I have come across an interesting problem when using custom batch file launchers: if any of the command line arguments, such as a password, contains any of these characters:
| < > " & then they don’t get passed into the batch file correctly and it breaks. (Other symbols like
@ ! ( ) ^ ' % # $ £ * are all fine.)
The first four problem characters will not generally cause difficulties as they are in the SAP character/symbol sets but not in the defaults. Mainframe passwords are generated from a more restricted character set and so are not affected either. However the
& character is in the default Secret Server character set and symbol set, and so randomly generated passwords can contain this character – and hence cause a custom batch file launcher to fail.
There are two possible solutions:
(a) You can ‘escape’ the
& character as follows: within the custom batch file launcher configuration page, if you click Advanced you can set ‘Characters to Escape’ to
& and set ‘Escape Character’ to
^. That means that if a password is
ABC&DEF, then what is presented to the batch file launcher is
ABC^&DEF, so you therefore need to include logic in your batch file to modify any substring within a supplied argument from
& in order to reverse the process.
(b) Update the default Password Requirements within Secret Server, so that it will not include the
& character within a password that it generates.
This second approach can be done as follows:
- Go to Admin > Secret Templates > Password Requirements.
2. Assuming that you have not created your own password requirement templates click Default. You will be taken to the ‘Password Requirement Edit’ page.
3. Click Character Set. A new tab will open.
4. Create your own Character sets with names such as
Symbol2. These should be the same as the
Symbol character sets but with the
& character removed. It should look similar to this:
5. Click Back.
6. On the ‘Password Requirement Edit’ page change any references to
Default2 and change any references to
Symbol2. The result should look similar to this:
(Obviously the numbers of the different sorts of characters can be different – this screenshot shows the defaults.)
7. Click Save.
8. Click Default. You will be taken back to the ‘Password Requirement Edit’ page, which includes an example password at the top of the page:
Obviously the example password generated will be different from that shown here, but the important thing is that it should not contain any
& characters. It is probably worth doing this a few times to make sure that it is working correctly.
After this, any automatically generated passwords should not include a
& character, and thus not cause problems with a custom batch file.
This may be of use to someone out there!