Quickly and securely storing your credentials – PowerShell

During the last PowerShell event I quickly demo’ed the Export-CliXml functionality to quickly, easily, and most importantly, securely store credentials to a file. In this article I will describe the following three steps:

  • Store credentials in a variable
  • Export the variable to a file
  • Import the credential object from the file into a variable

To get a credential object we can either manually create one or use the Get-Credential cmdlet to prompt for the account details:

1
$Credential = Get-Credential

To store the credentials into a .cred file:

1
$Credential | Export-CliXml -Path "${env:\userprofile}\Jaap.Cred"

And to load the credentials from the file and back into a variable:

1
2
$Credential = Import-CliXml -Path "${env:\userprofile}\Jaap.Cred"
Invoke-Command -Computername 'Server01' -Credential $Credential {whoami}

StoreCredentials

The advantage of this methodology is that you can leverage the versitility of PowerShell to ensure that the data is not only exported, but also stored in a secure manner using secure strings. It should be noted that these credential files that are created can only be opened by the same user on the same system. It can be used to store any type of credentials, both local accounts and domain accounts can be saved in this manner.

Note that you are not limited to storing a single set of credentials in this manner, you could use any number of accounts, for example the following example will prompt for 3 different sets and store them in a hash table. This can then be exported/imported in a similar manner:

1
2
3
4
5
6
7
8
9
10
$Hash = @{
    'Admin'      = Get-Credential -Message 'Please enter administrative credentials'
    'RemoteUser' = Get-Credential -Message 'Please enter remote user credentials'
    'User'       = Get-Credential -Message 'Please enter user credentials'
}
$Hash | Export-Clixml -Path "${env:\userprofile}\Hash.Cred"
$Hash = Import-CliXml -Path "${env:\userprofile}\Hash.Cred"
Invoke-Command -ComputerName Server01 -Credential $Hash.Admin -ScriptBlock {whoami}
Invoke-Command -ComputerName Server01 -Credential $Hash.RemoteUser -ScriptBlock {whoami}
Invoke-Command -ComputerName Server01 -Credential $Hash.User -ScriptBlock {whoami}

TwitterLinkedInFacebookGoogle+RedditWordPressEmailTumblrPinterestHacker NewsShare

Recap of first DuPSUG – PowerShell Saturday

Last weekend as DuPSUG we organized the first Dutch PowerShell Saturday. Within three days we had to instate a waiting list for attendees to sign up on, as we had run out of tickets. To meet the demand for this unique events, we were lucky enough to be sponsored by the following four companies: Platani, Sapien Technologies, PowerTheShell and Manning Publications.

During the event we had the following sessions and speakers:

Furthermore there was the PowerQuiz, a twenty-one question quiz to encourage team work and to put some energy back into the room after lunch. The questions and answers are available here:

PowerQuiz – PowerShell Quiz

PowerQuiz

For more information in regards to PowerShell Saturdays or if you are interested in hosting a similar event locally feel free to reach out as I am always happy to share out lessons learned from organizing this event.

For more information about the topics in this article please visit the links below:

Links in this article
PowerShell DSC and Windows Containers, the Perfect Match – GitHub
Lock down your System, no more Admins – GitHub
PowerQuiz – PowerShell Quiz
Dutch PowerShell User Group – DuPSUG

PowerShell Fundamentals May 2016 – Experts Live on Tour

Today I was invited by Experts Live to take a group of enthusiastic IT professionals through the basics of PowerShell and give them some guidance on the how, what and why of PowerShell. In the last six months this is the third time I have presented or taught a group of IT pros with Experts Live. Today I presented the PowerShell portion of the day and Bert Wolters represented Experts Live in order to increase the engagement in technical communities.

Today I walked the group through the following subjects in an interactive demo based program:

  • PowerShell fundamentals
  • Using variables and working with Objects
  • Loops, operators and flow control
  • PowerShell modules, snap-ins and functions
  • PowerShell tips from the field

During the day I mentioned a number of learning resources to, some of the topics I mentioned are listed below:

I have posted the assignments, slides and supporting documentation to GitHub, to view the files click here:

If you attended the session today and a feedback form will be filled out soon, if you have any suggestions for this session or any potential follow up sessions you would be interested in be sure to fill out the form. As I mentioned today if you have any questions in regards to the content we discussed today, feel free to reach out to me directly.

For more information about the topics in this article please visit the links below:

Links in this article
How to learn PowerShell
PowerShell Fundamentals – Course materials – GitHub
Experts Live on Tour

 

Path of Linux User-Mode filesystem in Windows 10

Over the past few weeks I have been using the new functionality in the latest Windows 10 insider builds that allows you to run Ubuntu in User Mode on Windows 10. Or as it is also known: Windows Subsystem for Linux. The file system of Ubuntu is located at the following location:

%userprofile%\appdata\local\lxss

To navigate to this location from PowerShell the following code can be used:

1
2
Set-Location -LiteralPath 'C:\Users\Jaap Brasser\appdata\local\lxss\'
Set-Location -LiteralPath "${env:userprofile}\appdata\local\lxss\"

LinuxBashonWindows

By accessing this location it is easy to copy files from the Windows filesystem directly into the Linux file system.

For more information in regards to Linux User-Mode on Windows 10, please refer to the following links:

Links in this Article
Blog – Windows Command Line Tools For Developers
Announcing Windows 10 Insider Preview Build 14316
Video – Running Bash on Ubuntu on Windows!

DiskCleanup – Remove Previous Windows Versions – PowerShell Module

Over the last few weeks I have upgraded and reinstalled a number of Windows 10 machines and as part of my routine after an upgrade to a later build of Windows 10 I would clean up both the Upgrade files as well as the old version of Windows. The steps to do this involves starting the Disk Cleanup tool, with Administrative credentials, and clicking through the interface in order to clean up the files and save up some of those precious GBs of storage space. After repeating this process a few times in the past week it started to become a bit tedious.

In order to do this is use the command line options that are available with the Disk Cleanup tool, cleanmgr.exe. While it is unfortunately not possible to use this tool directly to clean up specifically the left over files of an Upgrade of Windows 10, it does allow for using the GUI to create a ‘StateFlags’ which is stored in the registry. Using this methodology in combination with Sysinternals Procmon I established where this information was written in the registry and I came up with the following three lines of PowerShell code that allowed me to create the job required to do this job:

1
2
3
New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Temporary Setup Files' -PropertyType 'DWORD' -Force -Name 'StateFlags1337' -Value 0x2
New-ItemProperty -Path 'HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Previous Installations' -PropertyType 'DWORD' -Force -Name 'StateFlags1337' -Value 0x2
cleanmgr.exe /SAGERUN:1337

This will code will first create two registry keys and after creating those registry keys, specify the Disk Cleanup application to run with job number 1337. This worked, although unfortunately it is not possible to hide the GUI completely as user interaction might still be required. In certain scenarios you will be prompted to confirm that you really do want to delete the Old Windows Installation files, that includes the warning that deleting those files will not allow you to roll back to an older version of Windows anymore. This also includes the files if you upgrades from Windows 7/8.1 to Windows 10.

As I saw more potential for this method of utilizing the Disk Cleanup tool, I decided to write a proper module that does simplifies the job creation process beyond just cleaning up Previous Windows Installation / Upgrade files. Today I have released the module that does contains the following functions:

  • Get-VolumeCachesKey
  • Get-VolumeCachesStateFlags
  • Remove-WindowsUpgradeFiles
  • Set-VolumeCachesStateFlags

To install the module on your system you can run the following code:

1
Install-Module DiskCleanup -Verbose

InstallModuleDiskCleanup

To remove  the Previous Windows Installation / Upgrade files run the following command:

1
Remove-WindowsUpgradeFiles -Verbose -Confirm:$false

RemoveUpgradeFiles

This will both create the job with number 1337 and then execute that job, and the Disk Cleanup Windows will appear on your screen. This process can take a few minutes depending on the speed of your system. The function will wait until all Disk Cleanup windows have been closed and then show a report of the amount of space saved.
DiskCleanup

Use the Get-VolumeCachesStateFlags cmdlet it is possible to view what settings have been configured:
Get-VolumeCachesStateFlags

It is also possible to setup a custom job using the Set-VolumeCachesStateFlags cmdlet, the mandatory parameter -StateFlags will accept any number of Switch parameters. These parameters are dynamically generated based on the available Keys in the registry path:

HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Temporary Setup Files

SetVolumeCachesStateFlags

The module is available at the following online repositories:

I will actively maintain this module, so feel free to leave a comment or feature request in the comments or send in a pull request on GitHub.

All the links mentioned in this article are available below:

Links in this Article
PowerShell Gallery – DiskCleanup
TechNet Script Gallery – DiskCleanup
GitHub – JaapBrasser – DiskCleanup
Sysinternals – Process Monitor