Hi everyone,
First time poster here. New to ImmyBot and new to scripting in general. I am trying to refine a local user account creation script that pulls username and password information from IT Glue. It is working great except for with passwords that contain the $ special character. It seems that no matter what I do to try and force ImmyBot to not treat $ as a variable and just treat the password as text, it completely overlooks the $ and everything after it.
Consider the following example:
- Password in IT Glue - pass$word
- Variable - $LocalPassword = $Credentials.GetNetworkCredential().Password
- Command - Test-Credential -Username $LocalUsername -Password $LocalPassword
In the above example, ImmyBot see the password as “pass” and completely overlook the “$word” part of the password. I encounter the same issue when using any ImmyBot related commands or parameters, such as Invoke-ImmyCommand or $using:.
Some things I have tried:
- Putting $LocalPassword in quotes
- Using .Replace(‘$’,“`$”) to try and force ImmyBot to see $ as a literal ‘$’
- Using $params=@{$LocalPassword = $Credentials.GetNetworkCredential().Password}@
- Many other things similar to or variations of the above
Is it currently not possible to do this? If so, I can change this into a feature request as it would be useful to be able to force ImmyBot to treat $'s that are being output by a variable as a text string.
Thanks in advance!
Which task is this for? Maybe the password box is using string datatype instead of password. I know variables get resolved in string text boxes, but I didn’t think they did in password boxes
This is for a custom task I made. You can pull up the ActivTrak software and view both the Version Detection script and Download Installer script to see how credentials are pulled from IT Glue.
It uses an IT Glue API key stored in an Azure vault to access an IT Glue and pulls credentials based on the web page’s ID.
Example from ActivTrak script:
if ($ITGluePasswordID) {
$Params = @{
ITGPasswordID = $ITGluePasswordID
ITGBaseURL = $ITGBaseURL
VaultURIString = $VaultURIString
}
$Credentials = Get-ITGluePasswordAsCredential @Params
$ATUsername = $Credentials.UserName
$ATPassword = $Credentials.GetNetworkCredential().Password
}
@Aaron_Colon So does it work correctly in ActivTrak, or is there the same issue? I noticed that it is using the [Password] datatype in the configuration task, so maybe passwords do have an issue. If that’s the case, I would bring this up to support with an example.
@Dakota_Lewis Apologies for the late response and thank you for your input. The same issue occurs with the ActivTrak deployment if the password in IT Glue contains a $.
I did further testing and found that the problem is specifically with needing to escape the $ when changing from the Metascript execution context to System execution context. At least, that is what I think is what is happening when you have a script in the Metascript context and then use a command like Invoke-ImmyCommand to run commands on the computer (System) itself. Parameters that were defined in the script appear to lose their values when running Invoke-ImmyCommand, so I had to re-define the parameters by using things like $LocalPassword = $using:LocalPassword. This is where the problem comes in. If there was a $ in the password, it sees that as a variable and there was no way I could escape the $ with the $using parameter.
if ($ITGluePasswordID) {
$Params = @{
ITGPasswordID = $ITGluePasswordID
ITGBaseURL = $ITGBaseURL
VaultURIString = $VaultURIString
}
$Credentials = Get-ITGluePasswordAsCredential @Params
$Username = $Credentials.UserName
$LocalPassword = $Credentials.GetNetworkCredential().Password.Replace("$","&!#)(^%_-+=")
$TestPassword = $Credentials.GetNetworkCredential().Password
$LocalUsername = $Username.Replace(".\","")
}
switch($method){
"test" {
Test-Credential -Username "$LocalUsername" -Password $TestPassword
}
"set" {
Invoke-ImmyCommand {
$LocalUsername = $using:LocalUsername
$LocalPassword1 = $using:LocalPassword
$LocalPassword = $LocalPassword1.Replace("&!#)(^%_-+=","`$")
$Administrator = $using:Administrator
$Hidden = $using:Hidden
$PasswordNeverExpires = $using:PasswordNeverExpires
Write-host "Creating/updating local account username $LocalUsername"
cmd /c net user /add $LocalUsername $LocalPassword /y
Write-host "Updating password for $LocalUsername"
cmd /c net user $LocalUsername $LocalPassword /y
if ($Administrator) {
Write-host "Adding $LocalUsername to local administators group"
cmd /c net localgroup administrators /add $LocalUsername
}
if ($PasswordNeverExpires) {
Write-host "Setting password to never expire"
cmd /c wmic useraccount where "Name='$LocalUsername'" set PasswordExpires=FALSE
}
if ($Hidden) {
Write-host "Creating registry entry to hide account"
cmd /c reg add "Hkey_local_machine\software\microsoft\windows nt\currentversion\winlogon\SpecialAccounts\UserList" /v $LocalUsername /t REG_DWORD /d 0 /f
}
}
}
}
To work around this issue, I used the .Replace function on $Credentials.GetNetworkCredential().Password and made it $Credentials.GetNetworkCredential().Password.Replace(“$”,“&!#)(^%_-+=”). This changed the $ to a specific string of characters that I can then change back to a $ during the Set part of the script when it runs Invoke-ImmyCommand and changes to a System execution context.
Now…although I finally have ImmyBot setting the correct passwords, I am continuing to have issues with the Test-Credential command. Even though I can confirm that it is using the correct credentials (by using the Write-Host and Write-Variable commands to check), the output from the test is always False.
Could anyone please assist with getting the Test-Credential command working?