I am writing a batch file for execute some other programs. In this case I need to prompt for a password. Do I have any way to mask the input text. I don't need to print *** characters instead of input characters. Linux's Password prompt behaviour (Print nothing while typing) is enough.
@echo off
SET /P variable=Password :
echo %variable%
Pause
This will read the input but I cant mask the text using this approach.
How to create a masked input to a batch file - does that help ? It appears to vary somewhat depending on the platform.
I would probably just do:
..
echo Before you enter your password, make sure no-one is looking!
set /P password=Password:
cls
echo Thanks, got that.
..
So you get a prompt, then the screen clears after it's entered.
If that wasn't good enough, I would either switch to python, or write an executable instead of a script.
I know none of these are perfect soutions, but maybe one is good enough for you :)
By clever use of another tool freely available on Windows (VBScript), the following two scripts do the job you want.
First, GetPwd.cmd:
@echo off
:: GetPwd.cmd - Get password with no echo.
<nul: set /p passwd=Password:
for /f "delims=" %%i in ('cscript /nologo GetPwd.vbs') do set passwd=%%i
echo.
:: This bit's just to prove we have the password.
echo %passwd%
Then, GetPwd.vbs:
' GetPwd.vbs - Get password with no echo then echo it. '
Set oScriptPW = CreateObject("ScriptPW.Password")
strPassword = oScriptPW.GetPassword()
Wscript.StdOut.WriteLine strPassword
Explanation follows:
GetPwd.vbs simply uses the password object to input the password from the user and then print it to standard output (the next paragraph will explain why that doesn't show up in the terminal).
GetPwd.cmd is a bit trickier (but command scripts usually are).
The "<nul: set /p passwd=Password: " is somewhat sneaky - the effect of the command is to output the prompt with no trailing newline character - it's a sneaky way to emulate the "echo -n" command from the bash shell. It sets passwd to an empty string as an irrelevant side effect and doesn't wait for input since it's taking its input from the nul: device.
I've used this trick for things like this as well as providing progress bars in a command window (no fancy GUI installs for my software, no sir :-)
The "for /f "delims=" %%i in ('cscript /nologo GetPwd.vbs') do set passwd=%%i" statement is the trickiest bit. It runs the VBScript with no Microsoft "advertising" (/nologo), so that the only line output is the password (from the VBscript "Wscript.StdOut.WriteLine strPassword".
Setting the delimiters to nothing is required to capture input lines with spaces, otherwise you just get the first word. The "for ... do set ..." sets passwd to be the actual password output from the VBScript.
Then we echo a blank line (to terminate the "Password: " line) and echo the password so you can verify it works (try to imagine I've typed in "this is my password" (without the quotes) on the Password: line, it's not echoed):
C:\Pax> GetPwd
Password:
this is my password
C:\Pax>
Unfortunately, scriptpw.dll is available with XP and 2003 but not later versions (Vista, Windows 2008 and Windows 7, I believe). In order to rectify this, you simply copy the scriptpw.dll file from the Windows\System32 folder of an XP or Windows 2003 system to the Winnt\System32 or Windows\System32 folder on your own system. Once the DLL has been copied, you will need to register it by running:
regsvr32 scriptpw.dll
To successfully register the DLL on Vista and later, you will need administrator privileges.
Hi all, another alternative is my EditV32 (x86) or EditV64 (x64) command-line tools. For example:
editv32 -m -p "Password: " PWD
-m means "masked input" and -p is the prompt. The user's input is stored in the PWD environment variable. You can get it here:
www.westmesatech.com/editv.html
Regards, Bill
I read all the clunky solutions on the net about how to mask passwords in a batch file, the ones from using a hide.com solution and even the ones that make the text and the background the same color. The hide.com solution works decent, it isn't very secure, and it doesn't work in 64-bit Windows. So anyway, using 100% Microsoft utilities, there is a way!
First, let me explain my use. I have about 20 workstations that auto logon to Windows. They have one shortcut on their desktop - to a clinical application. The machines are locked down, they can't right click, they can't do anything but access the one shortcut on their desktop. Sometimes it is necessary for a technician to kick up some debug applications, browse windows explorer and look at log files without logging the autolog user account off.
So here is what I have done.
Do it however you wish, but I put my two batch files on a network share that the locked down computer has access to.
My solution utilizes 1 main component of Windows - runas. Put a shortcut on the clients to the runas.bat you are about to create. FYI, on my clients I renamed the shortcut for better viewing purposes and changed the icon.
You will need to create two batch files.
I named the batch files runas.bat and Debug Support.bat
runas.bat contains the following code:
cls
@echo off
TITLE CHECK CREDENTIALS
goto menu
:menu
cls
echo.
echo ....................................
echo ~Written by Cajun Wonder 4/1/2010~
echo ....................................
echo.
@set /p un=What is your domain username?
if "%un%"=="PUT-YOUR-DOMAIN-USERNAME-HERE" goto debugsupport
if not "%un%"=="PUT-YOUR-DOMAIN-USERNAME-HERE" goto noaccess
echo.
:debugsupport
"%SYSTEMROOT%\system32\runas" /netonly /user:PUT-YOUR-DOMAIN-NAME-HERE\%un% "\\PUT-YOUR-NETWORK-SHARE-PATH-HERE\Debug Support.bat"
@echo ACCESS GRANTED! LAUNCHING THE DEBUG UTILITIES....
@ping -n 4 127.0.0.1 > NUL
goto quit
:noaccess
cls
@echo.
@echo.
@echo.
@echo.
@echo \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
@echo \\ \\
@echo \\ Insufficient privileges \\
@echo \\ \\
@echo \\ Call Cajun Wonder \\
@echo \\ \\
@echo \\ At \\
@echo \\ \\
@echo \\ 555-555-5555 \\
@echo \\ \\
@echo \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\
@ping -n 4 127.0.0.1 > NUL
goto quit
@pause
:quit
@exit
You can add as many if "%un%" and if not "%un%" for all the users you want to give access to. The @ping is my coonass way of making a seconds timer.
So that takes care of the first batch file - pretty simple eh?
Here is the code for Debug Support.bat:
cls
@echo off
TITLE SUPPORT UTILITIES
goto menu
:menu
cls
@echo %username%
echo.
echo .....................................
echo ~Written by Cajun Wonder 4/1/2010~
echo .....................................
echo.
echo What do you want to do?
echo.
echo [1] Launch notepad
echo.
:choice
set /P C=[Option]?
if "%C%"=="1" goto notepad
goto choice
:notepad
echo.
@echo starting notepad....
@ping -n 3 127.0.0.1 > NUL
start notepad
cls
goto menu
I'm not a coder and really just started getting into batch scripting about a year ago, and this round about way that I discovered of masking a password in a batch file is pretty awesome!
I hope to hear that someone other than me is able to get some use out of it!
noTECHno
Baton Rouge, LA