I have a tool I'm working on in vb.net that essentially lets IT users in my org trigger a number of remote GUI processes on PCs. I call PSEXEC from within my application and pass it the user and password of a service account I have set up.
I want to be as security conscious as possible and am looking at using the SecureString class to store the user and password. My question is this: If I store my service acct. user and password using Secure String, then pass these to PSEXEC when I call it, does PSEXEC transmit an obfuscated password over the network or does it transmit the plain string?
Any help would be appreciated as this is a little new to me!
Thanks!
EDIT:
Code I use to call PSEXEC:
Private Sub startProcess(ByVal remotePC As String, ByVal remotePC_URL As String, ByVal remoteUser As String, ByVal password As String)
Dim proc As New System.Diagnostics.Process
proc.StartInfo = New ProcessStartInfo("CMD")
proc.StartInfo.Arguments = "/k psexec \\" & remotePC & " -u " & remoteUser & " -p " & password & " -i -d ""C:\Program Files (x86)\Internet Explorer\iexplore.exe"" -k " & remotePC_URL & ""
proc.StartInfo.CreateNoWindow = True
proc.StartInfo.UseShellExecute = False
proc.Start()
End Sub 'startProcess
Is it user account / login information you use to authenticate to the remote server? If so, it's usually secured (same as login popup you get). Otherwise it depends on the protocol being used. For HTTP, as an example, everything is sent in plain text. Please provide some code for us to better understand your need.