Solved

How to supply a powershell script with an argument containing commata?

Posted on 2014-03-18
13
412 Views
Last Modified: 2014-03-24
Hi experts.

I am trying to use a script to set a Bitlocker-Password like this
script.ps1 newpassword

The password might contain commata, for example script.ps1 my,new,password
So far, I have only a working script as long as the pw does not contain commata... script goes
$newpw = ConvertTo-SecureString -Force -AsPlainText "$args[0]"
Add-BitLockerKeyProtector c: -PasswordProtector -password $newpw

Open in new window


What do I have to change?
0
Comment
Question by:McKnife
  • 8
  • 4
13 Comments
 
LVL 14

Expert Comment

by:frankhelk
ID: 39938266
Have you tried to enclose the password in double quotes ?
-password "$newpw"

Open in new window

0
 
LVL 39

Assisted Solution

by:footech
footech earned 500 total points
ID: 39938277
You should pass the argument as a string.  So you would call
script.ps1 "new,password"

And I think the first line of your script should be
$newpw = ConvertTo-SecureString -Force -AsPlainText $args[0]

Open in new window

(no quotes around $args[0]).
0
 
LVL 39

Assisted Solution

by:footech
footech earned 500 total points
ID: 39938285
Also, if you append the following to your script for testing, you can see what the securestring is.  I can't take credit for the Decrypt-SecureString function as I found it at
http://blogs.msdn.com/b/besidethepoint/archive/2010/09/21/decrypt-secure-strings-in-powershell.aspx

function Decrypt-SecureString {
param(
    [Parameter(ValueFromPipeline=$true,Mandatory=$true,Position=0)]
    [System.Security.SecureString]
    $sstr
)

$marshal = [System.Runtime.InteropServices.Marshal]
$ptr = $marshal::SecureStringToBSTR( $sstr )
$str = $marshal::PtrToStringBSTR( $ptr )
$marshal::ZeroFreeBSTR( $ptr )
$str
}
Decrypt-SecureString $newpw

Open in new window

0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 54

Author Comment

by:McKnife
ID: 39938397
Frank, that does not help. It produces
ConvertTo-SecureString : Cannot convert 'System.Object[]' to the type
'System.String' required by parameter 'String'. Specified method is not
supported.
footech, does not work, either.
If I use $args[0] instead of "$args[0]" and quotes around "Password" passwords without commata Keep working, but with commata, I get also "ConvertTo-SecureString : Cannot convert 'System.Object[]' to the type..."
0
 
LVL 54

Author Comment

by:McKnife
ID: 39938406
But what does indeed work then (with simply $args[0] ) is
script.ps 'new,password'

Now I will see how this matches with my batch that provides the Password to the script.ps...
0
 
LVL 54

Author Comment

by:McKnife
ID: 39938442
That works... :)
Let's see if any other Special characters that are allowed inside our Passwords will cause Problems. Back soon.
0
 
LVL 54

Author Comment

by:McKnife
ID: 39938451
Brrr... gets uglier by the minute...
of course ' and & are not working here. But what's even worse: I cannot use footech's decrypter... it "lies" to me. Example: Password provided is (enclosed in '):
ABC#,§$%m$!()[]\?/-+@tg45
then the function returns no Errors (and shows the same as decrypted output), but that pw does not work. Something else got set.

Thoughts?
0
 
LVL 54

Author Comment

by:McKnife
ID: 39938490
Sorry footech, your decryptor works, I have no idea at all why it did not work moments ago.
Pffff, time for a nap.
0
 
LVL 39

Expert Comment

by:footech
ID: 39938541
Odd that double-quotes didn't work for you, as it appeared to work for me in testing (everything except the Add-BitLockerKeyProtector command - I can't test that).  Single-quotes work for me as well.

With the decryptor passing back the same string as was input, I don't see how the Add-BitLockerKeyProtector command could set anything different.  I would think that if there was a character that it didn't accept that it would throw an error (but I don't have any experience with that command).  Does BitLocker restrict which characters you can use?

I wouldn't expect any problem with &, but with single-quote inside of single-quotes, or double inside of double it would have to be '''' (four single-quotes) or """"" (four double-quotes), the inner pair equaling just one quote.
0
 
LVL 54

Author Comment

by:McKnife
ID: 39938558
*still awake*
As I corrected myself: your decryptor does work and I continued testing. Only & and ' and of course <> are problematic. We could overcome that by simply disallowing that chars in our Password Policy enforcement Software (Anixis PPE 7.6).
0
 
LVL 54

Accepted Solution

by:
McKnife earned 0 total points
ID: 39939125
I got a nice solution from another forum.
Requirement: Powershell 3.0 or higher.

script.ps1 --% S&om'weir"D,P@&&word

Open in new window

0
 
LVL 39

Expert Comment

by:footech
ID: 39939918
I have read about that operator, but have not had a scenario where I needed to use it (and had pretty much forgotten about it), so thanks for sharing!
0
 
LVL 54

Author Closing Comment

by:McKnife
ID: 39949812
Thanks!
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microsoft Windows Server Update Service (WSUS) is free for everyone, but it lacks of some desirable features like send an e-mail to the administrator with the status of all computers on the WSUS server. This article is based on my PowerShell script …
I thought I'd write this up for anyone who has a request to create an anonymous whistle-blower-type submission form created using SharePoint 2010 (this would probably work the same for 2013). It's not 100% fool-proof but it's as close as you can get…
Along with being a a promotional video for my three-day Annielytics Dashboard Seminor, this Micro Tutorial is an intro to Google Analytics API data.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question