How would I encrypt a password in the cmd prompt that would allow a backup to a remote server?

I would like to enter       net use \\192.168.1.199 /user:tuser /persistent:yes           at the cmd prompt so I can run a scheduled task that will back up specific files to a remote location. However, I am concerned about entering the user's password in the clear. Is there a way to encrypt the password that I enter so that it is still be recognized by active directory? Thanks
PDSWSSAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

pnormsCommented:
You can't do it with CMD, I have a vb script at work that will do it with encryption, if this is still unanswer tomorrow I will upload it for you.
0
MaximumIQCommented:
if you're going to have this is a bat file, you can start it with "Echo off" and that won't show the actual command being executed but only the results
0
pnormsCommented:
Better yet if you are running it as a scheduled task just have the task run as the desired use, the problem is that you cannot automate the runas password entry of cmd bat files.
0
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

PDSWSSAuthor Commented:
Don't want to automate with the password entry.  As I said I want to enter the password one time encrypted in the cmd line so I do not need to run cmd bat files with the password.
0
PDSWSSAuthor Commented:
MaximumIQ:

Even with echo off the unencrypted password must be sent to the remote computer, which is what I want to avoid. Thanks
0
pnormsCommented:
Don't want to automate with the password entry.  As I said I want to enter the password one time encrypted in the cmd line so I do not need to run cmd bat files with the password.    

Even with echo off the unencrypted password must be sent to the remote computer, which is what I want to avoid

So from what I gather you want to connect to the remote PC using a password once then run a few batch files with that same login? Are the batch files that you want to run always the same?
0
PDSWSSAuthor Commented:
I would need to run to one batch file through an ongoing scheduled task and another batch file through another scheduled task. Thanks
0
pnormsCommented:
Well if you what to enter the password each time the taks is run to have nothing to be concerned about as it will not be stored anywhere. The only reason you would need to have any concern is if you were going to be storing the password in your batch to take care of the login which you don't want to do. if you have your task launch the batch as the user you could have your way with one password entry each time. For instance:

Initial Batch:

REM C:\scripts\launch.bat
@echo off
runas /user:tuser c:\scripts\yourbatch.bat
exit

-----------------------
Your Backup Batch:
REM List current maps in case something goes wrong you have a log
net use >> c:\temp\currentmaplist.txt
net use P: /D
net use P: \\192.168.1.199\share /persistent:yes
net use G: /D
net use G: \\192.168.1.198\share /persistent:yes

Open in new window

0
PDSWSSAuthor Commented:
Manually entering the password each time the task is run will not work since this backup will run at times when I am not logged in.

I thought I could enter it once using   net use \\192.168.1.199 /user:tuser /persistent:yes     and then enter the password at the  password request

Then have the scheduled tasks run the batch files without having to enter the password again. Is that correct?
0
PDSWSSAuthor Commented:
BTW - What is the meaning of    net use P:  /D   and  net use G: /D    ?
0
pnormsCommented:
No that will not work, bat files cannot store passwords for runas, you will need VB.
net use P: /D will disconnect the mapped drive P, you would do this to make sure you are using the correct location. net use >> c:\temp\currentmaplist.txt will give you a list of all maps drives first in case you disconnect one by accident.
0
PDSWSSAuthor Commented:

Questions - The initial batch would not run unless I was logged in and entered the password for tuser each time the bat file was run. Is that correct?
"No that will not work, bat files cannot store passwords for runas, you will need VB."  What VB code do you refer to? Thanks


Initial Batch:

REM C:\scripts\launch.bat
@echo off
runas /user:tuser c:\scripts\yourbatch.bat
exit
0
pnormsCommented:
This should get you on your way:
Note: Line 14 will be your usernamer (administrator) and the patch to your bat file.
Note: Lines 21 and 22 Sdvvzrug4 = Password1 with this encryption, replace it with your encrypted password by making the encrypt.vb with the code below.
Create two VB files backup.vb and encrypt.vb (name them whatever)
You can take it one spet further and encrypt the whole vbs into a vbe using this:
http://www.microsoft.com/downloads/details.aspx?familyid=E7877F67-C447-4873-B1B0-21F0626A6329&displaylang=en

'---------------------------------------------------------------------------
'Author      : PNorms
'Created     : 3/30/2011
'Description : Encrypt Password
'File Name	 : encrypt.vbs
'---------------------------------------------------------------------------

set winShell = WScript.CreateObject("WScript.Shell")
	txt = inputbox("enter text to be encoded")
	msgbox encode(txt)

function encode(e)
	For i = 1 To Len(e)
		newtxt = Mid(e, i, 1)
		newtxt = Chr(Asc(newtxt)+3)
		coded = coded & newtxt
	Next
	encode = coded
End Function

Open in new window

'---------------------------------------------------------------------------
'Author      : PNorms
'Created     : 3/30/2011
'Description : Runas
'File Name	 : backup.vb
'---------------------------------------------------------------------------

'Set Reqs ------------------------------------------------------------------
option explicit
	dim winShell, txt, i, newtxt, coded
	set winShell= CreateObject("Wscript.Shell")

'Runas ---------------------------------------------------------------------
function runas ()
		winShell.run("runas /noprofile /user:administrator " & Chr(34) & "c:\temp\test.bat" & Chr(34))
		WScript.Sleep 350
		winShell.SendKeys coded & "{ENTER}"
end function

'Password Encryption ---------------------------------------------------------------------
function encpass()
	For i = 1 To Len("Sdvvzrug4")
		newtxt = Mid("Sdvvzrug4", i, 1)
		newtxt = Chr(Asc(newtxt)-3)
		coded = coded & newtxt
	Next
End Function

'Run Everything And Quit  -----------------------------------------------------------------
	encpass()
	runas()
	WScript.Sleep 500
	WScript.Quit

Open in new window

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
PDSWSSAuthor Commented:
Thank you.  Questions

Do I enter my password into   "enter text to be encoded"      ?

Then run encrypt.vbs

Then replace  "sevvzrug4" with the encrypted Password?  

Does the administrator have to be the user?  Can it be another user that has been included in the admin group for this server?
0
pnormsCommented:
Yes make the file encrypt.vb run it, enter the password for the user take the output from that and put it in the two spots with sevvzrug4.
No it can be any user you like, if it is a domain user be sure to use: yourdomainname\username if its local just use the local account name.
0
PDSWSSAuthor Commented:
I will test this as soon as my time allows. Thanks
0
pnormsCommented:
Not a problem, good luck let me know if you have any other issues, should do exactly what you need though.
0
PDSWSSAuthor Commented:
created  encrypt.cmd file - run(2Xclick) and the cmd prompt screen flashed. Could not see the output. Is the output stored in a file? thanks
0
pnormsCommented:
It is not a .cmd file it is .vbs
0
PDSWSSAuthor Commented:
Haven't used .vbs files before.
Do you create it in notepad and save as .vbs and double click to run?

When I follow this process I get a window with the password I entered on top left and a place to type text on the bottom of the window.
0
pnormsCommented:
Exactly, same as a bat script but much more powerful.
0
McKnifeCommented:
Ok, back to the start: why would you not want to save the account info needed to the scheduled task itself? There, it is encrypted.
0
PDSWSSAuthor Commented:
I have it saved somewhere else.

How do I get the encrypted password that I need to enter into your script if I can not see it?
0
pnormsCommented:
There are two scripts that are required:
The first is this:
Take the text from below paste into into a new txt document and save this file as "encrypt.vbs"
'---------------------------------------------------------------------------
'Author      : PNorms
'Created     : 3/30/2011
'Description : Encrypt Password
'File Name	 : encrypt.vbs
'---------------------------------------------------------------------------

set winShell = WScript.CreateObject("WScript.Shell")
	txt = inputbox("enter text to be encoded")
	msgbox encode(txt)

function encode(e)
	For i = 1 To Len(e)
		newtxt = Mid(e, i, 1)
		newtxt = Chr(Asc(newtxt)+3)
		coded = coded & newtxt
	Next
	encode = coded
End Function

Open in new window

0
pnormsCommented:
Double click on this script and enter your desire password, the output will be your new encrypted password make a note of it for later use.
0
PDSWSSAuthor Commented:
OK. I made the mistake of replacing    enter text to be encoded      with  the password and then then running it.
0
pnormsCommented:
The second script is your launcher this is the once you will be using in your day to day activities:
Take the text from below paste into into a new txt document.
On Line 14 enter your usernamer.
On Lines 21 and 22 replace Sdvvzrug4 with your encrypted password you just generated
Save this file as "launcher.vbs"
'---------------------------------------------------------------------------
'Author      : PNorms
'Created     : 3/30/2011
'Description : Runas
'File Name	 : backup.vb
'---------------------------------------------------------------------------

'Set Reqs ------------------------------------------------------------------
option explicit
	dim winShell, txt, i, newtxt, coded
	set winShell= CreateObject("Wscript.Shell")

'Runas ---------------------------------------------------------------------
function runas ()
		winShell.run("runas /noprofile /user:administrator " & Chr(34) & "c:\temp\test.bat" & Chr(34))
		WScript.Sleep 350
		winShell.SendKeys coded & "{ENTER}"
end function

'Password Encryption ---------------------------------------------------------------------
function encpass()
	For i = 1 To Len("Sdvvzrug4")
		newtxt = Mid("Sdvvzrug4", i, 1)
		newtxt = Chr(Asc(newtxt)-3)
		coded = coded & newtxt
	Next
End Function

'Run Everything And Quit  -----------------------------------------------------------------
	encpass()
	runas()
	WScript.Sleep 500
	WScript.Quit

Open in new window

0
pnormsCommented:
Ha ha gotcha
0
PDSWSSAuthor Commented:
What's Ha Ha gotcha about?

Ran encypt.vbs -  created encrypted password -

Set up Launch.vbs   double click  it opens in notepad but doesn't run. I have attached the code with edits as a screenshot.
I also attached a screen shot of the FtoRem.cmd file it is running.

The FtoRem.cmd is copying Folder1 on Drive:F  to the Folder on the Remote Share as indicated in the file.

Any ideas why its not running?
launch.png
FtoREM.cmd.png
0
pnormsCommented:
What's Ha Ha gotcha about?
I was reffering to:
OK. I made the mistake of replacing    enter text to be encoded      with  the password and then then running it.

------------------

This is a very simple batch again the best meathod would be to use the batch (without the /user switch as it is not a switch for xcopy so your batch will not run properly either) as a scheduled task with the task running as user ad\zman.

If you don't want to do that just use the code below.

------------------
Be sure that on line 16 c:\scripts\FtoREM.CMD.bat is the location of your BAT file

You need a space after ad\zman as the command comes after it.

You need to run the functions as well you you need:
      encpass()
      runas()
      WScript.Sleep 500
      WScript.Quit

As to why it is launching in notepad the file extention must not be .vbs it it probably .txt
Double check it by opening a folder click tools, folder options, view, uncheck "Hide extensions for known file types." you will then probably see encypt.vbs.txt change it to encypt.vbs

option explicit
	dim winShell, txt, i, newtxt, coded
	set winShell= CreateObject("Wscript.Shell")
	
function runas ()
		winShell.run("runas /noprofile /user:ad\zman " & Chr(34) & "c:\scripts\FtoREM.CMD.bat" & Chr(34))
		WScript.Sleep 350
		winShell.SendKeys coded & "{ENTER}"
end function

function encpass()
	For i = 1 To Len("$jrttw456$")
		newtxt = Mid("$jrttw456$", i, 1)
		newtxt = Chr(Asc(newtxt)-3)
		coded = coded & newtxt
	Next
End Function

encpass()
runas()
WScript.Sleep 500
WScript.Quit

Open in new window

0
PDSWSSAuthor Commented:
FtoREM.cmd   is a  .cmd file not .bat    I did not think it made a difference.

I save as .cmd not .bat and then appear to run the same.

Also which of the /letters is the user switch  (without the /user switch as it is not a switch for xcopy so your batch will not run properly either)?
Should I also delete          /user:ad/zman from FtoREM.cmd?

 Thanks
0
pnormsCommented:
yes .cmd and .bat are pretty much the same they will run xcopy the same way.

the runas commands requires that you use /user (open a command prompt and type "runas /?" - no quotes, it will give you a list of useage.
If you do the same for xcopy ("xcopy /?" - no quotes) you will get the usage, notice there is no "/user".

So yes make your .cmd file look like this for that line:

%backupcmd% "F:\backups\folder1" "\\192.123.2.199\backups\backupfolder"
0
PDSWSSAuthor Commented:
In regards to your suggestion below - Do not see option to click tools (where is it?) -  but took screen shot of the launch.vbs file in the folder and indicates that this is a .vbs file. If it really is a vbs file, why is it opening instead of running when I double click on file?  Is there another way to run the code?

As to why it is launching in notepad the file extention must not be .vbs it it probably .txt
Double check it by opening a folder click tools, folder options, view, uncheck "Hide extensions for known file types." you will then probably see encypt.vbs.txt change it to encypt.vbs


Picture-6.png
0
pnormsCommented:
Yeah that is certainly a vbs, you may have accidentally hit "always open with notepad." Right click on the file, hit open with, choose "MS Windows Based Script Host" and check off always use the selected program to open this file type.
0
pnormsCommented:
Right click on the file, hit open with, choose program, choose "MS Windows Based Script Host" and check off always use the selected program to open this file type.
0
PDSWSSAuthor Commented:
Made all suggested changes - ran code and I see the cmd screen flash and thats it.  Running as  bman not zman.

I have attached the output for    runas /?   and  xcopy /?     Does not appear to be the expected output.  Thanks
Picture-3.png
Picture-4.png
0
PDSWSSAuthor Commented:
Even if I don't get this to work right now, I will still award you the points.
0
PDSWSSAuthor Commented:
Thanks for you help with this.
0
pnormsCommented:
Forget everything else above:
Just try this and forget about encryption for now and running your cmd.
Replace yourpasswordunencrypted on line 9 with your ad\zman password no encryption for now.
Save the file as backup.vbs and run it, let me know if that runs
option explicit
	dim winShell
	set winShell= CreateObject("Wscript.Shell")

'Runas ---------------------------------------------------------------------
function runas ()
		winShell.run("runas /noprofile /user:ad\zman " & Chr(34) & "xcopy /s /c /d /e /h /i /r /y f:\Backups\folder1\ \\192.123.2.199\BACKUPS\backfolder\" & Chr(34))
		WScript.Sleep 50
		winShell.SendKeys "yourpasswordunencrypted" & "{ENTER}"
end function

'Run Everything ------------------------------------------------------------
	runas()

Open in new window

0
PDSWSSAuthor Commented:
OK. Will try this later today and will let you know. Thanks
0
PDSWSSAuthor Commented:
Still does not work.   Something that is missing from your code which I left out of what I had sent you but did include in the code that I ran is that

there should be a   Shared$    folder in the mapping (See below).  Would this make a difference?  I gave zman write only permissions on the share. thanks

\\192.123.2.199\Shared$\Backups\backfolder
0
PDSWSSAuthor Commented:
At the cmd prompt when I type     net use \\IPaddress\Shared$/user:ad\zman

I get "System Error 53 has occurred

Network Pathway can not be found"

However, I can map this shared drive in Windows Explorer. Works every time.

Any ideas?
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Encryption

From novice to tech pro — start learning today.