I am running few scripts in powershell and cmd through windows scheduler. I have to provide my credentials and access keys in both the cmd and powershell scripts.
Is there anyway where I can provide my credentials through parameters like in Continous integration Tools? or any other way?
ex:
SET Username=Usrnme
Set Password=pswd //shouldn't be visible
curl.exe --basic --u usrnme:pswd -X get "https:www.google.com" -k
I don't want everybody who has access to the system to view the username and password.
Please suggest.
Here are your options:
Put the user name and password in a file and read it into batch script variables using for /f command
If you not using "simple filesharing" (= home edition versions of windows) you can set security so only one specific user has access to a password file or leave it in batch script and make that file's security so only one specific user has access.
Any text you are passing on a curl command line it is visible to any process while your curl.exe process is running. Another task can list running tasks eg from command prompt wmic process where ^(name^="curl.exe"^) get commandline would show it. I don't know how to obscure that.
You can use the Powershell Credential Manager to safely store the password on local computer. Then you can add the parameter to the script that represents credential target. See the example here
Related
I am working on an application that requires my users to share their fully-qualified-domain-name of their windows machine.
To help my users to extract their machine's FQDN, I want to share simple command line steps that they can copy/paste and execute on their terminals to get the result.
I was thinking of below command to extract local machine's FQDN:
echo %COMPUTERNAME%.%USERDNSDOMAIN%
But there are few problems of this command.
It gives output in ALL CAPS. (I can live with it)
It gives incorrect output if the variable is not set.
For example:
If USERDNSDOMAIN value is not set, then, you'll get following output:
echo %COMPUTERNAME%.%USERDNSDOMAIN% //<- Run this on cmd prompt
ClientComputerName.%USERDNSDOMAIN% //<- wrong output: Notice '%USERDNSDOMAIN%' is appended in o/p
Is there any way to stop echoing a variable if it's value is not set?
Please note that I want to extract "fully qualified domain name" of my windows machine through CMD prompt only.
You can get the FQDN name using PowerShell.
=== Get-FQDN.bat
#ECHO OFF
FOR /F %%A IN ('powershell -NoLogo -NoProfile -Command ^
"([System.Net.Dns]::GetHostByName($Env:COMPUTERNAME)).HostName"') DO (
SET "THEFQDN=%%A"
)
ECHO %THEFQDN%
If you have multiple users, then you surely have some way to get programs and batch files installed on them. Once this batch file script is installed into a directory on the user's PATH, it is a one-line command.
Get-FQDN
1st, please note that the "USER DNS Domain" is NOT the domain the computer is joined to, it is the domain the USER who is logged in belongs to.
If you log in as a user from a trusted domain, or a child or parent domain, then it will display that domain.
So, if you log in as a LOCAL account it will be blank (likely you are running into this)
There is a fairly simple way to get the actual computer domain however, by using NLTest. (For the like of me I could never figure out why Microsoft didn't pre-populate a variable with this info.)
At the CMD Line simply dump this into the command prompt (I believe you will need to run with admin privileges but I haven't tested):
FOR /F "tokens=3" %_ IN ('nltest /DOMAIN_TRUSTS /PRIMARY ^|FIND /I "0:"') DO #(ECHO.%COMPUTERNAME%.%_)
The result will be in all caps because that is how Microsoft displays this info.
Here is an example output:
MYLAPTOP.USERS.MYDOMAIN.LOCAL
But on-re-read you want something the users know how to do themselves, so ymmv if you could just send a reference email, or hand it to them each time they need it.
If you just wan this info and other info easily available you could use BGInfo or other options like that to set the desktop background.
Alternatively you could change the logon scripts to generate a simple text file with all the info each time the user logs on, and placed in a certain folder you tell them to look in.
I want to detect that my batch file is running under a given domain's accounts (i.e. when my batch file is executed using runas). How do I do that?
You can use the whoami command.
https://technet.microsoft.com/en-us/library/cc771299(v=ws.10).aspx
You can use the %USERDOMAIN% and %USERNAME% environment variables.
I am working on Windows 7 (logged in as session no.1), my Jenkins CI is running as windows service in session 0.
My problem is.. I want to open an Excel file through Jenkins CI in session 0, but want to display its GUI on session 1.
I know that session 0 is isolated in Windows 7, but is it possible to run a process in session 0 and then output in another session? please help.
Edit:
Took a little trial and error, but this is what finally worked for me (Windows 7 64-bit).
Download PsTools from Microsoft site
We only need psexec.exe, but you can extract everything. Extract to some location accessible by Jenkins, preferably without spaces in the path.
Open elevated command prompt: type cmd into Start's quicksearch, right click cmd.exe, select Run as Administrator.
Type C:\path\to\psexec.exe -accepteula and press enter.
Type C:\path\to\psexec.exe -i 1 cmd and press enter. (If you see a command prompt appear, all is good, close it now)
In Job configuration, configure Execute Windows Batch command step
Write the following:
C:\path\to\psexec.exe -accepteula && C:\path\to\psexec.exe -i 1 cmd /c start C:\PROGRA~2\MICROSO~1\path\to\excel.exe
Where:
C:\path\to is your full path to psexec.exe, unless it is in your %path%
-i 1 is the session ID that you want to launch in.
C:\PROGRA~2\MICROSO~1\path\to is your full path to excel.exe without spaces. Since most Office installations are going to be under paths with spaces, like "Program Files (x86), you have to figure out the short path, or place it somewhere without spaces.
Having excel.exe under %path% and working from regular command line was not enough.
A little explanation for those that care:
psexec needs to install a services first. For that, it needs to be run from elevated command prompt for the first time. This is a one-time installation step.
To make psexec work, you need to accept the EULA prompt. This is done per session/user. So even if you run psexec -accepteula in your command prompt, it doesn't help when Jenkins service (running as Local System in session 0) tries to use it. Therefore, you have to place that into the Jenkins job, along with the command. Technically, it only needs to be there once, and can be removed afterwards, but it definitely doesn't hurt to keep it there.
I've used cmd /k and running this command from my local cmd prompt to debug. This is what made me realize I couldn't find a way to escape the spaces (tried various quoting), so had to resort to short file names. Note that short file names are not required, this is just to escape spaces.
no its not-
plus any UI interactions requires you to run Jenkins as Java web start rather than a service or you can not interact with UI elements.
I need to create a script to periodically delete files from a user's folder that contains files that have read only access to standard users. I have a script that works perfectly but it asks for authentication. I need it to run it unattended...
I'm not sure what process or command is giving you the authentication window (your question is not clear about that) but you can use do shell script for file handling without being asked for authentication.
do shell script "rm /path/to/file" password "<password>" with administrator privileges
Of course you need to have already administrator privileges.
I am trying to pass a password into a Windows executable (simulating user input). Whenever I try to do that I get "no console available for secure input". The executable is an ORACLE executable called cdxdbi.
I am trying to call it like this:
CDXDBI.exe < params
where params is a file containing the password. Without the paramters the executable brings up a cmd terminal prompting for the password (twice).
How can I inject parameters into the terminal? I do not have more information on the exe, unfortunately. Anyone had the same issue and can provide a solution?
Best regards,
Sebastian
Assuming the following
CDXDBI is a console based application
The password prompt is the first and second line reads of stdin
Something like this might work
(
echo Password
echo Password
)| CDXDBI.exe
Otherwise, you will have to use one an external tool like mentioned in the comments.