Hey there,

after i install our ESXi hosts and put them into the vcenter i use a powershell script which will do the rest of configuration needed...

One of the points is to create a local readonly esxi User with a password. I dont like to have passwords in my scripts and in this case the script will only run with user interaction.

So in the first case i try to use a simple

$pwd = read-host "Enter a password:"

the problem here is here you can read the password which is provided...

I read  little bit and try..

$pwd = read-host "Enter a password:" -asSecureString

This looks nice in the first step but to avoid password missmatches i fetch the password twice and compare both. In this case $pwd1 & $pwd2 are securestrings and do not match.

Now i try something like...

---Snip----

    $check = "0"

while ($check -eq "0") {

        $encpasswort1 = Read-Host "Please Enter pwd: " -AsSecureString

        $encpasswort2 = Read-Host "again" -AsSecureString

        $password1 = [System.Runtime.InteropServices.marshal]::PtrToStringAuto([System.Runtime.InteropServices.marshal]::SecureStringToBSTR($encpassword1))

        $password2 = [System.Runtime.InteropServices.marshal]::PtrToStringAuto([System.Runtime.InteropServices.marshal]::SecureStringToBSTR($encpassword2))

        if ($passwort1 -eq $passwort2) {

            write-host -ForegroundColor Green "Lege Nutzer auf " $esx_Host.Name "an `n"

            $status = Connect-VIServer $esx_Host.Name -User root -wa 0

            $status = New-VMHostAccount -Id $user -Password $passwort1 -Description $desc -UserAccount

            $status = New-VIPermission -Principal $user -Role $role -Entity (Get-Datacenter)

            $status = Disconnect-VIServer $esx_Host.Name -Confirm:$false

            $check = "1"

          }

}

---snip----

This works so far but maybe there is a better way...

Maybe to compare to Securestring objects or pass them to an esxi host...

Some ideas would be welcome.

Thanks