DEVHIDE
Login Or Sign up

Powershell, is it possible to replace the password by an hash in the Unlock-BitLocker command?

294 Views Asked by At

Related to: https://learn.microsoft.com/en-us/powershell/module/bitlocker/unlock-bitlocker?view=windowsserver2022-ps

$SecureString = ConvertTo-SecureString "fjuksAS1337" -AsPlainText -Force
Unlock-BitLocker -MountPoint "E:" -Password $SecureString

That I want to use it in a .ps1 script file ( without ask for the user password ). The user is only me and it's on my home computer.

My question: Is it possible to replace "fjuksAS1337" by an Hash of "fjuksAS1337" or something less obvious than the literal text password in the script?

Thanks for your help!

powershell passwords bitlocker
Original Q&A
2

There are 2 best solutions below

0
Theo On

You could save your credentials into an xml file inside some folder where you have set permissions to read/modify only to you like

$path = Join-Path -Path $env:USERPROFILE -ChildPath "OnlyMeCanAccess\bitlocker.xml"
$cred = Get-Credential -UserName $env:USERNAME -Message 'Please enter your credentials'
$cred | Export-CliXml -Path $path -Force

Then in your script use it as

$path = Join-Path -Path $env:USERPROFILE -ChildPath "OnlyMeCanAccess\bitlocker.xml"
$cred = Import-Clixml -Path $path
Unlock-BitLocker -MountPoint "E:" -Password $cred.Password
0
Daemon-5 On

It is not safe to keep credentials in script but you can use next scheme:

  1. Run PS console and execute next 4 commands.

1.1. Generate secure key for encryption (keep it). It is simple key example:

[byte[]] $key = (1..32)

1.2. Make secured string from your password:

$SecuredString = ConvertTo-SecureString -AsPlainText -Force -String "fjuksAS1337"

1.3. Make encrypted string using secure key:

$EncryptedString = ConvertFrom-SecureString -key $key -SecureString $SecuredString

1.4. Print and keep value of $EncryptedString:

76492d1116743f0423413b16050a5345MgB8ADQANgBLAGgAawBKADIANQBSADEAbABBAGEATgBrAHAASgBKAGcAZwBBAFEAPQA9AHwANwA2ADcAMQAzADcAOQBlAGEAZAA2AGMAMAAyADEANwBhAGIAYgBlADQAOABmAGEANABjADgAYQAzAGYAZAA2AGMAYgAxADUAMgA0ADAAMAAxADAAOQA5AGIAYwAxADQAOQAxADEANQAwADAAYQA1AGIAYgA0ADIAZAA5ADMANQA=

  1. Use encrypted password value in your script (1.4.):

    $EncryptedString = "76492d1116......ANQA="

  2. Use secure key in your script (1.1.):

    [byte[]] $key = (1..32)

  3. Make secured string in script:

    $SecuredString = ConvertTo-SecureString $EncryptedString -Key $key

  4. Use secured string in script:

    Unlock-BitLocker -MountPoint "E:" -Password $SecuredString

Related Questions in POWERSHELL

Related Questions in PASSWORDS

Related Questions in BITLOCKER

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Popular Questions

.

Copyright © 2021 Jogjafile Inc.