Securely pass credentials to an executable in powershell script including needed switches

error messageI am trying to replace a batch file that runs an automated upload process with a PowerShell script that provides better security. Currently, the executable in the batch file is run with credentials that are displayed in clear text as part of a switch. I am new to PowerShell and am having difficulty understanding how to call these credentials and apply them to the executable file I am trying to run. There seem to be a lot of posts about applying saved credentials to cmdlets, but little about working with executables. Below is a copy of my current script.
$username = "xxxxxxxx@xx.xxxx.xx.xx"
$password = "Get-Content D:\temp\axupload.txt | ConvertTo-SecureString"
$mycred = "New-Object System.Management.Automation.PSCredential -ArgumentList $username,$password"
$securepassword = "$mycred.GetNetworkCredential().Password"
$exe = "D:\Program Files (x86)\XtenderSolutions\Content Management\IndexImageImport.exe"
$appname = "HR_PERSONNEL_OPTION1"
$specname = "HR_PERSONNEL"
$filename = "\\xxxxxxx\aximport\HR\Weekly_Upload\WCHR10B.AppXtender.20181001.txt"
& $exe /U $username /W $securepassword /A $appname /S $specname /F $filename

Attached is the error message returned by the application.  So it does not appear to be getting the needed credentials.
I am trying to understand the correct method to pass user credentials to an older exe application without having theses credentials in plain text.  I already tried a version of the script using -credential, but it does not recognize that.

error message
obladi obladaAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jeremy WeisingerSenior Network Consultant / EngineerCommented:
Do you have the error message?
0
obladi obladaAuthor Commented:
I uploaded a screenshot called index_image_error.
0
Jeremy WeisingerSenior Network Consultant / EngineerCommented:
Unfortunately I don't see anything attached to the question. Could you try again or embed the pic in your post?
0
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

oBdACommented:
The issue is that you enclosed cmdlet calls into double quotes (lines 2, 3, 4), changing them to simple strings.
Assuming you created axupload.txt by passing a secure string password to ConvertFrom-SecureString and then saving that:
$username = "xxxxxxxx@xx.xxxx.xx.xx"
$password = Get-Content D:\temp\axupload.txt | ConvertTo-SecureString
$mycred = New-Object System.Management.Automation.PSCredential -ArgumentList $username, $password
$plaintextPassword = $mycred.GetNetworkCredential().Password
$exe = "D:\Program Files (x86)\XtenderSolutions\Content Management\IndexImageImport.exe"
$appname = "HR_PERSONNEL_OPTION1"
$specname = "HR_PERSONNEL"
$filename = "\\xxxxxxx\aximport\HR\Weekly_Upload\WCHR10B.AppXtender.20181001.txt"
& $exe /U $username /W "`"$plaintextPassword`"" /A $appname /S $specname /F $filename

Open in new window

0
obladi obladaAuthor Commented:
You are awesome!  It does work as you have laid it out.  I don't fully understand the application of the " or `.  I do need to make one small tweak which is to add the /Q option to the end of the file name.  I tried it both outside the " and inside, but it tells me it can't find the file, so there's something about my layout.
$filename = "\\xxxxxxx\aximport\HR\Weekly_Upload\WCHR10B.AppXtender.20181001.txt /Q"   The /Q is an option on the filename switch to check for unique key.  Any ideas of how I would add this to the filename?   Thanks
0
oBdACommented:
That's just another option, not a part of the file name:
& $exe /U $username /W "`"$plaintextPassword`"" /A $appname /S $specname /F $filename /Q

Open in new window

The "`"$plaintextPassword`"" is required because PowerShell only automatically adds quotes around a command line option if there's a space in the string; a password might contain other critical characters that should be enclosed in quotes, and that's a way to solve this.
0
obladi obladaAuthor Commented:
Yes, that worked as well.  Once last question I wanted to stick something at the end that would remove the plaintext password from memory.  I understand there is a "Remove-Variable" command.  Would that be Remove-Variable $PlaintextPassword?   thanks,
0
oBdACommented:
No, you need the name (plaintextPassword) of the variable, not its content ($plaintextPassword).
Remove-Variable -Name plaintextPassword

Open in new window

0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
obladi obladaAuthor Commented:
That did the trick.  Thanks for your help.  I am going to close the question.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Powershell

From novice to tech pro — start learning today.