Share via

Scheduled PowerShell script secret management

sigfried 81 Reputation points
2022-09-04T10:19:56.553+00:00

Hello, I need to run my PS scheduled scripts in a secured fashion. My PS server is not exposed to Internet. I would like to use some Password Vault mechanism with the scheduled scripts, and I know Windows has the Secret Store and Secret Management modules available but nowhere I read how secure they are. In our environment security is taken seriously. Basically the question is... what product do you use ?

Windows for business Windows Server User experience PowerShell
Windows for business Windows Server Devices and deployment Configure application groups
0 comments

5 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Limitless Technology 39,916 Reputation points
    2022-09-06T07:41:28.41+00:00

    Hello

    Thank you for your question and reaching out. I can understand you are having query related to PowerShell using Task scheduler.

    You can use gMSA accounts achieve this goal , in which password will be not saved in that Server or Credentials Manager , rater it will be get from AD.

    Reference:
    https://social.technet.microsoft.com/Forums/windows/en-US/42273a38-05dc-4f62-b915-8f55480d59bd/how-do-i-use-a-group-managed-service-account-with-the-task-scheduler?forum=winserver8gen

    https://social.technet.microsoft.com/Forums/en-US/35c74606-df61-4eb9-a070-d819f08fbdbe/schedule-a-task-using-gmsa?forum=winservergen

    -----------------------------------------------------------------------------------------------------------------------------------

    --If the reply is helpful, please Upvote and Accept as answer--

    1 person found this answer helpful.
  2. sigfried 81 Reputation points
    2022-09-05T12:28:24.657+00:00

    I've simplified the question ...

    0 comments
  3. JimmySalian-2011 42,486 Reputation points
    2022-09-05T12:44:25.507+00:00

    Hi,

    You can definetly use tried and tested method of the secure password file and here is the script that I use too read-write-encrypted-password-file-in-powershell-script.html

    Also there is good document for PS security - ScriptRunner_Security_Webinar_2020_06.pdf

    ==
    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
    ----
    Please don't forget to upvote and Accept as answer if the reply is helpful

  4. JimmySalian-2011 42,486 Reputation points
    2022-09-05T13:40:13.623+00:00

    No problem, it works for our environment and does the job as we have other security measures in place like Azure Bastion and Conditional Access policies, RBAC, PIM, Sentinel monitoring to cover all the aspects of Security. Hope this helps and we are working on this article and recommendations secretmanagement-and-secretstore-are-generally-available

    ==
    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.
    ----
    Please don't forget to upvote and Accept as answer if the reply is helpful

  5. JimmySalian-2011 42,486 Reputation points
    2022-09-05T14:06:29.517+00:00

    No worries and good luck Sig.

    ==
    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.