前述のように、ユーザー名と新しいパスワード (およびその他のデータ) を含むBASE64文字列がスクリプトにパイプされ、Windowsスケジュールタスクの認証情報をローテーションするために使用されます。
@echo off
for /f "tokens=*" %%a in ('more') do set input=%%a
set base64tmp=%temp%\base64.tmp
set json=%temp%\json.tmp
echo %input% > %base64tmp%
certutil -decode %base64tmp% %json%
for /f "usebackq delims=" %%a in (`jq -r .user %json%`) do set "user=%%a"
for /f "usebackq delims=" %%a in (`jq -r .newPassword %json%`) do set "newPassword=%%a"
set adminrecord=%temp%\adminrecord.tmp
set adminuid=<Admin UID>
jq -r ".[] | select(.uid == \"%adminuid%\")" %recordsjson% > %adminrecord%
@REM pull the login, domainName, and password from the %adminrecord% JSON object
for /f "usebackq delims=" %%a in (`jq -r .login %adminrecord%`) do set "adminuser=%%a"
for /f "usebackq delims=" %%a in (`jq -r .domainName %adminrecord%`) do set "domainname=%%a"
for /f "usebackq delims=" %%a in (`jq -r .password %adminrecord%`) do set "adminpassword=%%a"
@REM Create the admin usermain by combining the username@domainname
set adminusername=%adminuser%@%domainname%
schtasks /change /tn "<Task Name>" /s "<Target Server>" /u %adminusername% /p %adminpassword /ru %user% /rp %newPassword%
@echo off
for /f "tokens=*" %%a in ('more') do set input=%%a
set base64tmp=%temp%\base64.tmp
set json=%temp%\json.tmp
set recordsb64=%temp%\recordsb64.tmp
set recordsjson=%temp%\records.tmp
echo %input% > %base64tmp%
certutil -decode %base64tmp% %json%
for /f "usebackq delims=" %%a in (`jq -r .user %json%`) do set "user=%%a"
for /f "usebackq delims=" %%a in (`jq -r .newPassword %json%`) do set "newPassword=%%a"
for /f "usebackq delims=" %%a in (`jq -r .records %json%`) do set "records=%%a"
echo %records% > %recordsb64%
certutil -decode %recordsb64% %recordsjson%
@REM Find the admin record that has a uid that matches %adminuid% and save to %adminrecord%
set adminrecord=%temp%\adminrecord.tmp
set adminuid=<Admin UID>
jq -r ".[] | select(.uid == \"%adminuid%\")" %recordsjson% > %adminrecord%
@REM pull the login, domainName, and password from the %adminrecord% JSON object
for /f "usebackq delims=" %%a in (`jq -r .login %adminrecord%`) do set "adminuser=%%a"
for /f "usebackq delims=" %%a in (`jq -r .domainName %adminrecord%`) do set "domainname=%%a"
for /f "usebackq delims=" %%a in (`jq -r .password %adminrecord%`) do set "adminpassword=%%a"
@REM Create the admin usermain by combining the username@domainname
set adminusername=%adminuser%@%domainname%
del %base64tmp%
del %json%
del %recordsb64%
del %recordsjson%
del %adminrecord%
@REM Update the scheduled task with the new password
schtasks /change /tn "<Task Name>" /s "<Taget Server>" /u %adminusername% /p %adminpassword% /ru %user% /rp "%newPassword%"
if %errorlevel% neq 0 exit /b %errorlevel%