RunAsAccount.psm1
<#
All the hard decryption magic has been done by http://www.nccgroup.com/ Released as open source by NCC Group Plc - http://www.nccgroup.com/ Developed by Richard Warren, richard dot warren at nccgroup dot trust https://www.github.com/nccgroup/SCOMDecrypt Released under AGPL see LICENSE for more information .Synopsis Retrieves RunAs account password from a specified user. It can be used on SCOM 2016 or SCSM 2016 .Description RunAs account passwords are stored encrypted in the SCOM or SCSM database. This module decrypts the corresponding password for a specified user. .Parameter UserName Specify the user of a RunAs account .Example Get-RunAsCredential -Name 'SCOM Connector RunAs Account' -System 'SCOM' #> function Get-RunAsCredential { [CmdletBinding()] Param( [Parameter(Mandatory = $true,HelpMessage = 'Please specify a RunAs account display name.')] [ValidateNotNullOrEmpty()] [String]$Name ) Try { $InstallDir = Get-ItemProperty -Path 'HKLM:SOFTWARE\Microsoft\System Center\2010\Common\Setup' -ErrorAction stop $null = [System.Reflection.Assembly]::LoadFile($(Join-Path -Path $InstallDir.InstallDirectory -ChildPath 'Microsoft.Mom.Sdk.SecureStorageManager.dll')) $null = [System.Reflection.Assembly]::LoadFile($(Join-Path -Path $InstallDir.InstallDirectory -ChildPath 'Microsoft.EnterpriseManagement.DataAccessLayer.dll')) } Catch [System.Management.Automation.ItemNotFoundException] { Write-Verbose -Message '[!] Unable to detect install directory server' return } $SecStoreManager = New-Object -TypeName Microsoft.EnterpriseManagement.Security.SecureStorageManager Try { $DatabaseInfo = Get-ItemProperty -Path 'HKLM:SOFTWARE\Microsoft\System Center\2010\Common\Database' -ErrorAction stop } Catch [System.Management.Automation.ItemNotFoundException] { Write-Verbose -Message '[!] Unable to detect SQL server' return } Try { $SqlCommand = 'SELECT Name, UserName, Data FROM dbo.CredentialManagerSecureStorage;' $ConnectionString = "Server=$($DatabaseInfo.DatabaseServerName);Database=$($DatabaseInfo.DatabaseName);Trusted_Connection=True;" $Connection = New-Object -TypeName System.Data.SqlClient.SQLConnection -ArgumentList ($ConnectionString) $Command = New-Object -TypeName System.Data.Sqlclient.sqlcommand -ArgumentList ($SqlCommand, $Connection) $Connection.Open() $Adapter = New-Object -TypeName System.Data.Sqlclient.SqlDataAdapter -ArgumentList $Command $Dataset = New-Object -TypeName System.Data.DataSet $null = $Adapter.Fill($Dataset) $Connection.Close() } Catch { $Error[0].Exception.Message } Try { $DataRow = $Dataset.Tables[0].Rows | Where-Object -FilterScript { $_.Name -ieq $Name } } Catch { $Error[0].Exception.Message } $Credential = @{} $Credential.Add('User',$DataRow.UserName) $Credential.Add('Password',[System.Text.Encoding]::UTF8.GetString(($SecStoreManager.Decrypt($DataRow.Data) | Where-Object {( $_ -ne 0)}))) return $Credential } |