Sep 122011
Here we have a simple function to generate a complex password in Windows Powershell.
To Add this to YOUR script, include:
- The system.web assembly (add this somewhere in your script
(where it will only get called once) - The GenPwd function
That’s all there is to it. Passwords will be 8 characters long; change the $pwdLen variable if you want a different length.
The system.web.generatepassword call will guarantee that at least one “special” non-alphanumeric character is used but does not guarantee anthing more.
To ensure other complexities are present, we test the new password against a regular expression that tests for:
- at least one uppercase character
- at least one lowercase character
- at least one numeric character
If the generated password doesn’t match the regular expression, we keep retrying until it does.
In this sample script, the function “GenPwd” is called in two ways:
- TestMode shows how many tries it takes to generate a password
- Real Mode simply returns a password from the function call
Download Link: Generate-Password.ps1 (right-click and select “save as…”)
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 |
# Sample Program to demonstrate useage of the GenPwd function call # # September 12, 2011 # Courtesy of xb90@PoshTips.com # # Visit http://poshtips.com for more FREE PowerShell scripts! # # To Add this to YOUR script, include: # (1) The system.web assembly (add this somewhere in your script # where it will only get called once # (2) The GenPwd function # # That's all there is to it. Passwords will be 8 characters long; # change the $pwdLen variable if you want a different length. # # The system.web.generatepassword call will guarantee that at least # one "special" non-alphanumeric character is used but does not guarantee # anthing more. # To ensure other complexities are present, we test the new password # against a regular expression that tests for: # (1) at least one uppercase character # (2) at least one lowercase character # (3) at least one numeric character # If the generated password doesn't match the regular expression, # we keep retrying until it does. # # Sort of crude, but effective and regenerating passwords is very quick # [Reflection.Assembly]::LoadWithPartialName(“System.Web”) | out-null function GenPwd { param ([int]$pwdLen=8, [switch]$TestMode=$false, [string]$TestModeNote="") $pwd = "" $pwdOk = $false $tries = 0 do { $tries+=1 $pwd = [System.Web.Security.Membership]::GeneratePassword($pwdLen,1) $pwdOk = ($pwd -match "^(?=.*\d)(?=.*[a-z])(?=.*[A-Z]).{$pwdLen,$pwdLen}$") } until ($pwdOk) if ($testMode){ # TestMode will display the following # 1. Content of $TestModeNote (this could be a counter, hostname, or whatever (including nothing) # 2. The generated password # 3. Number of tries it took for the GeneratePassword method to create a qualifying password # 4. A series of "X"'s to give a quick graphic representation of the number of tries write-host ("{0} : {1} : {2} {3}" -f $TestModeNote,$pwd,$tries,$("".padright($tries,"X"))) } else { # return the password $pwd } } #PASS 1: Run 10 iterations in TestMode write-host "`nTest Mode:`n" for ($i=1; $i -le 10; $i++){ GenPwd -PwdLen 8 -TestMode $true -TestModeNote ([string]$i).padleft(2," ") } write-host "`n`nReal Mode:`n" #Pass 2: Run 10 iterations in "real" mode, and let function return values print to standard output for ($i=1; $i -le 10; $i++){ GenPwd #Note, I could also capture output as follows # $password = GenPwd } |
Sample output:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 |
PS C:\scripts\powershell> .\Generate-Password.ps1 Test Mode: 1 : E9UjLQ(5 : 1 X 2 : YlC;4[RO : 1 X 3 : F:%5G6&w : 1 X 4 : )RA!KA3! : 1 X 5 : i+LX=:78 : 3 XXX 6 : 3qzi#TG] : 2 XX 7 : Ld}.hsQ2 : 1 X 8 : 1afZ68x! : 1 X 9 : !?Kj^4UN : 1 X 10 : n&a9pT*L : 3 XXX Real Mode: QS38}%>$ +mh4n+c$ wFg#sT5f fV0J^60F 3Mfxg{T* 4pnCIUG? 0B{P]#|S %XQ9AB{L 0@}fHq%x a&0KoHSi |
I use just a one liner like this:
1..10 | ForEach { $Password = $Password + [char]((Get-Random -Minimum 33 -Maximum 127) + (Get-Random -Maximum 2)*32) }