Передача разблокировала учетные данные к powershell сценарию

AFAIK, there's no way from a standard user-mode process (like Powershell) to get the current user's clear text password. And that's a good thing. If there were, it would be a pretty large security vulnerability.

While it might be possibly to write a Windows Credential Provider that can hook into the WinLogon APIs and ultimately receive the user's clear text username and password during the unlock process, it's really not the right solution for what you're trying to accomplish. It's also probably beyond the level of programming effort you're willing to delve into for this solution.

If your VPN solution is actually integrated with your domain, I would hope it supports a way to use the user's existing Kerberos ticket to establish the VPN connection without actually needing to explicitly enter the user's credentials again. That's going to be entirely dependent on your VPN solution though. It also assumes the VPN solution is actually tied into your domain and not just using a duplicate identity s

Я использую два сценария для сохранения и загрузки учетных данных. Загрузить их может только пользователь, сохранивший учетные данные.

Конечно, пользователь должен ввести свои учетные данные один раз.

Save-Credential.ps1

param(
    [Parameter(Mandatory=$True)]
    [string]$CredentialName
    )

$path = (([System.IO.Path]::GetDirectoryName($PROFILE.CurrentUserCurrentHost))+ '\Credentials\'+$CredentialName+'.xml')
$dir = ([System.IO.Path]::GetDirectoryName($path))
if((Test-Path ($dir)) -eq $false)
{
    New-Item -Path $dir -ItemType Directory
}

$cred = Get-Credential
$cred | Export-Clixml $path

Load-Credential.ps1

param(
    [Parameter(Mandatory=$True)]
    [string]$CredentialName
    )

$path = (([System.IO.Path]::GetDirectoryName($PROFILE.CurrentUserCurrentHost))+ '\Credentials\'+$CredentialName+'.xml')
if(Test-Path ($path ))
{
    Import-Clixml $path
}else
{
    Write-Host "File $path not found."
}

Объект учетной записи имеет свойство безопасной строки.