none
How to use Powershell to send an encrypted email? RRS feed

  • General discussion

  • Hi all,

    I am a new Powerscript user.

    I have inherited a script which is used to automatically change the password of some utility accounts every month.

    Currently, the new passwords are stored in plain text on a network share for people to access to find out the new passwords.  Obviously, this is less than ideal.

    My idea is to modify the script so that it will send an encrypted email to the people who need to know the new passwords.

    I did a quick search on the repository for Powershell scripts involving how to send an email, but did not turn up anything obvious.

    Can someone point me in the direction of how to send an email via Powershell, and how to encrypt that email?

    Thanks,

    Steve

    • Changed type Bill_Stewart Wednesday, September 13, 2017 9:48 PM
    • Moved by Bill_Stewart Wednesday, September 13, 2017 9:48 PM Question outside forum scope
    Wednesday, August 2, 2017 8:56 PM

All replies

  • PowerShell cannot send encrypted mail.  You must use a mail client that is set up for encrypting ail.


    \_(ツ)_/

    Wednesday, August 2, 2017 9:01 PM
  • You need a secure credential storage system, but this is not the right forum to ask about that.


    -- Bill Stewart [Bill_Stewart]

    Wednesday, August 2, 2017 9:13 PM
  • Outlook is installed on this machine.  Can Powershell use Outlook to send the email?

    Steve

    Thursday, August 3, 2017 12:03 PM
  • $olMailItem = 0 
    $ol = New-Object -comObject Outlook.Application  
    $mail = $ol.CreateItem($olMailItem)  
    $Mail.Recipients.Add("user@company.com") 
    $Mail.Attachments.Add("C:\test\password.txt") 
    $Mail.Subject = "Top Secret"  
    $Mail.Body = "Stuff"  
    $Mail.Send()
    Thursday, August 3, 2017 12:29 PM
  • $olMailItem = 0 
    $ol = New-Object -comObject Outlook.Application  
    $mail = $ol.CreateItem($olMailItem)  
    $Mail.Recipients.Add("user@company.com") 
    $Mail.Attachments.Add("C:\test\password.txt") 
    $Mail.Subject = "Top Secret"  
    $Mail.Body = "Stuff"  
    $Mail.Send()

    Does this encrypt the email?  We all have security cards we can plug into our keyboards to view encrypted emails in Outlook.  I'd like to send the email encrypted.
    Thursday, August 3, 2017 1:33 PM
  • That just uses outlook to send an email.  I will look at encrypted emails via com
    Thursday, August 3, 2017 1:44 PM
  • What you may be able to do is set up a transport rule for the sender then exchange will encrypt any email with a particular subject or whatever the transport rule has been set to.

    See for more information

    https://support.office.com/en-us/article/Define-mail-flow-rules-to-protect-email-messages-9b7daf19-d5f2-415b-bc43-a0f5f4a585e8

    But Bill is correct you should really have a secure password store on the network somewhere that is restricted to only the people who need to know the passwords

    Thursday, August 3, 2017 1:59 PM

  • But Bill is correct you should really have a secure password store on the network somewhere that is restricted to only the people who need to know the passwords

    Yeah but that's outside my purview and would involve a lot of corporate infrastructure navigation to implement.

    Right now I manually run a script that changes all the passwords, and then I note the passwords in a text file out on a network share.  Presumably restrictions are set on the share but in any case it's not a good idea to store passwords in plain text in a text file. 

    So I figured I'd eliminate the text file entirely and instead send an encrypted email to those who need to know the information.

    I suppose another route is to store the passwords to a file and encrypt the file somehow, and provide a means for those who need it to decrypt it.  Perhaps ZIP can be used with a command line modifier to password protect the zip file, and then I ignore the email issue altogether. 

    Although I do want the program to automatically notify everyone when the passwords have changed, but with what I was given above I think I can do that.

    Steve

    Thursday, August 3, 2017 4:59 PM
  • I think this question is really outside the scope of a scripting forum.

    -- Bill Stewart [Bill_Stewart]

    Thursday, August 3, 2017 5:17 PM
  • You can set up PKI and distribute certs to users.  Encrypt the file and mail to users.  You would also have to provide users with a tool to decrypt the file.

    There are third party tools that can do this.  You will have to search and select the one that best suits your needs.

    Post in the Windows Security forum for more help with this.

    Windows has tools that allow you to proxy credentials for foreign systems.  The credentials can be managed and the users never need to be concerned about password changes. 

    Here is one of many: https://msdn.microsoft.com/en-us/library/aa745042(v=bts.10).aspx

    The Security forum can help you choose a solution that best suits your requirements.

    You should never place passwords in a text file anywhere.


    \_(ツ)_/

    Thursday, August 3, 2017 5:44 PM