I'm not sure that will work as he's trying to login to his AD account with this script. With this password so his script having a hash won't help him unless he's prepared to put the password in again and if he is then his script can't be automated.
I'm faced with the same issue, we can't have plaintext passwords, but we want to automate the process of logging into the system to make sure it's avaialble for use. What is the preffered secure way of doing this?
Even if we create a service account for this we can't reduce the priviledges enough to satisfy security so there has got to be a way that makes sense.
What about something like this:
The passwords are stored in an ecrypted file in another location other than the script.
The script decrypts the file reads the password and then makes the appropriate checks. (Someone mentioned this earlier I know)
The problem is how to do this securely so that the person cannot get the password from the script even if he just runs the code written in the script?
When an admin user on a windows system wants to setup a service to run using a specific account they do punch the password into an window that stores the password somewhere for future use. This must be protected somehow no?
Perhaps the method is in binary so it makes it a bit harder to thwart?