Databases
StackOverflow2013
Postsdbo
POPowershell - "Clear-Item variable:" vs "Remove-Variable"
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POPowershell - "Clear-Item variable:" vs "Remove-Variable"
    text
    copied!<p>When storing text temporarily in powershell variables at runtime, what is the most efficient way of removing a variables contents from memory when no longer needed?</p> <p>I've used both <code>Clear-Item variable:</code> and <code>Remove-Variable</code> but how quickly does something get removed from memory with the latter vs nulling the memory contents with the former?</p> <p>EDIT: I should have made it a little clearer why I am asking.</p> <p>I am automating RDP login for a bunch of application VMs (application doesn't run as a service, outsourced developers, long story).</p> <p>So, I am developing (largely finished) a script to group launch sessions to each of the VMs. </p> <p>Idea is that the script function that stores credentials uses <code>read-host</code> to prompt for hostname then <code>get-credentials</code> to pick up domain/user/password.</p> <p>The pass is then converted from secure-string using 256-bit key (runtime key unique to machine/user that stored the creds and runs the group launch). </p> <p>The VMs name, domain, user and encrypted pass are stored in a file. When launching a session, the details are read in, password decrypted, details passed to <code>cmdkey.exe</code> to store <code>\generic:TERMSRV</code> credential for that VM, clear plaintext pass variable, launch mstsc to that host, a few seconds later remove the credential from windows credential store. (If I passed password to cmdkey.exe as anything other than plaintext, the RDP session would either receive incorrect or no credentials).</p> <p>So, hence the question, I need the password In plaintext to exist in memory for as short a time as possible.</p> <p>To keep security guys happy, the script itself is aes256 encrypted and a c# wrapper with its own ps host reads, decrypts and runs the script, so there is no plaintext source on the machine that runs this. (Encrypted source on a file share so effectively I have a kill switch, can simply replace encrypted script with another displaying a message that this app has been disabled)</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload