Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

How to supply a powershell script with an argument containing commata?

Posted on 2014-03-18
13
Medium Priority
?
492 Views
Last Modified: 2014-03-24
Hi experts.

I am trying to use a script to set a Bitlocker-Password like this
script.ps1 newpassword

The password might contain commata, for example script.ps1 my,new,password
So far, I have only a working script as long as the pw does not contain commata... script goes
$newpw = ConvertTo-SecureString -Force -AsPlainText "$args[0]"
Add-BitLockerKeyProtector c: -PasswordProtector -password $newpw

Open in new window


What do I have to change?
0
Comment
Question by:McKnife
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 4
13 Comments
 
LVL 14

Expert Comment

by:frankhelk
ID: 39938266
Have you tried to enclose the password in double quotes ?
-password "$newpw"

Open in new window

0
 
LVL 41

Assisted Solution

by:footech
footech earned 2000 total points
ID: 39938277
You should pass the argument as a string.  So you would call
script.ps1 "new,password"

And I think the first line of your script should be
$newpw = ConvertTo-SecureString -Force -AsPlainText $args[0]

Open in new window

(no quotes around $args[0]).
0
 
LVL 41

Assisted Solution

by:footech
footech earned 2000 total points
ID: 39938285
Also, if you append the following to your script for testing, you can see what the securestring is.  I can't take credit for the Decrypt-SecureString function as I found it at
http://blogs.msdn.com/b/besidethepoint/archive/2010/09/21/decrypt-secure-strings-in-powershell.aspx

function Decrypt-SecureString {
param(
    [Parameter(ValueFromPipeline=$true,Mandatory=$true,Position=0)]
    [System.Security.SecureString]
    $sstr
)

$marshal = [System.Runtime.InteropServices.Marshal]
$ptr = $marshal::SecureStringToBSTR( $sstr )
$str = $marshal::PtrToStringBSTR( $ptr )
$marshal::ZeroFreeBSTR( $ptr )
$str
}
Decrypt-SecureString $newpw

Open in new window

0
Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

 
LVL 56

Author Comment

by:McKnife
ID: 39938397
Frank, that does not help. It produces
ConvertTo-SecureString : Cannot convert 'System.Object[]' to the type
'System.String' required by parameter 'String'. Specified method is not
supported.
footech, does not work, either.
If I use $args[0] instead of "$args[0]" and quotes around "Password" passwords without commata Keep working, but with commata, I get also "ConvertTo-SecureString : Cannot convert 'System.Object[]' to the type..."
0
 
LVL 56

Author Comment

by:McKnife
ID: 39938406
But what does indeed work then (with simply $args[0] ) is
script.ps 'new,password'

Now I will see how this matches with my batch that provides the Password to the script.ps...
0
 
LVL 56

Author Comment

by:McKnife
ID: 39938442
That works... :)
Let's see if any other Special characters that are allowed inside our Passwords will cause Problems. Back soon.
0
 
LVL 56

Author Comment

by:McKnife
ID: 39938451
Brrr... gets uglier by the minute...
of course ' and & are not working here. But what's even worse: I cannot use footech's decrypter... it "lies" to me. Example: Password provided is (enclosed in '):
ABC#,§$%m$!()[]\?/-+@tg45
then the function returns no Errors (and shows the same as decrypted output), but that pw does not work. Something else got set.

Thoughts?
0
 
LVL 56

Author Comment

by:McKnife
ID: 39938490
Sorry footech, your decryptor works, I have no idea at all why it did not work moments ago.
Pffff, time for a nap.
0
 
LVL 41

Expert Comment

by:footech
ID: 39938541
Odd that double-quotes didn't work for you, as it appeared to work for me in testing (everything except the Add-BitLockerKeyProtector command - I can't test that).  Single-quotes work for me as well.

With the decryptor passing back the same string as was input, I don't see how the Add-BitLockerKeyProtector command could set anything different.  I would think that if there was a character that it didn't accept that it would throw an error (but I don't have any experience with that command).  Does BitLocker restrict which characters you can use?

I wouldn't expect any problem with &, but with single-quote inside of single-quotes, or double inside of double it would have to be '''' (four single-quotes) or """"" (four double-quotes), the inner pair equaling just one quote.
0
 
LVL 56

Author Comment

by:McKnife
ID: 39938558
*still awake*
As I corrected myself: your decryptor does work and I continued testing. Only & and ' and of course <> are problematic. We could overcome that by simply disallowing that chars in our Password Policy enforcement Software (Anixis PPE 7.6).
0
 
LVL 56

Accepted Solution

by:
McKnife earned 0 total points
ID: 39939125
I got a nice solution from another forum.
Requirement: Powershell 3.0 or higher.

script.ps1 --% S&om'weir"D,P@&&word

Open in new window

0
 
LVL 41

Expert Comment

by:footech
ID: 39939918
I have read about that operator, but have not had a scenario where I needed to use it (and had pretty much forgotten about it), so thanks for sharing!
0
 
LVL 56

Author Closing Comment

by:McKnife
ID: 39949812
Thanks!
0

Featured Post

What’s Wrong with Your Cloud Strategy ?

Even as many CIOs are embracing a cloud-first strategy, the reality is that moving to the cloud is a lengthy process and the end-state is likely to be a blend of multiple clouds—public and private. Learn why multicloud solutions matter in this webinar by Nimble Storage.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A procedure for exporting installed hotfix details of remote computers using powershell
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question