In case you haven’t heard of or used Password Pusher, or pwpush.com, it is a service that allows you to enter passwords into a web browser, which is then turned into a URL that expires after a certain number of days or views, or both.

While emailing passwords is not a good security practice, creating a link that expires is often a much better approach.

This post is a part of my Automating New Hires With Powershell series, where I create a bunch of helpful Powershell scripts to simplify the user onboarding process.


Password Pusher Powershell Script

While entering passwords directly into Pwpush.com isn’t difficult, if the process can be automated during your new hire workflow, then that is a better solution.

This script will first prompt for the Active Directory password. Once you enter that, it will open an Outlook.msg template and then copy the URL to clipboard. Then simply paste the URL into the Outlook email that just opened automatically.

Then, it will call a second .ps1 script to ask for the user’s email password and copy that to clipboard. Paste that into the email as well.

Then, you can simply email the credentials to the users’ manager so they have the credentials ready during their first day of employment.


Step 1: Create Outlook Email Template

Open Outlook and create a new email. In the body, add something like this:

Go to File > Save As > and save to a folder such as C:\Scripts\Final. Name the file “Template“. Outlook saves this as a .msg file (C:\Scripts\Final\template.msg)


Step 2: Create AD Password Pusher Script

This is the primary script you will run first. At the end of this script, it will call a separate Emailpwpush.ps1 script and prompt you to enter that password. The reason I’m telling you this is because if you run just Emailpwpush.ps1, it won’t prompt for the AD password, so make sure to run this script if you want to include both in email to their manager.

The only difference between the two scripts are that this first one has a line at the very end to call the 2nd script: & .\Emailpwpush.ps1

[CmdletBinding()]

Param(
    [Parameter(Position=1,Mandatory=$true)]
    [AllowEmptyString()]
    [string]$ADPassword,
    
    [ValidateRange(1,90)]
    [string]$Expire = 7,

    [ValidateRange(1,100)]
    [string]$Views  = 10
    )

If (!$ADPassword) {[string]$ADPassword = (Get-Random)}

Write-Host "Using password: $ADPassword"

$IE = New-Object -ComObject "InternetExplorer.Application"

$RequestURI = "https://pwpush.com"

$IE.Visible = $false
$IE.Silent = $true
$IE.Navigate($RequestURI)

While ($IE.Busy) {Start-Sleep -Seconds 1}

$Payload        = "password_payload"
$ExpireID       = "password_expire_after_days"
$ViewsID        = "password_expire_after_views"

$Doc = $IE.Document
$Doc.getElementsByTagName("input") | ForEach-Object {
    if ($_.id -ne $null){
        if ($_.id.contains($Payload)) {$Payload = $_}
        if ($_.id.contains($ExpireID)) {$ExpireID = $_}
        if ($_.id.contains($ViewsID)) {$ViewsID = $_}
    }
    if ($_.name -ne $null){
        if ($_.name.contains($commit)) {$SubmitButton = $_}
    }
}

$Payload.value  =   $ADPassword
$ExpireID.value =   $Expire
$ViewsID.value  =   $Views
#Start-sleep -Seconds 1
$SubmitButton.click()

While ($IE.Busy) {Start-Sleep -Seconds 1}

$URL = "url"

$Doc.getElementsByTagName("input") | ForEach-Object {
    if ($_.id -ne $null){
        if ($_.id.contains($URL)) {$URL = $_}
    }
}

$URL.value
Write-Output $URL.value | Set-Clipboard
Write-Host "URL Copied to clipboard! Press ENTER to paste into the Outlook template." -ForegroundColor Black -BackgroundColor Green -NoNewline 
$EmailAddress = Read-Host

$file= C:\Scripts\Final\Template.msg
    $outlook= New-Object -ComObject outlook.application


    ####Call another powershell script to run EmailPass

& .\Emailpwpush.ps1

Step 3: Create Emailpwpush.ps1 Script

Next, create the second script. This script works just like the first one, except it asks you to input the email password to generate a pwpush.com secure link, and also copies that one to your clipboard.

[CmdletBinding()]

Param(
    [Parameter(Position=1,Mandatory=$true)]
    [AllowEmptyString()]
    [string]$EmailPassword,
    
    [ValidateRange(1,90)]
    [string]$Expire = 7,

    [ValidateRange(1,100)]
    [string]$Views  = 10
    )

If (!$EmailPassword) {[string]$EmailPassword = (Get-Random)}

Write-Host "Using password: $EmailPassword"

$IE = New-Object -ComObject "InternetExplorer.Application"

$RequestURI = "https://pwpush.com"

$IE.Visible = $false
$IE.Silent = $true
$IE.Navigate($RequestURI)

While ($IE.Busy) {Start-Sleep -Seconds 1}

$Payload        = "password_payload"
$ExpireID       = "password_expire_after_days"
$ViewsID        = "password_expire_after_views"

$Doc = $IE.Document
$Doc.getElementsByTagName("input") | ForEach-Object {
    if ($_.id -ne $null){
        if ($_.id.contains($Payload)) {$Payload = $_}
        if ($_.id.contains($ExpireID)) {$ExpireID = $_}
        if ($_.id.contains($ViewsID)) {$ViewsID = $_}
    }
    if ($_.name -ne $null){
        if ($_.name.contains($commit)) {$SubmitButton = $_}
    }
}

$Payload.value  =   $EmailPassword
$ExpireID.value =   $Expire
$ViewsID.value  =   $Views
#Start-sleep -Seconds 1
$SubmitButton.click()

While ($IE.Busy) {Start-Sleep -Seconds 1}

$URL = "url"

$Doc.getElementsByTagName("input") | ForEach-Object {
    if ($_.id -ne $null){
        if ($_.id.contains($URL)) {$URL = $_}
    }
}

$URL.value
Write-Output $URL.value | Set-Clipboard
Write-Host "URL Copied! Paste it into your email." -ForegroundColor Black -BackgroundColor DarkGreen -NoNewline 
$EmailAddress = Read-Host

Then, you can simply send the email to their manager.


Wrapping Up

This script works very well if you pair it with my Create AD User and Office 365 user script. Once the AD script runs, just write down the password. Then, run this script and type in that password.

I have both of these scripts in my Powershell Gui Menu, so I can just click the AD User Creation button, generate the password, and then click the Send Welcome Email button and type in the passwords to send out.


My Homelab Equipment

Here is some of the gear I use in my Homelab. I highly recommend each of them.

The full list of server components I use can be found on my Equipment List page.

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *