Solved

How to supply a powershell script with an argument containing commata?

Posted on 2014-03-18
13
435 Views
Last Modified: 2014-03-24
Hi experts.

I am trying to use a script to set a Bitlocker-Password like this
script.ps1 newpassword

The password might contain commata, for example script.ps1 my,new,password
So far, I have only a working script as long as the pw does not contain commata... script goes
$newpw = ConvertTo-SecureString -Force -AsPlainText "$args[0]"
Add-BitLockerKeyProtector c: -PasswordProtector -password $newpw

Open in new window


What do I have to change?
0
Comment
Question by:McKnife
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 4
13 Comments
 
LVL 14

Expert Comment

by:frankhelk
ID: 39938266
Have you tried to enclose the password in double quotes ?
-password "$newpw"

Open in new window

0
 
LVL 40

Assisted Solution

by:footech
footech earned 500 total points
ID: 39938277
You should pass the argument as a string.  So you would call
script.ps1 "new,password"

And I think the first line of your script should be
$newpw = ConvertTo-SecureString -Force -AsPlainText $args[0]

Open in new window

(no quotes around $args[0]).
0
 
LVL 40

Assisted Solution

by:footech
footech earned 500 total points
ID: 39938285
Also, if you append the following to your script for testing, you can see what the securestring is.  I can't take credit for the Decrypt-SecureString function as I found it at
http://blogs.msdn.com/b/besidethepoint/archive/2010/09/21/decrypt-secure-strings-in-powershell.aspx

function Decrypt-SecureString {
param(
    [Parameter(ValueFromPipeline=$true,Mandatory=$true,Position=0)]
    [System.Security.SecureString]
    $sstr
)

$marshal = [System.Runtime.InteropServices.Marshal]
$ptr = $marshal::SecureStringToBSTR( $sstr )
$str = $marshal::PtrToStringBSTR( $ptr )
$marshal::ZeroFreeBSTR( $ptr )
$str
}
Decrypt-SecureString $newpw

Open in new window

0
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 55

Author Comment

by:McKnife
ID: 39938397
Frank, that does not help. It produces
ConvertTo-SecureString : Cannot convert 'System.Object[]' to the type
'System.String' required by parameter 'String'. Specified method is not
supported.
footech, does not work, either.
If I use $args[0] instead of "$args[0]" and quotes around "Password" passwords without commata Keep working, but with commata, I get also "ConvertTo-SecureString : Cannot convert 'System.Object[]' to the type..."
0
 
LVL 55

Author Comment

by:McKnife
ID: 39938406
But what does indeed work then (with simply $args[0] ) is
script.ps 'new,password'

Now I will see how this matches with my batch that provides the Password to the script.ps...
0
 
LVL 55

Author Comment

by:McKnife
ID: 39938442
That works... :)
Let's see if any other Special characters that are allowed inside our Passwords will cause Problems. Back soon.
0
 
LVL 55

Author Comment

by:McKnife
ID: 39938451
Brrr... gets uglier by the minute...
of course ' and & are not working here. But what's even worse: I cannot use footech's decrypter... it "lies" to me. Example: Password provided is (enclosed in '):
ABC#,§$%m$!()[]\?/-+@tg45
then the function returns no Errors (and shows the same as decrypted output), but that pw does not work. Something else got set.

Thoughts?
0
 
LVL 55

Author Comment

by:McKnife
ID: 39938490
Sorry footech, your decryptor works, I have no idea at all why it did not work moments ago.
Pffff, time for a nap.
0
 
LVL 40

Expert Comment

by:footech
ID: 39938541
Odd that double-quotes didn't work for you, as it appeared to work for me in testing (everything except the Add-BitLockerKeyProtector command - I can't test that).  Single-quotes work for me as well.

With the decryptor passing back the same string as was input, I don't see how the Add-BitLockerKeyProtector command could set anything different.  I would think that if there was a character that it didn't accept that it would throw an error (but I don't have any experience with that command).  Does BitLocker restrict which characters you can use?

I wouldn't expect any problem with &, but with single-quote inside of single-quotes, or double inside of double it would have to be '''' (four single-quotes) or """"" (four double-quotes), the inner pair equaling just one quote.
0
 
LVL 55

Author Comment

by:McKnife
ID: 39938558
*still awake*
As I corrected myself: your decryptor does work and I continued testing. Only & and ' and of course <> are problematic. We could overcome that by simply disallowing that chars in our Password Policy enforcement Software (Anixis PPE 7.6).
0
 
LVL 55

Accepted Solution

by:
McKnife earned 0 total points
ID: 39939125
I got a nice solution from another forum.
Requirement: Powershell 3.0 or higher.

script.ps1 --% S&om'weir"D,P@&&word

Open in new window

0
 
LVL 40

Expert Comment

by:footech
ID: 39939918
I have read about that operator, but have not had a scenario where I needed to use it (and had pretty much forgotten about it), so thanks for sharing!
0
 
LVL 55

Author Closing Comment

by:McKnife
ID: 39949812
Thanks!
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Synchronize a new Active Directory domain with an existing Office 365 tenant
Windows 10 came with  a lot of built in applications, Some organisations leave them there, some will control them using GPO's. This Article is useful for those who do not want to have any applications in their image (example:me).
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question