-
Title
ActiveRoles Release 7.4 Sample ‘RemoteMailbox’ Script -
Description
ActiveRoles Release 7.4 Sample ‘RemoteMailbox’ Script
With the release of ActiveRoles 7.4 a ‘RemoteMailbox’ Sample script has been provided. The ‘RemoteMailbox’ script has been provided as a sample script only, to illustrate the steps required, and should not be used as-is in a production situation without modification and enhancement.
-
Cause
As a sample script, the script contains security credentials that are made visible in clear text.
-
Resolution
The use of security credentials within a script in clear text should never be considered appropriate or secure. In testing this script, care and consideration should be given to the authentication and use of credentials, and clear text credentials should not be left in the script once testing is complete.
Although there are multiple ways to secure credentials, the following is just one example of how to secure credentials within this script.
Example 1: Encrypt Password
1. Generate the encrypted password using PowerShell.
$password = read-host -prompt "Enter your Password" write-host "$password is password"$secure = ConvertTo-SecureString $password -force -asPlainText$bytes = ConvertFrom-SecureString $secure$bytes2. Copy the generated password and use it in the script as below.
$encrypted = "01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c2ff6c3e15fa9c42ab0a5f8692d8e7290000000002000000000003660000c
0000000100000003332cbc77cbc67f0eb840ee7a09707730000000004800000a0000000100000001445e348dbf0685f27015e50d1c49437180000002e5bbbb1f43ccffda0357966eedbf920ba1eb0601bdee61114000000f84895f401819291fe791149b6715f5aedefeae7"$user = ""$password = ConvertTo-SecureString -string $encrypted$cred = new-object -typename System.Management.Automation.PSCredential -argumentlist $user,$password$ExchangeFQDN = "WIN-IJ7TGIEVM7N.EDC.local"$ExchangeConnectionURI = "http://" + $ExchangeFQDN + "/PowerShell/"$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri $ExchangeConnectionURI -Credential $credImport-PSSession $Session -DisableNameChecking -AllowClobberNote: A password that gets encrypted from one machine cannot be decrypted by other machines.
Example 2: Encrypt password for use on multiple machines
1. Create a salt key
$Key = New-Object Byte[] 32[Security.Cryptography.RNGCryptoServiceProvider]::Create().GetBytes($Key)2. Edit the salt key and store it to a variable\file.
3. Encrypt the password using the key generated$Cred = Get-Credential
$Key = (13,129,115,75,63,168,71,9,79,144,39,116,177,167,127,137,206,40,36,24,246,126,223,187,151,62,243,12,17,24,212,236)$Password = $Cred.Password| ConvertFrom-SecureString -Key $keyHere$key is generated from step 1$password is the final encrypted password4. This encrypted password can be decrypted by any computer in along with the salt key and can be used with any script.
Example program is shown below.
$pass ="76492d1116743f0423413b16050a5345MgB8AGwAdwB2ADgAYwBnAG0AOQBTAGkARAB0ACsARgByAGIAaQBHAGoAYgBNAHc
APQA9AHwAOABmADIAYwBkAGMAZgA1AGUAYgA4ADYAMwBhAGMAYQBjAGYAMwBkAGYANQA5ADQAMQAyAGYAOABiADAANwA1
ADkAOQA4ADcAMwBkAGIAMgAyADMAZQBhADcAOQBmADAAMgA1ADUANAAxADkAOAA5ADQANABkADMAMgA1ADUAMgA="$Key = (13,129,115,75,63,168,71,9,79,144,39,116,177,167,127,137,206,40,36,24,246,126,223,187,151,62,243,12,17,24,212,236)$user = "edc1\administrator"$password =$pass | ConvertTo-SecureString -Key $Key$cred = new-object -typename System.Management.Automation.PSCredential -argumentlist $user,$password$ExchangeFQDN = "WIN-IJ7TGIEVM7N.EDC.local"$ExchangeConnectionURI = "http://" + $ExchangeFQDN + "/PowerShell/"$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri $ExchangeConnectionURI -Credential $credImport-PSSession $Session -DisableNameChecking -AllowClobber