14 Replies Latest reply on Mar 6, 2018 2:15 PM by Dmitry Chirkov

    Encrypt password for Tabcmd

    Atul Bhagwat

      Hi,

       

      Went through the document Password Encryption For TABCMD

      Was able to setup everything and it works fine.

      However, wanted to check on the Set Encrypted password script.

      Do we always have to set it? I mean everytime I run it?

      If I schedule a task for next Friday, the script does not run as it is unable to get a password. However, the passcode.txt is available with the encrypted password in it.

       

      Example:

      1. Set password

      2. passcode.txt created

      3. Use the passcode.txt with Get password script in a bat file.

      4. All works fine.

      5. Put the bat file in a task scheduler ( only the get part and the script)

      6. Works fine.

       

      However, if I put it to run say every Friday, the next time, it gets a blank password.

       

      Regards,

      Atul B

        • 1. Re: Encrypt password for Tabcmd
          Toby Erkson

          You create the passcode.txt file once (using the Set_EncryptedPassword script) and then you are done.  Only change it when the password needs changing.

          Use the Get_EncryptedPassword script to retrieve the password (typically placing the password into a variable).

           

          Here's a cmd batch script you can use to test if you set the password, what it is, and as an example of how to use the Get_EncryptedPassword script:

          ECHO OFF
          REM Insure command extensions are enabled, used by the FOR...DO command.
          SETLOCAL ENABLEEXTENSIONS
          
          SET dDate=%DATE:/=%
          SET ScriptPath=D:\Application\Tableau\Scripts
          SET sLogPath=%ScriptPath%\script_logs
          SET mypath=%ScriptPath%\Get_EncryptedPassword.ps1
          SET encrypted=%ScriptPath%\encrypted_password.txt
          ECHO begin >> %sLogPath%\_pass.log 2>&1
          
          FOR /F "delims=" %%a IN ('powershell . %mypath% %encrypted% ') DO SET pass_word=%%a
          
          ECHO %pass_word% >> %sLogPath%\_pass.log 2>&1
          ECHO "%pass_word%" >> %sLogPath%\_pass.log 2>&1
          ECHO end >> %sLogPath%\_pass.log 2>&1
          ECHO. >> %sLogPath%\_pass.log 2>&1
          ECHO Results in %sLogPath%\_pass.log
          

           

          Remember to change the file path in line 6 above for your testing

          • 2. Re: Encrypt password for Tabcmd
            Atul Bhagwat

            Thanks Toby, that's what I thought. However when the scheduled task runs

            the next time, it gets a blank password instead.

            • 3. Re: Encrypt password for Tabcmd
              Toby Erkson

              Does the cmd script I gave work on the server, like, you see the password in the text log file?

              • 4. Re: Encrypt password for Tabcmd
                Atul Bhagwat

                Hi Toby Erkson

                 

                No, the CMD script fails to load the password.

                Output from the CMD.

                 

                ==BAT FILE==

                SETLOCAL ENABLEEXTENSIONS 

                SET dDate=%DATE:/=%

                SET ScriptPath=D:\Archive\Scripts

                SET sLogPath=%ScriptPath%\script_logs

                SET mypath=%ScriptPath%\Get_EncryptedPassword.ps1

                SET encrypted=%ScriptPath%\passcode.txt

                ECHO begin >> %sLogPath%\_pass.log 2>&1

                FOR /F "delims=" %%a IN ('powershell . %mypath% %encrypted% ') DO SET pass_word=%%a

                ECHO %pass_word% >> %sLogPath%\_pass.log 2>&1

                ECHO "%pass_word%" >> %sLogPath%\_pass.log 2>&1

                ECHO end >> %sLogPath%\_pass.log 2>&1

                ECHO. >> %sLogPath%\_pass.log 2>&1

                ECHO Results in %sLogPath%\_pass.log

                 

                 

                ==OUTPUT===

                D:\Archive\Scripts>SET dDate=05.03.2018

                D:\Archive\Scripts>SET ScriptPath=D:\Archive\Scripts

                D:\Archive\Scripts>SET sLogPath=D:\Archive\Scripts\script_logs

                D:\Archive\Scripts>SET mypath=D:\Archive\Scripts\Get_EncryptedPassword.ps1

                D:\Archive\Scripts>SET encrypted=D:\Archive\Scripts\passcode.txt

                D:\Archive\Scripts>ECHO begin  1>>D:\Archive\Scripts\script_logs\_pass.log 2>&1

                D:\Archive\Scripts>FOR /F "delims=" %a IN ('powershell . D:\Archive\Scripts\Get_
                EncryptedPassword.ps1 D:\Archive\Scripts\passcode.txt ') DO SET pass_word=%a

                D:\Archive\Scripts>SET pass_word=ConvertTo-SecureString : The data is invalid.

                D:\Archive\Scripts>SET pass_word=At D:\Archive\Scripts\Get_EncryptedPassword.ps1
                :5 char:42

                D:\Archive\Scripts>SET pass_word=+ $encrypted = Get-Content $fullFilePath | Conv
                ertTo-SecureString

                D:\Archive\Scripts>SET pass_word=+                                          ~~~~
                ~~~~~~~~~~~~~~~~~~

                D:\Archive\Scripts>SET pass_word=    + CategoryInfo          : InvalidArgument:
                (:) [ConvertTo-SecureString], C

                D:\Archive\Scripts>SET pass_word=   ryptographicException

                D:\Archive\Scripts>SET pass_word=    + FullyQualifiedErrorId : ImportSecureStrin
                g_InvalidArgument_Cryptographic

                D:\Archive\Scripts>SET pass_word=   Error,Microsoft.PowerShell.Commands.ConvertT

                • 5. Re: Encrypt password for Tabcmd
                  Toby Erkson

                  This looks like a Powershell issue.

                   

                  When I open my password file...

                  ...this is what it looks like:

                   

                  So "SET mypath=" is where the Get_EncryptedPassword.ps1" Powershell script is and

                  "SET encrypted=" is where the saved password file is ("encrypted_password.txt" in my example).

                  I just want to make sure that's clear.

                   

                  I don't know what the issue could be.

                  1 of 1 people found this helpful
                  • 6. Re: Encrypt password for Tabcmd
                    Toby Erkson

                    Calling two potential Powershell people who may be able to help with trouble-shooting:

                    Tracy Mixa

                    Dmitry Chirkov

                    • 7. Re: Encrypt password for Tabcmd
                      Dmitry Chirkov

                      Without digging too deep - is this about who is running the script?

                      Is your scheduled job configured to run under your own account?

                      2 of 2 people found this helpful
                      • 8. Re: Encrypt password for Tabcmd
                        Tracy Mixa

                        Hi Atul,

                        In order to get this to work in my setup, I had to make sure the tabcmd script that references the encrypted password file is run with the same user account that was used to encrypt the password.  If the script is run with any other account, it will return blank password.  So, if you want it to run via Scheduled Task, make sure you set it up to run under the correct user.

                        2 of 2 people found this helpful
                        • 10. Re: Encrypt password for Tabcmd
                          Atul Bhagwat

                          Hi Tracy,

                           

                          Thanks for your inputs.

                          Yes, I am running the task scheduler using the same account that was used to encrypt the password.

                          The strange thing is, if I run the Set_encrypted ps1 and then run the batch file which uses the get_encrypted ps1 it works fine.

                          Even with a task scheduler, it will run today.

                          But, the same setup will not run the next day at any given time, as it will get a blank password.

                          Hence checked with Toby, if we need to generate a password everytime, I have to run the batch file.

                          The username and password does not change. Its a production account.

                           

                          Regards,

                          Atul B

                          • 11. Re: Encrypt password for Tabcmd
                            Atul Bhagwat

                            Yes Toby.

                            It is how you mentioned.

                            If I regenerate the password again, the same script executes perfectly fine.

                            So not sure, why is it unable to read the same passcode.txt the very next day. It is available at the same location.

                             

                            Regards,

                            Atul B

                            • 12. Re: Encrypt password for Tabcmd
                              Tracy Mixa

                              Atul, is there a user profile on your server/computer for the production account you are using to run the scheduled task?  If you are doing a 'Run As a Different User' when running the Set and Get powershell scripts, I don't think that will cut it.  This is one issue I ran into when I set this up. I had to log into the server with the account that would be running the script from our scheduling solution so a local profile would be created.  Maybe that isn't the issue here but it's something I struggled to figure out at first...

                              • 13. Re: Encrypt password for Tabcmd
                                Toby Erkson

                                From what I've quickly read, I agree w/Tracy.  The account you use to create the password needs to be the same account used to run the script.

                                 

                                Now, if you're doing all of this and the password is still getting reset sometime during the 24 hours of its next run, well, see if there's someone or some other process messing with it.

                                • 14. Re: Encrypt password for Tabcmd
                                  Dmitry Chirkov

                                  Should do something like this:

                                  SET encrypted=%ScriptPath%\%USERNAME%_encrypted_password.txt