Get-Credential

Posted on by VijayPrabakar

The Get-Credential cmdlet creates a credential object for a specified user name and password. You can use the credential object in security operations.

Beginning in Windows PowerShell 3.0, you can use the Message parameter to specify a customized message on the dialog box that prompts the user for their name and password.

The Get-Credential cmdlet prompts the user for a password or a user name and password. By default, an authentication dialog box appears to prompt the user. However, in some host programs, such as the Windows PowerShell console, you can prompt the user at the command line.

Examples

Get a credential and save it:

PS C:> $C = Get-Credential

This command gets a credential object and saves it in the $C variable.

When you enter the command, a dialog box appears requesting a user name and password. When you enter the requested information, the cmdlet creates a PSCredential object representing the credentials of the user and saves it in the $C variable.

You can use the object as input to cmdlets that request user authentication, such as those with a Credential parameter. However, some providers that are installed with Windows PowerShell do not support the Credential parameter.

Store a credential in a variable to use with another command:

PS C:> $C = Get-Credential
PS C:> Get-WmiObject Win32_DiskDrive -ComputerName "Server01" -Credential $C

These commands use a PSCredential object that the Get-Credential cmdlet returns to authenticate a user on a remote computer so they can use Windows Management Instrumentation (WMI) to manage the computer.

The first command gets a PSCredential object and saves it in the $C variable. The second command uses the credential object in a Get-WmiObject command. This command gets information about the disk drives on the Server01 computer.

Get a credential to use for Windows Management Instrumentation:

PS C:> Get-WmiObject Win32_BIOS -ComputerName "Server01" -Credential (Get-Credential -Credential Domain01User01)

This command shows how to include a Get-Credential command in a Get-WmiObject command.

This command uses the Get-WmiObject cmdlet to get information about the BIOS on the Server01 computer. It uses the Credential parameter to authenticate the user, Domain01User01, and a Get-Credential command as the value of the Credential parameter.

Get a credential by name:

PS C:> $C = Get-Credential -Credential User01
PS C:> $C.Username
User01

This example creates a credential that includes a user name without a domain name. It demonstrates that Get-Credential inserts a backslash before the user name.

The first command gets a credential with the user name User01 and stores it in the $C variable.

The second command displays the value of the Username property of the resulting PSCredential object.

Use the PromptForCredential method to get a credential:

PS C:> $Credential = $Host.ui.PromptForCredential("Need credentials", "Please enter your user name and password.", "", "NetBiosUserName")

This command uses the PromptForCredential method to prompt the user for their user name and password. The command saves the resulting credentials in the $Credential variable.

The PromptForCredential method is an alternative to using the Get-Credential cmdlet. When you use PromptForCredential, you can specify the caption, messages, and user name that appear in the message box.

Create a credential without prompting the user:

The second command uses the ConvertTo-SecureString cmdlet to create a secure string from a plain text password:

PS C:> $User = "Domain01User01"

PS C:> $PWord = ConvertTo-SecureString -String "P@sSwOrd" -AsPlainText -Force

PS C:> $Credential = New-Object -TypeName "System.Management.Automation.PSCredential" -ArgumentList $User, $PWord

PS C:> Get-WmiObject Win32_DiskDrive -ComputerName "Server01" -Credential  $Credential

The command uses the AsPlainText parameter to indicate that the string is plain text and the Force parameter to confirm that you understand the risks of using plain text.

The third command uses the New-Object cmdlet to create a PSCredential object from the values in the $User and $PWord variables:

This example shows how to create a PSCredential object that is identical to the object that Get-Credential returns without prompting the user. This method requires a plain text password, which might violate the security standards in some enterprises.

The first command saves the user account name in the $User variable. The value must have the DomainUser or ComputerNameUser format.

The $credential composed is now composed of the username and password. So we can directly pass the $credential as argument.

Leave a comment