In case you haven’t heard of or used Password Pusher, or pwpush.com, it is a service that allows you to enter passwords into a web browser, which is then turned into a URL that expires after a certain number of days or views, or both.
While emailing passwords is not a good security practice, creating a link that expires is often a much better approach.
This post is a part of my Automating New Hires With Powershell series, where I create a bunch of helpful Powershell scripts to simplify the user onboarding process.
- How To Create Active Directory Users in Powershell & Copy Group of Existing Users
- How to Open a Webpage Using Powershell
- How to Create a Powershell GUI to Launch Your Scripts
- Powershell script to move computer object to a specific OU
- How to Automate Sending IT Welcome Emails with Powershell
Password Pusher Powershell Script
While entering passwords directly into Pwpush.com isn’t difficult, if the process can be automated during your new hire workflow, then that is a better solution.
This script will first prompt for the Active Directory password. Once you enter that, it will open an Outlook.msg template and then copy the URL to clipboard. Then simply paste the URL into the Outlook email that just opened automatically.
Then, it will call a second .ps1 script to ask for the user’s email password and copy that to clipboard. Paste that into the email as well.
Then, you can simply email the credentials to the users’ manager so they have the credentials ready during their first day of employment.
Step 1: Create Outlook Email Template
Open Outlook and create a new email. In the body, add something like this:
Go to File > Save As > and save to a folder such as C:\Scripts\Final. Name the file “Template“. Outlook saves this as a .msg file (C:\Scripts\Final\template.msg)
Step 2: Create AD Password Pusher Script
This is the primary script you will run first. At the end of this script, it will call a separate Emailpwpush.ps1 script and prompt you to enter that password. The reason I’m telling you this is because if you run just Emailpwpush.ps1, it won’t prompt for the AD password, so make sure to run this script if you want to include both in email to their manager.
The only difference between the two scripts are that this first one has a line at the very end to call the 2nd script: & .\Emailpwpush.ps1
[CmdletBinding()]
Param(
[Parameter(Position=1,Mandatory=$true)]
[AllowEmptyString()]
[string]$ADPassword,
[ValidateRange(1,90)]
[string]$Expire = 7,
[ValidateRange(1,100)]
[string]$Views = 10
)
If (!$ADPassword) {[string]$ADPassword = (Get-Random)}
Write-Host "Using password: $ADPassword"
$IE = New-Object -ComObject "InternetExplorer.Application"
$RequestURI = "https://pwpush.com"
$IE.Visible = $false
$IE.Silent = $true
$IE.Navigate($RequestURI)
While ($IE.Busy) {Start-Sleep -Seconds 1}
$Payload = "password_payload"
$ExpireID = "password_expire_after_days"
$ViewsID = "password_expire_after_views"
$Doc = $IE.Document
$Doc.getElementsByTagName("input") | ForEach-Object {
if ($_.id -ne $null){
if ($_.id.contains($Payload)) {$Payload = $_}
if ($_.id.contains($ExpireID)) {$ExpireID = $_}
if ($_.id.contains($ViewsID)) {$ViewsID = $_}
}
if ($_.name -ne $null){
if ($_.name.contains($commit)) {$SubmitButton = $_}
}
}
$Payload.value = $ADPassword
$ExpireID.value = $Expire
$ViewsID.value = $Views
#Start-sleep -Seconds 1
$SubmitButton.click()
While ($IE.Busy) {Start-Sleep -Seconds 1}
$URL = "url"
$Doc.getElementsByTagName("input") | ForEach-Object {
if ($_.id -ne $null){
if ($_.id.contains($URL)) {$URL = $_}
}
}
$URL.value
Write-Output $URL.value | Set-Clipboard
Write-Host "URL Copied to clipboard! Press ENTER to paste into the Outlook template." -ForegroundColor Black -BackgroundColor Green -NoNewline
$EmailAddress = Read-Host
$file= C:\Scripts\Final\Template.msg
$outlook= New-Object -ComObject outlook.application
####Call another powershell script to run EmailPass
& .\Emailpwpush.ps1
Step 3: Create Emailpwpush.ps1 Script
Next, create the second script. This script works just like the first one, except it asks you to input the email password to generate a pwpush.com secure link, and also copies that one to your clipboard.
[CmdletBinding()]
Param(
[Parameter(Position=1,Mandatory=$true)]
[AllowEmptyString()]
[string]$EmailPassword,
[ValidateRange(1,90)]
[string]$Expire = 7,
[ValidateRange(1,100)]
[string]$Views = 10
)
If (!$EmailPassword) {[string]$EmailPassword = (Get-Random)}
Write-Host "Using password: $EmailPassword"
$IE = New-Object -ComObject "InternetExplorer.Application"
$RequestURI = "https://pwpush.com"
$IE.Visible = $false
$IE.Silent = $true
$IE.Navigate($RequestURI)
While ($IE.Busy) {Start-Sleep -Seconds 1}
$Payload = "password_payload"
$ExpireID = "password_expire_after_days"
$ViewsID = "password_expire_after_views"
$Doc = $IE.Document
$Doc.getElementsByTagName("input") | ForEach-Object {
if ($_.id -ne $null){
if ($_.id.contains($Payload)) {$Payload = $_}
if ($_.id.contains($ExpireID)) {$ExpireID = $_}
if ($_.id.contains($ViewsID)) {$ViewsID = $_}
}
if ($_.name -ne $null){
if ($_.name.contains($commit)) {$SubmitButton = $_}
}
}
$Payload.value = $EmailPassword
$ExpireID.value = $Expire
$ViewsID.value = $Views
#Start-sleep -Seconds 1
$SubmitButton.click()
While ($IE.Busy) {Start-Sleep -Seconds 1}
$URL = "url"
$Doc.getElementsByTagName("input") | ForEach-Object {
if ($_.id -ne $null){
if ($_.id.contains($URL)) {$URL = $_}
}
}
$URL.value
Write-Output $URL.value | Set-Clipboard
Write-Host "URL Copied! Paste it into your email." -ForegroundColor Black -BackgroundColor DarkGreen -NoNewline
$EmailAddress = Read-Host
Then, you can simply send the email to their manager.
Wrapping Up
This script works very well if you pair it with my Create AD User and Office 365 user script. Once the AD script runs, just write down the password. Then, run this script and type in that password.
I have both of these scripts in my Powershell Gui Menu, so I can just click the AD User Creation button, generate the password, and then click the Send Welcome Email button and type in the passwords to send out.
My Homelab Equipment
Here is some of the gear I use in my Homelab. I highly recommend each of them.
- Server 2019 w/ Hyper-V
- Case: Fractal Design Node 804
- Graphics Card: NVIDEA Quadro K600
- CPU: AMD Ryzen 7 2700
The full list of server components I use can be found on my Equipment List page.