Recently I needed to save passwords to share across scripts and wanted to:
Avoid clear text passwords
Avoid updating anything in each PS1 script file
Securely store in a central place
Make future password updates easy
After testing I found that ConvertTo-SecureString can be used with Set-ItemProperty to encrypt user text input and save to the Registry Current User hive (HKCU). From here, multiple scripts on that machine can reuse the one central password. However, it cannot be decrypted from any other machine. That enables us to share one credential across many PS1 scripts while keeping any password updates centralized and easy to do. Also, the reference pointer in each script is not a file path, UNC, or network share, but simply “HKCU:\Software” for a reliable lookup pipeline.
Hope you find this useful too. Cheers!
Screenshot
Code
param (
[Alias("c")]
[switch]$clearSavedPW
)
Function GetSecurePassword($user) {
# Registry HKCU folder
$path = "HKCU:\Software\AdminScript"
if (!(Test-Path $path)) {md $path | Out-Null}
$name = $user
# Do we need to clear old paswords?
if ($clearSavedPW) {
Remove-ItemProperty -Path $path -Name $name -Confirm:$false -ErrorAction SilentlyContinue
Write-Host "Deleted password OK for $name" -Fore Yellow
Exit
}
# Do we have registry HKCU saved password?
$hash = (Get-ItemProperty -Path $path -Name $name -ErrorAction SilentlyContinue)."$name"
# Prompt for input
if (!$hash) {
$sec = Read-Host "Enter Password for $name" -AsSecureString
if (!$sec) {
Write-Error "Exit - No password given"
Exit
}
$hash = $sec | ConvertFrom-SecureString
# Prompt to save to HKCU
$save = Read-Host "Save to HKCU registry (secure hash) [Y/N]?"
if ($save -like "Y*") {
Set-ItemProperty -Path $path -Name $name -Value $hash -Force
Write-Host "Saved password OK for $name" -Fore Yellow
}
}
# Return
return $hash
}
# Example usage for SharePoint Online (Office 365)
Import-Module Microsoft.Online.SharePoint.PowerShell -WarningAction SilentlyContinue
$admin = "admin@tenant.onmicrosoft.com"
$pass = GetSecurePassword $admin
$secpw = ConvertTo-SecureString -String $pass -AsPlainText -Force
$c = New-Object System.Management.Automation.PSCredential ($admin, $secpw)
Connect-SPOService -URL "https://tenant-admin.sharepoint.com" -Credential $c
Get-SPOSite
Ever wondered what fixes are inside of a given CU? Please see attached PDF with full detail. I wanted a new format for easy reading. Show management and make the business case for why downtime should be taken to apply CUs. Also posted at http://sharepointupdates.com/
If you found this helpful, please leave a comment.
After watching the Zero Downtime Patching (ZDP) TechNet video, I wanted to share my thoughts about when that is helpful and when a simpler approach is needed. Ultimately we are given options and asked to balance cost with questions such as:
What is the cost of outage/downtime?
What is our SLA?
What hours do users normally work?
What is the cost of High Availability redundant farm topology?
What is the support effort to maintain HA farms?
What is the VM, licensing, and storage cost?
Bottom line – Does the cost of outage exceed the cost of HA? Or vice versa?
What is ZDP?
[TechNet] “Zero Down-Time patching doesn’t demand any server downtime while patching a SharePoint Server 2016 farm, but does require that your farm be set up in a Highly Available (HA) configuration (so that SharePoint roles are hosted on more than one server). That way, patching can be done in batches where certain of the redundant servers are taken out of load balancing, patched, replaced, and tested for soundness before the other servers follow through the same process. During Zero down-time patching, users can add and edit files and use search just as at any other time.”
What is MDP?
I would define Minimal Downtime Patching as “Planning an acceptable window of brief downtime to apply system updates as quickly as possible.” This implies an SLA less than 99.99% and 365/24 hour availability. Choosing a time window for a brief outage is already done today by most support teams. A few hours outage might come at zero cost (if zero active users) and is often an attractive choice compared to the complexity of Highly Available (HA) farm design, implementation, and support. ZDP is a high cost endeavor, appropriate for scenarios with high cost of downtime. Absent that, we should consider lower cost options where brief downtime is acceptable with little impact. Compare two costs and choice what is best for your business.
Cost/Benefit
Zero Down Time (ZDP)
Minimal Down Time (MDP)
Cost
HA topology required
More complex
More server cost
VM, storage, license, and support
Detailed procedure
Not available to users
Full outage during Config Wiz
Benefit
100% available to users
Read & write features
Supports any topology
Brief outage
Works on Dev, Test, small farms
Simple
No additional servers
Single PowerShell console
Overall, use the right tool for the job. There are good scenarios for both options. Even with ZDP used on large Production farms, we need other suitable options for lower environments like Dev and Test.
![shades_smile_thumb_thumb_thumb_thumb[2]](https://www.spjeff.com/wp-content/ftp_uploads/Whats-in-that-patch-SharePoint-2013--Oct_A762/shades_smile_thumb_thumb_thumb_thumb2.gif "shades_smile_thumb_thumb_thumb_thumb[2]")
