asked on Run a bat file as Domain Admin using PsExec.exe? but encrypt/hide password
Below is how I would run the command normally, but I don't want to display the password in written text. Is there a way of hiding it?
Thanks for your help.
PsExec.exe /accepteula -u DOMAIN\UserName -p PASSWORD \\SERVER\Script.bat
Thanks for your help.
Windows BatchVB ScriptWindows Server 2008
Last Comment
Carl Billington
What exactly is it you're trying to do? if you want to install something that requires administrative permissions, you can use a GPO with a computer startup(! -- not a logon) script.
Then there are tons of batch to exe converters; just google for "bat to exe compiler" (minus the quotes); I can't recommend one in particular, sorry. For a simple script like this, they might work, but in general, I don't trust them.
Then there's AutoIt, an easy to learn script language that can create stand-alone exe files, as console application or GUI, and in 32bit or 64bit: https://www.autoitscript.com/site/autoit/downloads/
If the users running the script aren't tech savvy, you can "hide" the password in an alternate data stream. The script must be stored on NTFS (so if copied to a FAT32 volume, the ADS will be lost).
You can add the password to the script by calling it with Whatever.cmd /ads "TopSecret".
Whatever.cmd /ads will tell you whether the script contains the password.
Any other call will extract the password from the script and currently echo out the psexec command.
Then there are tons of batch to exe converters; just google for "bat to exe compiler" (minus the quotes); I can't recommend one in particular, sorry. For a simple script like this, they might work, but in general, I don't trust them.
Then there's AutoIt, an easy to learn script language that can create stand-alone exe files, as console application or GUI, and in 32bit or 64bit: https://www.autoitscript.com/site/autoit/downloads/
If the users running the script aren't tech savvy, you can "hide" the password in an alternate data stream. The script must be stored on NTFS (so if copied to a FAT32 volume, the ADS will be lost).
You can add the password to the script by calling it with Whatever.cmd /ads "TopSecret".
Whatever.cmd /ads will tell you whether the script contains the password.
Any other call will extract the password from the script and currently echo out the psexec command.
@echo off
setlocal
set ADS=
(for /f "usebackq delims=" %%a in ("%~f0:ADS") do set ADS=%%a) 2>NUL
if /i "%~1"=="/ads" (
if "%~2"=="" (
if defined ADS (
echo ADS valid.
exit /b 0
) else (
echo No ADS found.
exit /b 1
)
) else (
>"%~f0:ADS" echo "%~2"
exit /b 0
)
)
if not defined ADS exit /b 1
ECHO PsExec.exe -accepteula -u DOMAIN\UserName -p %ADS% \\SERVER\Script.bat
ASKER
Hi oBdA
Where do you define the password in the script?
It would be perfect if I can get that working.
Thank you
Where do you define the password in the script?
It would be perfect if I can get that working.
Thank you
ASKER CERTIFIED SOLUTION
THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Thank you
http://www.joeware.net/freetools/tools/cpau/index.htm
Another is Bat2Exe.
A much better solution is Powerbroker by beyondtrust. But it isn't free.
Although I assume NOT using the -P password option is not what you want.