Monthly Archives: May 2023

Save Passwords Securely in Windows Using PowerShell

Leave a reply

Passwords are the keys to our digital lives, and it is essential to keep them secure. With so many passwords to remember, it’s easy to fall into the trap of using the same one for multiple accounts or writing them down on sticky notes. However, these practices are not secure and can put your personal data at risk.

In this blog post, we will explore how to save passwords securely in Windows using PowerShell. PowerShell is a powerful tool for managing Windows, and it can be used for password management as well. We will use the ConvertTo-SecureString cmdlet to encrypt the password and then save it as a string in a text file, which can be used by a scheduled task running as the user who needs it.

The first step is to open PowerShell and run the following script:

$password = ConvertTo-SecureString "password here" -AsPlainText -Force

# Get content of the string
[string]$stringObject = $password |  ConvertFrom-SecureString

@"
 [string]`$encPassword = "$($stringObject)"
 [SecureString]`$securePwd = `$encPassword  | ConvertTo-SecureString
 `$password = [System.Net.NetworkCredential]::new("", `$securePwd).Password
"@ | Set-Content -Path "cred.txt"

This script will create a text file named “cred.txt” containing the script to decrypt the password and the encrypted password. The contents will look similar to the following:

[string]$encPassword = "encrypted password"
[SecureString]$securePwd = $encPassword  | ConvertTo-SecureString
$password = [System.Net.NetworkCredential]::new("", $securePwd).Password

Place that code at the top of any PowerShell script you have scheduled, and it will be able to decrypt that password. If your scheduled tasks are running as a user that you can’t start, then use a scheduled task as that user to run the first script and get the code you need.

In conclusion, saving passwords securely is crucial to protecting your personal data. PowerShell provides a simple and effective way to do so in Windows. By following the steps outlined in this blog post, you can securely store your passwords and use them when needed.

Advertisement

Efficiently Retrieve Active Directory Group Members with PowerShell and Caching

Leave a reply

Retrieving Active Directory group members can be a time-consuming process, especially for large groups. This can cause slowdowns in your PowerShell scripts and lead to poor performance. Fortunately, there’s a solution: PowerShell caching. In this post, I’ll show you how to optimize the process of retrieving AD group members with caching, resulting in faster script execution and improved performance.

The “Get-CachedADGroupMembers” Function

The “Get-CachedADGroupMembers” function takes the name of the AD group to retrieve members from.

$cache = @{}
function Get-CachedADGroupMembers {
    param($group_name)
    if ($cache -eq $null) {
        $cache = @{}
    }
    if ($cache.ContainsKey($group_name)) {
        return $cache[$group_name]
    } else {
        $data = ((Get-ADGroupMember -Identity $group_name -Recursive | %{
            if ($_.objectClass -eq "computer") {
                $_.SamAccountName
            } else {
                $_.SamAccountName | Get-ADUser -Properties samAccountName, employeeType 
            }
        } | select samAccountName,employeeType,enabled) | Where {$_.samAccountName -notin $excluded_users})
        $cache[$group_name] = $data
        return $data
    }
}

The function first checks if the $cache variable has been initialized. If it hasn’t, it initializes it as an empty hashtable. It then checks if the group_name exists in the hashtable. If it does, the function returns the cached data. If it doesn’t, the function retrieves the group members using the “Get-ADGroupMember” cmdlet and stores the results in the $data variable. The function then adds the $data variable to the $cache hashtable and returns the $data variable.

The function also uses a pipeline to filter out any members that are computers and to retrieve additional user properties using the “Get-ADUser” cmdlet. Finally, it uses the “Where” cmdlet to exclude any users in a specified list of excluded users.

Conclusion

By using PowerShell caching, you can significantly speed up the process of retrieving Active Directory group members, resulting in faster script execution and improved performance. The “Get-CachedADGroupMembers” function is a simple and effective way to implement caching in your PowerShell scripts. Give it a try and see how much time you can save!

Automating DHCP Scope Option Removal with PowerShell

Leave a reply

If you’re managing a large network with multiple DHCP servers, you know how tedious it can be to manually remove DHCP scope options. Fortunately, PowerShell can help automate the process and make network management much more efficient. In this post, we’ll walk you through a PowerShell function that can remove DHCP scope options with just a few lines of code.

The “Remove-DhcpScopeOptions” Function

The “Remove-DhcpScopeOptions” function takes two parameters: the name of the DHCP server and a switch for the “-WhatIf” parameter. The “-WhatIf” parameter allows you to see what the function would do without actually making any changes.

function Remove-DhcpScopeOptions {
  [CmdletBinding(SupportsShouldProcess=$true)]
  param (
    [Parameter(Mandatory=$true)]
    [string]$ComputerName,
    [switch]$WhatIf
  )

  # Get all DHCP scopes on the server
  $scopes = Get-DhcpServerv4Scope -ComputerName $ComputerName

  # Get all options for the DHCP server
  $serverOptions = Get-DhcpServerv4OptionValue -ComputerName $ComputerName

  # For each scope, get the options and compare them to the server-level options
  foreach ($scope in $scopes) {
    $scopeOptions = Get-DhcpServerv4OptionValue -ScopeId $scope.ScopeId -ComputerName $ComputerName

    # For each option in the scope, check if it exists at the server level with the same value
    foreach ($option in $scopeOptions) {
      $serverOption = $serverOptions | Where-Object { $_.OptionId -eq $option.OptionId }
      if ($serverOption -ne $null -and $serverOption.Value -eq $option.Value) {
        # If the option exists at the server level with the same value, remove it from the scope
        if ($WhatIf) {
          Write-Host "What if: Removing option $($option.OptionId) from scope $($scope.ScopeId) on DHCP server $ComputerName."
        } else {
          Remove-DhcpServerv4OptionValue -ScopeId $scope.ScopeId -OptionId $option.OptionId -ComputerName $ComputerName -Confirm:$false
        }
      }
    }
  }

  # Replicate the scopes to all DHCP servers in the enterprise
  if (!$WhatIf) {
    Invoke-DhcpServerv4ReplicateScopes -ComputerName $ComputerName
  }
}

How it Works

The “Remove-DhcpScopeOptions” function works by first getting all DHCP scopes on the server using the “Get-DhcpServerv4Scope” cmdlet. It stores the results in the $scopes variable. It then gets all options for the DHCP server using the “Get-DhcpServerv4OptionValue” cmdlet and stores the results in the $serverOptions variable.

For each DHCP scope, the function gets the options using the “Get-DhcpServerv4OptionValue” cmdlet and stores the results in the $scopeOptions variable. It then compares the options in each scope to the server-level options and removes any options that exist at the server level with the same value. Finally, the function replicates the scopes to all DHCP servers in the enterprise.

Example

Remove-DhcpScopeOptions -ComputerName "dhcpserver01" -WhatIf