my credentials as a parameter that gets converted to a secure string within the script. My question is if I push out a script like the following:
Join-Domain.ps1 -OldDomain "MyOldDomain.local" -OldDomainPassword "My Password"
Will it be sent over plain text?
0
Comments
Hi,
As it turns out, when you deploy a package with PDQ Deploy, the package will be sent in plain text. So, if you're using a .ps1 file in an Install Step with a password as a parameter, it will be sent in plain text and the password would be visible.
As an alternative, however, you may look into encrypting your credentials and saving them to a separate file. I recently had a blog post about this topic: http://www.adminarsenal.com/admin-arsenal-blog/secure-password-with-powershell-encrypting-credentials-part-2
That blog is specifically about encrypting credentials and saving them to a file so that you can refer to them in your scripts without having to directly provide the credential.
It is worth noting, however, that anybody who has your AES key can decrypt your password file, so I would make certain to use proper file permissions and lock down access to those files. Anybody who can read the AES key can decrypt any data that was encrypted with it.
Cheers,