Months before I wrote a post about passwords in scripts. In this post I solved the “problem” with encryption using certificates. This time I will show how to encrypt passwords in scripts with the SID (Security Identifier) of the user.

Before we start here is the link to the blog post mentioned: PowerShell: Encrypt and store your Passwords and use them for Remote Authentication (Protect-CmsMessage)

Now let’s move to another method: Encrypting with the user SID.

Let’s say we want to connect to our Office 365 portal. But we do not want to enter the password every time.

Password Encryption

The code below encrypts the password 1234user! with the users sid.

$password='1234user!'

$password=ConvertTo-SecureString -String $password -AsPlainText -Force 

What’s in $password? A secure string!

Now we can convert the secure string to a encrypted standard string. Don’t worry the newly created string does not show up our password 1234user!

$password | ConvertFrom-SecureString

Using the Encrypted Standard String in Scripts

Now we are ready to use the standard string for remote actions like logging into Office365 or logging into Exchange Online or whatever.

Here is the code for logging into Azure AD.

$user = 'p.gruenauer@sid-600.com'
$pass = "01000000d08c9ddf0115d1118c7a00c04fc297eb01000000ea016536efe4744bb4a77103e98ddefa00000000020000000000106600000001000020000000044d9a296bbb9c4339e6a4ab7584c422046e796dbfe6198ad0cbc325554bd36b000000000e800000000200002000000013367bb65754126cbfb1b68b6c2fe13e445a9e963232b2f33eea2bc522375d04200000000b52993f4aa8f1bf8924ca48866d85d35fa2d590b63792da46392015f8ebf31a4000000013a73aece10a860fd4e22728ceb9eb6c6384be9c173c074c11ab31704988fe1831e2cbdd97f3dc33f95d46ef3d6b7304235fa4f5945a6c27c586d4630f140642" |
ConvertTo-SecureString

$cred = New-Object System.Management.Automation.PSCredential($user,$pass)
Connect-AzureAD -Credential $cred

Fine, that’s it.

See you next time with PowerShell!