Add Windows Credentials using PowerShell & cmdkey

Question

I am trying to use credentials from some UI prompted to add Windows credentials using cmdkey:

$sessionCredential = $host.ui.PromptForCredential("Need credentials", "Please enter your user name and password.", "", "Server Crdentials")
$ps = ConvertFrom-SecureString -SecureString $sessionCredential.password
cmdkey.exe /add:server1 /user:$($sessionCredential.UserName) /pass:$($ps)

The credentials are added correctly, but the password is not.

What can I do?

Are you sure the password is not correct? The Credentials manager GUI never shows the correct number of digits there, so it just might _look_ as though this is wrong.. — Theo, Apr 28 '21 at 15:45
yes, i manually edit the passwords on the credentials UI to check and the passwords is wrong — galsi, Apr 29 '21 at 05:24
The fourth parameter to [PromptForCredential()](https://learn.microsoft.com/en-us/dotnet/api/system.management.automation.host.pshostuserinterface.promptforcredential) (*targetName* - *"Name of the target for which the credential is being collected."*) *seems* to be ***[misspelt](https://en.wiktionary.org/wiki/credential#Noun):*** *"`Server Crdentials`"*. It *seems* to be significant, not just an informational message. Is it significant? — Peter Mortensen, Apr 29 '22 at 18:11

score 1 · Answer 1 · edited Apr 29 '22 at 18:00

Use the CredentialManager PowerShell module. It saves the password in the same place as cmdkey, but it can take PSCredential objects directly without needing to convert to text.

Import-Module CredentialManager

# Get the credential from the user with a windows credentials prompt:
$SessionCredential = Get-Credential -Message 'Please enter your server credentials'

# Save the credential object directly without unwrapping it:
New-StoredCredential -Credentials $SessionCredential -Target ServerCredentials -Persist Enterprise `
  -Comment "Server Credentials for $($SessionCredential.UserName)" > $null

# Open the credential later
$SavedCred = Get-StoredCredential -Target ServerCredentials

# Delete if needed
Remove-StoredCredential -Target ServerCredentials

cmdkey /pass:$($ps) is prone to errors due to PowerShell garbling password characters.

i cannot add module to the client machine where this script is running , sorry — galsi, Apr 29 '21 at 05:22

score 1 · Accepted Answer · edited Apr 29 '22 at 18:02

1

Apparently, the problem is ConvertFrom-SecureString is returning an encrypted standard string, ConvertFrom-SecureString.

And the option to get plain text is not available on PowerShell 5.1.

I found the correct convert here.

I understand it is not secured. It is used inside secured clients.

See fixed code below:

$sessionCredential = $host.ui.PromptForCredential("Need credentials", "Please enter your user name and password.", "", "Server Crdentials")
$mpass = [System.Net.NetworkCredential]::new("",$sessionCredential.password).Password
cmdkey.exe /add:server1 /user:$($sessionCredential.UserName) /pass:$($mpass)

edited Apr 29 '22 at 18:02

Peter Mortensen

30,738
21
105
131

answered Apr 29 '21 at 05:32

galsi

421
1
6
19

1

It is still *"Server Crdentials"*. – Peter Mortensen Apr 29 '22 at 18:14
@PeterMortensen That 4th arg is the Domain Name. In my case I wanted to use this for web not Windows, so I called it "FAKEDOMAIN" and then instead of the cmdkey line I did `$user=$sessionCredential.UserName.Replace("FAKEDOMAIN\","")` – CrazyPyro May 15 '22 at 15:27

Add Windows Credentials using PowerShell & cmdkey

2 Answers2