Jump to content

Share credentials across multiple systems securely?


 Share

Recommended Posts

I'm working on a script that will allow me to split up some spreadsheets that drive an automation script into 4 pieces, then it will execute RDP sessions into 4 other systems.  Those 4 system have the script set to launch on startup and so far it's working well but the problem is, the scripts need to log into some production systems which require UserID's, passwords, and some other info passed to them in order to login and run.

I'm thinking about creating an .ini file on a network share to store/share the info, but I need to Encrypt/Decrypt the Creds.  Is there some way to generate a custom Encryption Key that will only generate if logged in with a specific AD account so I can generate the Key on any system as long as I'm logged in with the same account?

Different people may launch this so it has to be keyed to whoever is launching it.

 

If anyone has some other method to securely pass Credentials/info to remote scripts that would be better, I'd love to hear it.

Thanks,

Mike

Link to comment
Share on other sites

@BigDaddyO,

taking your description literally, it cannot be done. you cannot give a user permission to execute the script & read the credentials source, but deny the ability to uncover the credentials. however, it is possible if you define your scenario properly.  for an adequate solution, the following conditions must be considered:

1) is your script desktop-oriented, or can it execute at the background (headless)? if it is desktop-oriented, can it be converted to work headless?

2) is the user (person) executing your script  also need to interact with it?

3) does your script work differently for each user? do you need to log who is the user executing your script?

4) how heterogeneous are those production systems? e.g. are they all Windows-based? in the same AD domain?

off hand i'd say, in a simple scenario, you can schedule your script to execute at startup with a dedicated AD account that has access to the credentials data (or has the credentials stored in its Credential Manager). define your scenario properly, and you may get better suggestions.

Signature - my forum contributions:

Spoiler

UDF:

LFN - support for long file names (over 260 characters)

InputImpose - impose valid characters in an input control

TimeConvert - convert UTC to/from local time and/or reformat the string representation

AMF - accept multiple files from Windows Explorer context menu

DateDuration -  literal description of the difference between given dates

Apps:

Touch - set the "modified" timestamp of a file to current time

Show For Files - tray menu to show/hide files extensions, hidden & system files, and selection checkboxes

SPDiff - Single-Pane Text Diff

 

Link to comment
Share on other sites

KeePass can somehow link itself to an AD account so only if you are logged in with the AD account can you open that database.  That's what I wanted to do with the encrypted ini file.

 

For now, i'm using the users AD SID as the key with _Crypt_EncryptData to encrypt the values I store in the INI on the network.

I'm also encrypting the actual .ini file so when it Decrypts the file it will go to the local temp folder, not the network share.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...