Solved

How to supply a powershell script with an argument containing commata?

Posted on 2014-03-18
13
419 Views
Last Modified: 2014-03-24
Hi experts.

I am trying to use a script to set a Bitlocker-Password like this
script.ps1 newpassword

The password might contain commata, for example script.ps1 my,new,password
So far, I have only a working script as long as the pw does not contain commata... script goes
$newpw = ConvertTo-SecureString -Force -AsPlainText "$args[0]"
Add-BitLockerKeyProtector c: -PasswordProtector -password $newpw

Open in new window


What do I have to change?
0
Comment
Question by:McKnife
  • 8
  • 4
13 Comments
 
LVL 14

Expert Comment

by:frankhelk
ID: 39938266
Have you tried to enclose the password in double quotes ?
-password "$newpw"

Open in new window

0
 
LVL 40

Assisted Solution

by:footech
footech earned 500 total points
ID: 39938277
You should pass the argument as a string.  So you would call
script.ps1 "new,password"

And I think the first line of your script should be
$newpw = ConvertTo-SecureString -Force -AsPlainText $args[0]

Open in new window

(no quotes around $args[0]).
0
 
LVL 40

Assisted Solution

by:footech
footech earned 500 total points
ID: 39938285
Also, if you append the following to your script for testing, you can see what the securestring is.  I can't take credit for the Decrypt-SecureString function as I found it at
http://blogs.msdn.com/b/besidethepoint/archive/2010/09/21/decrypt-secure-strings-in-powershell.aspx

function Decrypt-SecureString {
param(
    [Parameter(ValueFromPipeline=$true,Mandatory=$true,Position=0)]
    [System.Security.SecureString]
    $sstr
)

$marshal = [System.Runtime.InteropServices.Marshal]
$ptr = $marshal::SecureStringToBSTR( $sstr )
$str = $marshal::PtrToStringBSTR( $ptr )
$marshal::ZeroFreeBSTR( $ptr )
$str
}
Decrypt-SecureString $newpw

Open in new window

0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 54

Author Comment

by:McKnife
ID: 39938397
Frank, that does not help. It produces
ConvertTo-SecureString : Cannot convert 'System.Object[]' to the type
'System.String' required by parameter 'String'. Specified method is not
supported.
footech, does not work, either.
If I use $args[0] instead of "$args[0]" and quotes around "Password" passwords without commata Keep working, but with commata, I get also "ConvertTo-SecureString : Cannot convert 'System.Object[]' to the type..."
0
 
LVL 54

Author Comment

by:McKnife
ID: 39938406
But what does indeed work then (with simply $args[0] ) is
script.ps 'new,password'

Now I will see how this matches with my batch that provides the Password to the script.ps...
0
 
LVL 54

Author Comment

by:McKnife
ID: 39938442
That works... :)
Let's see if any other Special characters that are allowed inside our Passwords will cause Problems. Back soon.
0
 
LVL 54

Author Comment

by:McKnife
ID: 39938451
Brrr... gets uglier by the minute...
of course ' and & are not working here. But what's even worse: I cannot use footech's decrypter... it "lies" to me. Example: Password provided is (enclosed in '):
ABC#,§$%m$!()[]\?/-+@tg45
then the function returns no Errors (and shows the same as decrypted output), but that pw does not work. Something else got set.

Thoughts?
0
 
LVL 54

Author Comment

by:McKnife
ID: 39938490
Sorry footech, your decryptor works, I have no idea at all why it did not work moments ago.
Pffff, time for a nap.
0
 
LVL 40

Expert Comment

by:footech
ID: 39938541
Odd that double-quotes didn't work for you, as it appeared to work for me in testing (everything except the Add-BitLockerKeyProtector command - I can't test that).  Single-quotes work for me as well.

With the decryptor passing back the same string as was input, I don't see how the Add-BitLockerKeyProtector command could set anything different.  I would think that if there was a character that it didn't accept that it would throw an error (but I don't have any experience with that command).  Does BitLocker restrict which characters you can use?

I wouldn't expect any problem with &, but with single-quote inside of single-quotes, or double inside of double it would have to be '''' (four single-quotes) or """"" (four double-quotes), the inner pair equaling just one quote.
0
 
LVL 54

Author Comment

by:McKnife
ID: 39938558
*still awake*
As I corrected myself: your decryptor does work and I continued testing. Only & and ' and of course <> are problematic. We could overcome that by simply disallowing that chars in our Password Policy enforcement Software (Anixis PPE 7.6).
0
 
LVL 54

Accepted Solution

by:
McKnife earned 0 total points
ID: 39939125
I got a nice solution from another forum.
Requirement: Powershell 3.0 or higher.

script.ps1 --% S&om'weir"D,P@&&word

Open in new window

0
 
LVL 40

Expert Comment

by:footech
ID: 39939918
I have read about that operator, but have not had a scenario where I needed to use it (and had pretty much forgotten about it), so thanks for sharing!
0
 
LVL 54

Author Closing Comment

by:McKnife
ID: 39949812
Thanks!
0

Featured Post

Free eBook: Backup on AWS

Everything you need to know about backup and disaster recovery with AWS, for FREE!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Script to find any empty OU and nested OU in Active Directory 2 63
Powershell Code 3 41
WPF Select Items 3 24
Help to debug powershell script 5 38
Create and license users in Office 365 in bulk based on a CSV file. A step-by-step guide with PowerShell script examples.
Previously, on our Nano Server Deployment series, we've created a new nano server image and deployed it on a physical server in part 2. Now we will go through configuration.
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

713 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question