tags:

views:

66

answers:

1
Q: 

Using Remove-Item with Credentials

I am attempting to use the Remove-Item cmdlet as part of an automation for a system. The files are stored on a server that requires elevated rights to perform the file deletion. I have access to a domain admin account that I use for such automation scripts.

The code below will build the PSCredential object:

$password = New-Object System.Security.SecureString
"passwordhere".ToCharArray() | ForEach-Object { $password.AppendChar($_) }
$cred = New-Object System.Management.Automation.PSCredential("domain\username",$password)
$cred

I am passing this object to the following action:

Remove-Item -LiteralPath $path -Force -Credential $cred

Any ideas?

+3  A: 

It's not clear to me if the files are local (you're running the script on the server) or remote (on another machine). If local try running the command using a background job and pass in the credentials to Start-Job:

$job = Start-Job { Remove-Item -LiteralPath $path -force } -cred $cred 
Wait-Job $job
Receive-Job $job

If they're remote, try using remoting:

Invoke-Command -computername servername `
               -scriptblock { Remove-Item -LiteralPath $path -force } `
               -Cred $cred

Note: This requires that you execute Enable-PSRemoting on the remote machine.

In general, putting raw passwords in your script isn't a great idea. You can store the password in an encrypted manner using DPAPI and later, only that user account can decrypt the password e.g.:

# Stick password into DPAPI storage once - accessible only by current user 
Add-Type -assembly System.Security 
$passwordBytes = [System.Text.Encoding]::Unicode.GetBytes("Open Sesame") 
$entropy = [byte[]](1,2,3,4,5) 
$encrytpedData = [System.Security.Cryptography.ProtectedData]::Protect( ` 
                       $passwordBytes, $entropy, 'CurrentUser') 
$encrytpedData | Set-Content -enc byte .\password.bin 

# Retrieve and decrypted password 
$encrytpedData = Get-Content -enc byte .\password.bin 
$unencrytpedData = [System.Security.Cryptography.ProtectedData]::Unprotect( ` 
                       $encrytpedData, $entropy, 'CurrentUser') 
$password = [System.Text.Encoding]::Unicode.GetString($unencrytpedData) 
$password
Keith Hill  2010-06-18 01:51:01
DPAPI is cool! Thx for sharing!
stej  2010-06-18 06:52:02
I agree that hardcoding a password is a bad idea, but it was a requirement for testing from my host. I decided to open up our server used for such automation and I logged in as the domain account. From here I was able to test successfully. Remove-Item is not able to accept Credential informaiton from the best I can find.I will give you credit as the answer because the DPAPI stuff is righteous.
websch01ar  2010-06-18 13:19:02
Thanks. WRT rename-item and -credential you are right when it comes to the filesystem provider. Keep in mind though that rename-item is meant to work across various different providers (registry, function, etc). Did you know you can copy and rename functions? PowerShell is pretty cool in this way. You can copy your prompt function to a different name, experiment with a new prompt function, and then restore the old one when you're done.
Keith Hill  2010-06-18 19:59:54

related questions

How do I access the non-IPM_SUBTREE Public Folder Tree with WMI?
How do I create a custom type in PowerShell for my scripts to use?
iTunes warning message on quit due to scripting
Creating batch jobs in PowerShell
Troubleshooting a NullReference exception in a service
Windows Powershell book - any good experiences?
Windows 2003 Scheduled Task Cmdlet (v 1.0)
How to get started with PowerShell?
get file version in powershell
Set up PowerShell Script for Automatic Execution
Accessing .NET components from Powershell
PowerShell - How do I pass string parameters correctly?
execute shortcuts like programs in powershell
How do I compare two arrays of DataRow objects in PowerShell?
PowerShell App.Config
PowerShell - how do I do a string replacement in a function?
PowerShell FINDSTR eqivalent?
How do I make Powershell run a batch file and then stay open?
quoting System.DirectoryServices.ResultPropertyCollection
Powershell's Invoke-Expression missing param
How do you impersonate an Active Directory user in Powershell?
Why don't my powershell scripts run?
Can I copy files to a Network Place from a script or the command line?
How do you use PowerShell?
What are your favorite Powershell Cmdlets?