I've seen people do it this way... --password-file pwd.txt
Your password would then be in the pwd.txt file rather than in your batch file.
But to do this your password text file needs to be in the same directory as your batch file.
You can also use windows encryption to encrypt the password file. If a user encrypts the password file, the script can use the same logged-in user's credentials to decrypt the password file for inclusion in the tabcmd command without the user having to enter them each time, or store them permanently in plain text. Here is some powershell that decrypts the password:
# retrieve encrypted password
$username = "username"
$encrypted = Get-Content "C:\path\to\tableaufiles\encrypted_password.txt" | ConvertTo-SecureString
$credential = New-Object System.Management.Automation.PsCredential($username, $encrypted)
$pw = $credential.GetNetworkCredential().Password
# $pw contains the decrypted password that can be passed in the tabcmd command string
You should be able to do some keyword searching to pull up the post I got this method from for more information. I don't have it at hand.
I was using the methodology stated above by Sean with Active Directory. However, as our group in forced to updates our passwords periodically, what is the best practice so that the scripts don't fail (as I forgot to re-encrypt the password file with the new password)? Is there a way around having to encrypt a new password every few months?