Running PowerCLI as a Secure Scheduled task -
- Have or create a service account to run the scheduled task. In this case Domain\scripter
- This user must also have permissions necessary to Connect-VIserver and complete commands in the ensuing script.
- Create a secure string password file that your script will call and decrypt to pass credentials
- Run a PowerShell window as the service account.
- Shift Right-Click Run as different user ***IMPORTANT***
- Use the credentials of the service account. Domain\scripter
- $pw = read-host “Enter Password” –AsSecureString
- This will prompt you for the password of the service account password, hide the characters, and encrypt the password in System.Security.SecureString
- ConvertFrom-SecureString $pw | out-file <Save Location.txt>
- This will pipe the encrypted password string to a text file.
- It is advisable to deny all permissions except to the service account.
- Add the now secure connection information and vi snap-in to the head of the powershell script (.ps1)
- add-pssnapin VMware.VImAutomation.Core
- This allows Powershell to run vSphere PowerCLI Commands
- $pswdSec = Get-Content "D:\PasswordFile.txt" | ConvertTo-SecureString
- Calls the Password File containing the secure string
- $bPswd = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($pswdSec)
- $pswd = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($bPswd)
- This converts the Encrypted String to a Text format that is then used to connect the service account in the following line
- connect-viserver -Server 123.123.123.123 -Protocol https -User scripter -Password $pswd
- This is the VIserver connection command to login using the service account credentials. Everything below this line will be your script.
- Configure the scheduled task and run .ps1 as the configured service account.
SOURCES:
http://msdn.microsoft.com/en-us/library/system.runtime.interopservices.marshal.aspx
http://mcpmag.com/articles/2013/02/26/securing-secure-strings.aspx
http://www.myitforum.com/articles/1/view.asp?id=10779