Avatar of o365Adm
o365Adm
 asked on

store credentials in text file for automating powershell scripts.

Hi All,

we are using asp plugin and running powershell through web interface. Each time instead of entering password we tried the below code to connect o365. Unfortunately the code doesnt works on a 2012 server with  ps1x file.

The same code works if we manually copy paste on a powershell window, we can get a session. Also on a windows 7 box the code is working. It is not working only on a windows 2012 with IIS. Is there something we need to enable on the server management so that remote code works.

The error we get is CAS server name access denied.

$KeyFile = "C:\temp\AES.key"
$Key = New-Object Byte[] 16 
[Security.Cryptography.RNGCryptoServiceProvider]::Create().GetBytes($Key)
$Key | out-file $KeyFile

$PasswordFile = "C:\temp\Password.txt"
$KeyFile = "C:\tempAES.key"
$Key = Get-Content $KeyFile
$Password = "xxxxxxx" | ConvertTo-SecureString -AsPlainText -Force
$Password | ConvertFrom-SecureString -key $Key | Out-File $PasswordFile

$User = "serviceaccount.mydomain.onmicrosoft.com"
$PasswordFile = "C:\temp\Password.txt"
$KeyFile = "C:\tempAES.key"
$key = Get-Content $KeyFile
$MyCredential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $User, (Get-Content $PasswordFile | ConvertTo-SecureString -Key $key)

$Session= New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $MyCredential -Authentication Basic -AllowRedirection -warningaction silentlycontinue
$temp = Import-PSSession $Session -AllowClobber -DisableNameChecking
Import-Module msonline
Connect-MsolService -Credential $MyCredential

Open in new window


We also used the regular script which is working fine on windows 7 and powershell window.

$password = Get-content "C:\temp\password.txt" | convertto-securestring
$credentials = new-object -typename System.Management.Automation.PSCredential -argumentlist "serviceaccount.mydomain.onmicrosoft.com",$password 
$Session = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $Credentials -Authentication Basic -AllowRedirection -warningaction silentlycontinue
$temp = Import-PSSession $Session -allowclobber -warningaction silentlycontinue

Import-Module msonline
Connect-MsolService -Credential $Credentials -warningaction silentlycontinue

Open in new window

PowershellMicrosoft 365Microsoft IIS Web ServerWeb ServersWindows Server 2012

Avatar of undefined
Last Comment
o365Adm

8/22/2022 - Mon
Jian An Lim

if you can use a password (which is plain text), why not use use xml?

you can save the password by
Get-Credential -UserName xxxx -message o365 | Export-Clixml c:\temp\credential-save.xml

reuse the password

$credential = import-clixml c:\temp\credential-save.xml
Import-Module MsOnline
Connect-MsolService -Credential $credential

not sure whether that will save the hassle?
o365Adm

ASKER
Hi limjianan,

I will try xml in the web interface and come back to you for any queries.
Thank you so much.
o365Adm

ASKER
HI Limjianan,

unfortunately the xml file also works only on windows 7, when tried the same steps in windows server 2008/2012 we get access denied with a cas server name.

Is there something we need to enable on windows firewall/port/Groupolicy/local security policy so that the cached credentials works fine while requesting from web.
I started with Experts Exchange in 2004 and it's been a mainstay of my professional computing life since. It helped me launch a career as a programmer / Oracle data analyst
William Peck
Jian An Lim

hmm.. strangely i am on windows 10 and it works without issue ...
i am thinking you have something blocking it and it could be environmental.
o365Adm

ASKER
The problem is with only when we run the credentials from web it gives us an error. All the below combinations works fine.

Windows clients ( Runs fine)
Windows Server ( Works Fine)
Web based service from windows clients ( Works fine)

Is there something we need to enable on the IIS server/ Windows component.
SOLUTION
Jian An Lim

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
GET A PERSONALIZED SOLUTION
Ask your own question & get feedback from real experts
Find out why thousands trust the EE community with their toughest problems.
o365Adm

ASKER
We have IIS server on a windows server which is in a seperate domain and the account we use to authenticate O365 is a pure cloud and not a part of our forest.

Is there any way we can encrypt machine level.
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
Jian An Lim

try this code
i wonder because it is IIS so it can't read file properly.
this only do in your script.

$password = convertto-securestring "TestPassword" -asplaintext -force
$credentials = New-Object System.Net.NetworkCredential("TestUsername", $password, "TestDomain")



$Session= New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri https://outlook.office365.com/powershell-liveid/ -Credential $MyCredential -Authentication Basic -AllowRedirection -warningaction silentlycontinue
$temp = Import-PSSession $Session -AllowClobber -DisableNameChecking
Import-Module msonline
Connect-MsolService -Credential $credentials 

Open in new window

o365Adm

ASKER
Unfortunately the above code also doesn't work.
ASKER CERTIFIED SOLUTION
Jian An Lim

THIS SOLUTION ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
⚡ FREE TRIAL OFFER
Try out a week of full access for free.
Find out why thousands trust the EE community with their toughest problems.
o365Adm

ASKER
Hi Limjianan

Problem is with the IIS application pool. Issue resolved after changing the IIS Application Pool Identity from the default value to a real user account having local admin permissions.

Thank you so much for helping me. I learned many ways of creating powershell session.
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes