This turned out to be more complicated than I expected. I was able to find a post by Aman Dhally that dug into the details and this was the result.
$ConfigData = @{ AllNodes = @( @{ NodeName = "*"; PSDscAllowPlainTextPassword=$true } @{ NodeName = "localhost"; } ); } Configuration LocalPasswordConfig { $secpassword = ConvertTo-SecureString "Password1" -AsPlainText -Force $mycreds = New-Object System.Management.Automation.PSCredential("Administrator",$secpassword) Node $AllNodes.NodeName { User LocalAccount{ UserName = "Administrator" Password = $mycreds } } }
If you don't want to have your password in plain text in your config files, you can pass in a credential object. But the .mof file will still have the plain text password.
Configuration LocalPasswordConfig { param([PsCredential]$mycreds) Node $AllNodes.NodeName { User LocalAccount{ UserName = "Administrator" Password = $mycreds } } } $cred = Get-Credential LocalPasswordConfig -mycreds $cred –ConfigurationData $ConfigDataIt may be possible to use a certificate to solve the pain text issue, but I am still trying to get my head wrapped around it. I see what looks like a good example here. See the example script at the bottom of that page.
I wonder if this couldn't be done as a file with the password hashed inside.
ReplyDelete