Link to home
Start Free TrialLog in
Avatar of snoopaloop
snoopaloopFlag for United States of America

asked on

Passing credentials to Service in batch - Using Escape Characters

I'm trying to complete a silent install batch script and having issues passing the credentials to my service.  The svc account and password both have special characters and I've tried using escape characters to get the credentials to pass through.  I was able to get basic character credentials to pass for testing but that will not work in production.  See attachment for my script, any help would be much appreciated!
passthrough.JPG
Avatar of NVIT
NVIT
Flag of United States of America image

Can you use other chars besides ! (exclamation)?
Avatar of snoopaloop

ASKER

The real password is a little more complex than the one I gave in my attachment.  However, it does use an ! character and I'm not the owner of the svc account so I think they'd like to keep the pw as is.  I inserted \ before the special characters in my script and it seemed to pass through but still having issues with the password.  When I open the service it looks like it worked but fails when I try to start the service.  Also, when I open the software I'm showing that my user id passed through but the password field is blank.
Have you tried ^ as escape char?
For any quotes in the password, double quote it, e.g. "passw""ord!"
Just tried using ^ and it outputted options for the sc.exe cmdlet
ASKER CERTIFIED SOLUTION
Avatar of NVIT
NVIT
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Attention! Is you set a var,  the value starts immediately after the equal sign! Depending on where you use the var, it matters.
And yes, using a caret as escape should work. But each time you pass the value thru another level, or further process it, it gets worse and now unpredictable how many carets you need...

If ! is the only big issue, try to disable delayed expansion.

But the best solution is to use VBS or PowerShell (favourable), without using sc.exe.
passing real account credentials by batch or by script is not a good idea. it is very easy to reveal the data for anyone wants to do that. for example a user could break the login by ctrl+c and it is a good chance that it breaks in a command window which shows all the decret data passed. even encrypting a vbs script (vbs to vbe) is a poor method and simple to hack since there are lots of decryption tools free available.

therefore i would recommend to create a key-pair and encrypt your request with the public key and use a method to send it to the service without credentials (for example by socket stream or by web service). the service then would decrypt the request by using the private key. doing it that way is pretty safe and could even be made unbreakable by adding some handshake between client and service.

Sara
Thanks Everyone!  I end up using powershell and calling the cmd.exe cmdlet to pass through the credentials.