批处理新手入门导读[视频教程]批处理基础视频教程[视频教程]VBS基础视频教程
[批处理文件精品]批处理版照片整理器[批处理文件精品]纯批处理备份&还原驱动在线第三方下载
返回列表 发帖

[转载代码] [PowerShell每日技巧]使用EFS保护密码(20140403)

If you absolutely need to hardcode passwords and other secrets into your scripts (which you should avoid for obvious reasons), then you might still be safe when you encrypt the script with the EFS (Encrypting File System). Encrypted scripts can only be read (and run) by the one that encrypted it, so this works only if you are running the script yourself, and if you are running it from your machine.

Here's an easy way of encrypting a PowerShell script:
  1. # create some sample script
  2. # replace path with some real-world existing script if you want
  3. # and remove the line that creates the script
  4. $path = "$env:temp\test.ps1"
  5. "Write-Host 'I run only for my master.'" > $path
  6. $file = Get-Item -Path $path
  7. $file.Encrypt()
复制代码
Once you run this, it will create a new PowerShell script in your temp folder that is encrypted by EFS (if you get an error message instead, then EFS might either not be available or disabled on your machine).

Once encrypted, the file will appear in green when viewed in Windows Explorer, and only you will be able to run it. No one else can even see the source code.

Note that in many corporate environments, EFS is set up with recovery keys that allow specific recovery personnel to decrypt files with a master key. If no such master key exists, once you lose your EFS certificate, even you will not be able to view or run the script anymore.

http://powershell.com/cs/blogs/tips/archive/2014/04/03/using-encrypting-file-system-efs-to-protect-passwords.aspx

返回列表