?
Solved

How to supply a powershell script with an argument containing commata?

Posted on 2014-03-18
13
Medium Priority
?
461 Views
Last Modified: 2014-03-24
Hi experts.

I am trying to use a script to set a Bitlocker-Password like this
script.ps1 newpassword

The password might contain commata, for example script.ps1 my,new,password
So far, I have only a working script as long as the pw does not contain commata... script goes
$newpw = ConvertTo-SecureString -Force -AsPlainText "$args[0]"
Add-BitLockerKeyProtector c: -PasswordProtector -password $newpw

Open in new window


What do I have to change?
0
Comment
Question by:McKnife
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 4
13 Comments
 
LVL 14

Expert Comment

by:frankhelk
ID: 39938266
Have you tried to enclose the password in double quotes ?
-password "$newpw"

Open in new window

0
 
LVL 40

Assisted Solution

by:footech
footech earned 2000 total points
ID: 39938277
You should pass the argument as a string.  So you would call
script.ps1 "new,password"

And I think the first line of your script should be
$newpw = ConvertTo-SecureString -Force -AsPlainText $args[0]

Open in new window

(no quotes around $args[0]).
0
 
LVL 40

Assisted Solution

by:footech
footech earned 2000 total points
ID: 39938285
Also, if you append the following to your script for testing, you can see what the securestring is.  I can't take credit for the Decrypt-SecureString function as I found it at
http://blogs.msdn.com/b/besidethepoint/archive/2010/09/21/decrypt-secure-strings-in-powershell.aspx

function Decrypt-SecureString {
param(
    [Parameter(ValueFromPipeline=$true,Mandatory=$true,Position=0)]
    [System.Security.SecureString]
    $sstr
)

$marshal = [System.Runtime.InteropServices.Marshal]
$ptr = $marshal::SecureStringToBSTR( $sstr )
$str = $marshal::PtrToStringBSTR( $ptr )
$marshal::ZeroFreeBSTR( $ptr )
$str
}
Decrypt-SecureString $newpw

Open in new window

0
WatchGuard's M Series Appliances - Miecom Approved

WatchGuard's newest M series appliances were put to the test by Miercom.  We had great results and outperformed all of our competitors in both stateless and stateful traffic throghput scenarios! Ready to see how your UTM appliance stacked up? Download the Miercom Report!

 
LVL 56

Author Comment

by:McKnife
ID: 39938397
Frank, that does not help. It produces
ConvertTo-SecureString : Cannot convert 'System.Object[]' to the type
'System.String' required by parameter 'String'. Specified method is not
supported.
footech, does not work, either.
If I use $args[0] instead of "$args[0]" and quotes around "Password" passwords without commata Keep working, but with commata, I get also "ConvertTo-SecureString : Cannot convert 'System.Object[]' to the type..."
0
 
LVL 56

Author Comment

by:McKnife
ID: 39938406
But what does indeed work then (with simply $args[0] ) is
script.ps 'new,password'

Now I will see how this matches with my batch that provides the Password to the script.ps...
0
 
LVL 56

Author Comment

by:McKnife
ID: 39938442
That works... :)
Let's see if any other Special characters that are allowed inside our Passwords will cause Problems. Back soon.
0
 
LVL 56

Author Comment

by:McKnife
ID: 39938451
Brrr... gets uglier by the minute...
of course ' and & are not working here. But what's even worse: I cannot use footech's decrypter... it "lies" to me. Example: Password provided is (enclosed in '):
ABC#,§$%m$!()[]\?/-+@tg45
then the function returns no Errors (and shows the same as decrypted output), but that pw does not work. Something else got set.

Thoughts?
0
 
LVL 56

Author Comment

by:McKnife
ID: 39938490
Sorry footech, your decryptor works, I have no idea at all why it did not work moments ago.
Pffff, time for a nap.
0
 
LVL 40

Expert Comment

by:footech
ID: 39938541
Odd that double-quotes didn't work for you, as it appeared to work for me in testing (everything except the Add-BitLockerKeyProtector command - I can't test that).  Single-quotes work for me as well.

With the decryptor passing back the same string as was input, I don't see how the Add-BitLockerKeyProtector command could set anything different.  I would think that if there was a character that it didn't accept that it would throw an error (but I don't have any experience with that command).  Does BitLocker restrict which characters you can use?

I wouldn't expect any problem with &, but with single-quote inside of single-quotes, or double inside of double it would have to be '''' (four single-quotes) or """"" (four double-quotes), the inner pair equaling just one quote.
0
 
LVL 56

Author Comment

by:McKnife
ID: 39938558
*still awake*
As I corrected myself: your decryptor does work and I continued testing. Only & and ' and of course <> are problematic. We could overcome that by simply disallowing that chars in our Password Policy enforcement Software (Anixis PPE 7.6).
0
 
LVL 56

Accepted Solution

by:
McKnife earned 0 total points
ID: 39939125
I got a nice solution from another forum.
Requirement: Powershell 3.0 or higher.

script.ps1 --% S&om'weir"D,P@&&word

Open in new window

0
 
LVL 40

Expert Comment

by:footech
ID: 39939918
I have read about that operator, but have not had a scenario where I needed to use it (and had pretty much forgotten about it), so thanks for sharing!
0
 
LVL 56

Author Closing Comment

by:McKnife
ID: 39949812
Thanks!
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Utilizing an array to gracefully append to a list of EmailAddresses
The following article is intended as a guide to using PowerShell as a more versatile and reliable form of application detection in SCCM.
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
How to fix incompatible JVM issue while installing Eclipse While installing Eclipse in windows, got one error like above and unable to proceed with the installation. This video describes how to successfully install Eclipse. How to solve incompa…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question