Posts in Category: PowerShell

Obfuscate username and passwords in Powershell

There are a whole host of blogs on how to encrypt passwords using PowerShell.  For the best security, those approaches should be followed, not this approach.  I wanted to not include my password and username information in scripts, yet also not go through the setup required for encryption to work (from what I gathered, this encryption is machine and user specific -- not the setup tasks that I wanted to pursue.)

The steps are similar -- create a file with the text coded, then read that file and decode the text to use in the PowerShell script.

PowerShell to code text to a file:

#this is simple obfuscation method for password not appearing as clear text in powershell script
 
# change the three items below to satisfy your needs
$acc = "myaccount"
$pass = "mypassword"
$filelocation = "E:\folder_where_files_are_saved"
 
[System.Text.Encoding]::Unicode.GetBytes($acc) | Set-Content $filelocation'\am.txt' 
[System.Text.Encoding]::Unicode.GetBytes($pass) | Set-Content $filelocation'\amp.txt' 
 
 
Then, in a PowerShell script to use the saved files, add these rows to retreive the username and password:
$filelocation = "E:\folder_where_files_are_saved"
 
# Get username and password from files created by obfuscation method
$gu = Get-Content $filelocation'\am.txt'  -ReadCount 0
$username = [system.text.encoding]::Unicode.GetString($gu)
 
$gp = Get-Content $filelocation'\amp.txt'  -ReadCount 0
$password = [system.text.encoding]::Unicode.GetString($gp)
Gravatar

Tableau Server refresh all extracts using REST API

Just worked through the 10.3 REST API for refreshing data extracts on the server.  The documentation language was all there, just not tremedously clear as the explanation paragraphs state that some parameters need to appear, yet the example doesn't reflect those parameters being present.  The missing piece -- adding the -ContentType parameter to the invoke statement is alluded to in the instructions, but as stated before, not present in the example.

I work with PowerShell to invoke the REST API as PowerShell comes with every Windows PC, which is what use.  The syntax shown below would need to be changed if some other shell language were used.

 

Some caveats to get PowerShell to run a script on your PC:


1. If you want to run this as a script from a saved file (extension to save PowerShell script files is .ps1), then you find that the PowerShell won't run the script, it is likely due to the PC having Restricted the ability to Execute scripts.  This must be changed in order to run a script from a file.  Some people suggest resetting the script Execution policy to unrestricted, but that opens the PC up to unknowns when also browsing the internet.  Instead, setting the policy to 'remotesigned' permits only local scripts and signed internet scripts to run.  After running your local scripts on a PC, for safety, you can also just set the Execution policy back to 'restricted'.

 

To reset the Execution policy, the logged in person must have PC admin rights AND the Windows PowerShell ISE must be launched with the 'Run as Administrator' option.

Then run these two command -- the first is to obtain the policy as it currently exists (should you want to revert) and the second changes the policy.  The policy cannot be changed from within a script, so these commands must be run manually.

$original_policy = Get-ExecutionPolicy

Set-ExecutionPolicy remotesigned

 

2. The default TLS protocols on Windows 10 PC's doesn't typically enable all the protocols needed for the WebMethods to work properly.  Enable all three TLS protocols (TLS, TLS1.1, TLS1.2) by also running this PowerShell command while you are in 'Run as Administrator' mode.

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls -bor [Net.SecurityProtocolType]::Tls11 -bor [Net.SecurityProtocolType]::Tls12

 

Powershell to Kickoff Tableau Server Extract Refresh - all extracts:

 

#Tableau Server - where data resides and extracts need refreshing

# Setup to connect

$server = "http://tableauserver"

$s = Invoke-RestMethod -Uri $server/api/2.4/serverinfo -Method get #works on server version 10.1 and later

$api = $s.tsResponse.serverInfo.restApiVersion  #10.3 server

 

$username = “some_tableau_admin_username”

$password = “password for above user”

$sitelogin = "mysite"  #site name where extracts exist

 

# generate body for sign in

$signin_body = (’<tsRequest>

  <credentials name=“’ + $username + ’” password=“’+ $password + ’” >

    <site contentUrl="'+$sitelogin +'" />

  </credentials>

</tsRequest>’)

$response = Invoke-RestMethod -Uri $server/api/$api/auth/signin -Body $signin_body -Method post

# save the auth token, site id and my user id

$authToken = $response.tsResponse.credentials.token

$siteID = $response.tsResponse.credentials.site.id

$myUserID = $response.tsResponse.credentials.user.id

$siteURL = $response.tsResponse.credentials.site.contentUrl

 

# set up header fields with auth token

$headers = New-Object “System.Collections.Generic.Dictionary[[String],[String]]”

 

# add X-Tableau-Auth header with our auth token

$headers.Add(“X-Tableau-Auth”, $authToken)

 

#tests whether logged in user is an Administrator  (site or server)

$loginUserid = Invoke-RestMethod -Uri $server/api/$api/sites/$siteID/users/$myUserID -Headers $headers -Method Get

$admin = $loginUserid.tsResponse.user.siteRole -like "*Administrator"

 

#create body element required for refresh extract POST

$refresh_body = (

’<tsRequest>

</tsRequest>’

)

 

# only admin can perform extractRefresh, so this next set of commands only execute when logged in user is an admin

if ($admin)

{

#get list of extract tasks from server -- Tableau 10.3 REST API can only kick off an extract task, not an individual Extract refresh

#this gets list of all extracts -- no filter applied to select a schedule, owner, priority, workbook, etc.

$extractlist = Invoke-RestMethod -Uri $server/api/$api/sites/$siteID/tasks/extractRefreshes -Headers $headers -Method Get

 

Foreach ($taskid in $extractlist.tsResponse.tasks.task.extractrefresh.id)

{

$runnow = Invoke-RestMethod -Uri $server/api/$api/sites/$siteID/tasks/extractRefreshes/$taskid/runNow -Headers $headers -Body $refresh_body -ContentType "application/xml" -Method POST

}

}

Gravatar

PowerShell install version 4

PowerShell 4.0 added many features, but the one that mattered to me was the -append flag when exporting to csv. With this flag, if the csv file exists, then the rows of info are appended, if the file doesn't exist, then the file is created. While this could be done in older versions, that simple logic basically meant writing code to trap the file exist issue and then branch to the right export command.

So, the question becomes, how do you upgrade to PowerShell 4.0? Do you even have PowerShell 4.0? How do you tell what PowerShell version you have?
To determine the PowerShell engine version, use $PSVersionTable.PSVersion at the PowerShell command prompt. If this command doesn't work from the PowerShell command prompt, then the installed PowerShell is version 1.

Not sure whether PowerShell is installed because it doesn't show up in the Start menu? Well, you could check the registry -- HKEY_LOCAL_MACHINE\Software\Microsoft\PowerShell ... the version would come after that. Microsoft further explains the expected registry entries in this blog: https://blogs.msdn.com/b/powershell/archive/2009/06/25/detection-logic-poweshell-installation.aspx

Me, I prefer working with the Windows PowerShell ISE, but the above command can also run from the PowerShell command line (kinda looks like a DOS window). Both options should show up by typing in PowerShell from the Start button then selecting the verison you want -  Windows PowerShell ISE or Windows PowerShell (command line version).  If you like the ISE like I do, then from the Start button type in ISE to get to the two versions (x86 which I don't use, and Windows PowerShell ISE (my preference). 

Here is the link from Microsoft -- http://www.microsoft.com/en-us/download/details.aspx?id=40855. Installing version 4 of PowerShell also updates features of the Windows Management Framework to version 4.0.

Another tidbit -- even with PowerShell installed, PC's typically are shipped with 'Execution Policies' not enabled for scripts to be run.  To modify this setting, a regedit is required. 

run PowerShell as administrator, then run the following command: Set-ExecutionPolicy RemoteSigned

Update - install Active Directory for PowerShell module in order to query Active Directory
Easiest way to install AD module is to run the following PowerShell command for Windows 8 and prior:  Add-WindowsFeature RSAT-AD-PowerShell

For Windows 10, download a package and install it with elevated privileges - instructions found here.

Further info on AD module installation: https://www.microsoft.com/en-us/download/details.aspx?7887 is where you'll find the Remote Server Administration for Windows 7 download, then follow the instructions found here - https://4sysops.com/archives/how-to-install-the-powershell-active-directory-module/

Gravatar
Copyright© Brad Earle
Site Map | Printable View | © 2008 - 2021 KB Earle Associates LLC | |