Automatic input of user credentials for 802.1X authentication on Windows 10 via registry

0

I want to automate the configuration settings which are needed in our 802.1X environment. For this I need to pass user credentials.

Therefore I want to build a small GUI which expects the user credentials. After a click on something like a logon button, a powershell script shall import a xml file which contains configuration data for the network interface.

This XML will be imported with:

netsh lan add profile filename="PATH_AND_FILENAME.xml" interface="INTERFACE_NAME"

After this is done I want to pass the user credentials (which were given in the GUI) to the OS without using the built in dialog.

I found out that the registry entries which store the credentials are something like:

User HKCU\Software\Microsoft\Wlansvc\UserData\Profiles[GUID]

and

Machine HKLM\Software\Microsoft\Wlansvc\UserData\Profiles[GUID]

but these are for wireless connections.

Where do I have to save the credentials to cache them? There is an equivalent funcitonality in Windows GUI as shown in the screenshots

802.1X Settings

Credentials to save

Andi D.

Posted 2019-04-10T11:58:48.500

Reputation: 1

Answers

0

Trying o pull user creds is not prudent. There are not there in plain text and are not reversible for passing on to any other action.

You say you are presenting a GUI to ask the user for creds. During any interactive session, if you asking for creds, you need to ask for them securely.

Once you've done that, you can get the username and password directly via code. Yet, you are now handling very sensitive user information. You really need to check with your security / risk management / policy team about doing this. This is because you are literally capturing user creds that you can use anywhere the user has access and nothing prevents you from running off with them later.

So, you could simply use Get-Credential or create a new PSCredential object, or use SecureString to ask for user creds, then when you need them, just reverse that.

($Creds = Get-credential -Credential "$env:USERDOMAIN\$env:USERDOMAIN")

$Creds.GetNetworkCredential().UserName
$Creds.GetNetworkCredential().Password

# Results

UserName                             Password
--------                             --------
contoso\testuser System.Security.SecureString
testuser
password



($Username = Read-Host -Prompt 'Enter username')
($Password = Read-Host -Prompt 'Enter password' -AsSecureString)
($Creds = New-Object System.Management.Automation.PSCredential ($Username, $Password))

$Creds.GetNetworkCredential().UserName
$Creds.GetNetworkCredential().Password

# Results

Enter username: contoso\testuser
contoso\testuser
System.Security.SecureString

UserName                             Password
--------                             --------
contoso\testuser System.Security.SecureString
testuser
password


($Creds = New-Object PSCredential $Username, $Password)

$Creds.GetNetworkCredential().UserName
$Creds.GetNetworkCredential().Password


# Results

$Creds

UserName                             Password
--------                             --------
contoso\testuser System.Security.SecureString

UserName                             Password
--------                             --------
contoso\testuser System.Security.SecureString
testuser
password

Update for OP

As for …

where to save them. I want to know where I should save them to cache the user credentials

These are the approaches you can leverage. This of course has to be done in advance of any other use case that will need it.

using secure password with multiple users without prompt

#saving credentials
Get-Credential | Export-CliXml -Path c:\credential.xml

#importing credentials to a variable
$Credential = Import-CliXml -Path c:\credential.xml

A YouTube Video on the topic: Learn to securely use Passwords with PowerShell

You could also use the Windows Credential Store, and call it from there. Also shown in the above video.

Using Windows Credential Manager

https://gallery.technet.microsoft.com/scriptcenter/PowerShell-Credentials-d44c3cde

https://www.powershellgallery.com/packages/CredentialManager/1.0

https://www.experts-exchange.com/questions/29061982/Powershell-Using-credentials-stored-in-Credential-Manager.html

postanote

Posted 2019-04-10T11:58:48.500

Reputation: 1 783

Thank you for your reply, I understand the problem with the sensitive information. But I am afraid I wrongly expressed myself. My problem ist not just how to ask for credentials, but where to save them. I want to know where I should save them to cache the user credentials. – Andi D. – 2019-04-15T11:42:07.627

See my update for you - and you will want to have this conversation with your risk management / security team(s) and policy folks, before deciding on either option provided. To make sure it will be allowed, supported and maintained long term. Once you set either of them, it's static. If that password changes on the account used, you have to go back and redo whatever option you choose to update the identity store. – postanote – 2019-04-15T17:24:56.447

Asked: 2019-04-10T11:58:48.500

Viewed: 785 times

Active: 2019-04-15T17:24:39.920