Powershell: Setting PsCredentials to $Null for username and $Null for password

Question

How can I create a $Null username and $Null password PScredentials object?

According to this article, the null PSCredential causes Powershell to use Windows Authentication, which seems a much easier way to run scripts in a domain setting. Unfortunatelly I cant seem to figure out where/how he's setting it to Null: http://blogs.msdn.com/b/dvespa/archive/2010/02/22/how-to-use-windows-authentication-with-the-pscredential-class.aspx

Other resources: This answer specified $Null for password, but wont allow $Null username. Create PSCredential without a password

Thank you.

Answer 1

The constant [PSCredential]::Empty (aka [System.Management.Automation.PSCredential]::Empty) gives you a valid object of type PSCredential but with both username and password set to null.

However, that is not the current user's credentials; rather it means "no credentials". There may be logic in the function you're calling for this to be a moot point (i.e. where the function's the logic says to use the current security context when $credentials -eq [PSCredential]::Empty), but in some contexts this same value may be used for other purposes (e.g. to say you want to use anonymous authentication).

You cannot get the current user's credentials without prompting for them or explicitly assigning them in some other way; otherwise this would present a security risk

#create a credential object for demo purposes.  
#Imagine that instead of this line we were saying `$credential = Get-CurrentUserCredential` 
#(you have to imagine this, since no such function exists).
$credential = [PSCredential]::new('myUsername', ('superSecretPassword' | ConvertTo-SecureString -AsPlainText -Force))

#we can now see this user's password; 
#someone malicious could have this script run under the current user's 
#profile & have this information reported back to them.
$credential.GetNetworkCredential().Password

If you want to run something as the current user, you already are (i.e. hence them being the current user); so you don't need to get their credentials.

That said, there are cases where it would be nice to have their credentials; e.g. if accessing a resource which doesn't use the current user context / needs explicit credentials. In such cases you have to either prompt for credentials (Get-Credential $env:username), or read them from some resource (see https://stackoverflow.com/a/6240319/361842).

There's a really thorough explanation of credentials here: http://duffney.io/AddCredentialsToPowerShellFunctions; definitely worth a read.

Answer 2

Why do you need a $null PSCredential object ?

According to the documentation

-Credential <PSCredential>

Specifies a user account that has permission to perform this action. The default is the current user. 

It means tha if you just don't use this parameter you will use Windows Authentication.

---

Edited :

So in Powershell if you want a null credential you just have to specify it :

test :

Get-WmiObject Win32_Process -Credential 

Get-WmiObject Win32_Process -Credential $null

and

Get-WmiObject Win32_Process -Credential (Get-Credential)