I am currently using PSexec with credentials which are stored in a CSV so i can iterate of each row. A basic example of this is.
$computerlist = Import-Csv C:\XXXXX\computerlist.csv
foreach( $user in $computerlist ) {
$results = psexec ( "\\" + $user.ip ) -u ( $user.ip + "\" + $user.username ) -p $user.password query session
}
The passwords in the CSV are currently stored in plain text and could be viewed by anyone who gains access to the machine. Is there a better solution to dealing with these passwords?
Think more carefully what's meant by "gains access to the machine". For stolen computer, consider using Bitlocker. For intrusive users, consider user rights and logon policies/permissions.
The most straight-forward way to secure the file is to use NTFS permissions. Store the file in directory and grant read access only for a specific group that contains script runner's accounts.
Encrypting the credential file is a chicken and egg -problem. You'd need to store the encryption key somewhere anyway, unless the key is prompted every time the script is being run. EFS can be used to some extent, but it isn't a silver bullet either.