SteeltoeOSS · Copilot · Jan 8, 2026 · Jan 8, 2026 · Jan 8, 2026 · Jan 13, 2026
diff --git a/FileShares/README.md b/FileShares/README.md
@@ -49,7 +49,6 @@ You can also delete files by clicking the "Delete file" button in the same row a
 > [!TIP]
 > The sample uses credentials different from those of your Windows user account. If you've opened the file share in Windows Explorer before running the sample, it fails because a file share can't be accessed by one user using multiple credentials. To recover, run `klist purge` to make Windows forget the connection from Windows Explorer.
 
-
 ### Removing the local user account and file share
 
 > [!CAUTION]
@@ -71,10 +70,16 @@ Before deploying the app, you must create an entry in CredHub to contain the cre
 
 ### Store credentials in CredHub
 
+> [!NOTE]
+> The [cf-create-service.ps1](scripts/cf-create-service.ps1) script requires PowerShell 7 or later.
+
 1. Run [cf-create-service.ps1](scripts/cf-create-service.ps1) to create a service instance in CredHub, using parameters to set the required values:
-   * `-NetworkAddress \\\\<hostname>\\<sharename>` - escaped UNC path of the fileshare
-   * `-UserName <username>` - the username for accessing the fileshare
-   * `-Password <password>` - the password for accessing the fileshare
+   * `-NetworkAddress \\<hostname>\<sharename>` - UNC path to the network share (required). For example: `\\localhost\steeltoe_network_share`
+   * `-UserName <username>` - the username for accessing the file share, can include domain (e.g., `DOMAIN\username`) (required)
+   * `-Password <password>` - the password for accessing the file share (required)
+   * `-ServiceName credhub` - the name of the service for storing credentials
+   * `-ServicePlan default` - the service plan to use
+   * `-ServiceInstanceName sampleNetworkShare` - the name of the service instance
 
 ### Deploy the app
 

diff --git a/FileShares/scripts/add-user-and-share.ps1 b/FileShares/scripts/add-user-and-share.ps1
@@ -2,12 +2,13 @@
 #Requires -Modules Microsoft.PowerShell.LocalAccounts, SmbShare
 
 Param(
-	[string]$ShareName = "steeltoe_network_share",
-	[string]$SharePath = "c:\steeltoe_network_share",
-	[string]$UserName = "shareWriteUser",
-	[string]$Password = "thisIs1Pass!"
+    [Parameter(Mandatory = $false, HelpMessage = "The name of the share")][string]$ShareName = "steeltoe_network_share",
+    [Parameter(Mandatory = $false, HelpMessage = "The path to the share. For example: 'c:\steeltoe_network_share'")][string]$SharePath = "c:\steeltoe_network_share",
+    [Parameter(Mandatory = $false, HelpMessage = "The name of the user")][string]$UserName = "shareWriteUser",
+    [Parameter(Mandatory = $false, HelpMessage = "The password for the user")][string]$Password = "thisIs1Pass!"
 )
 $ErrorActionPreference = "Stop"
+
 if ($PSVersionTable.PSVersion.Major -lt 6)
 {
     Write-Output "Running in Windows PowerShell (version < 6)"
@@ -18,7 +19,7 @@ else
     Add-Type -AssemblyName System.Management.Automation
     Import-Module Microsoft.PowerShell.LocalAccounts -SkipEditionCheck
 }
-$SecurePassword = ConvertTo-SecureString -String $Password -AsPlainText -Force
+$securePassword = ConvertTo-SecureString -String $Password -AsPlainText -Force
 
 if (Get-LocalUser -Name $UserName -ErrorAction SilentlyContinue)
 {
@@ -28,7 +29,7 @@ else
 {
     Write-Host "Creating local user $UserName..."
     New-LocalUser $UserName `
-        -Password $SecurePassword `
+        -Password $securePassword `
         -FullName "SMB ReadWrite" `
         -Description "For write access to $ShareName" | Out-Null
     Write-Host "Done creating user."

diff --git a/FileShares/scripts/cf-create-service.ps1 b/FileShares/scripts/cf-create-service.ps1
@@ -1,15 +1,28 @@
+#Requires -Version 7.0
+
 Param(
-    [Parameter(Mandatory = $true, HelpMessage = "Escaped UNC path. For example, if the path is '\\localhost\steeltoe_network_share', use '\\\\localhost\\steeltoe_network_share'.")][string]$NetworkAddress,
-	[Parameter(Mandatory=$true)][string]$UserName,
-	[Parameter(Mandatory=$true)][string]$Password,
-    [string]$ServiceName = "credhub",
-    [string]$ServicePlan = "default",
-    [string]$ServiceInstanceName = "sampleNetworkShare"
+    [Parameter(Mandatory = $true, HelpMessage = "UNC path to the network share. For example: '\\localhost\steeltoe_network_share'")][string]$NetworkAddress,
+    [Parameter(Mandatory = $true, HelpMessage = "The username for accessing the file share, can include domain. For example: 'DOMAIN\username'")][string]$UserName,
+    [Parameter(Mandatory = $true, HelpMessage = "The password for accessing the file share.")][string]$Password,
+    [Parameter(Mandatory = $false, HelpMessage = "The name of the service for storing credentials")][string]$ServiceName = "credhub",
+    [Parameter(Mandatory = $false, HelpMessage = "The service plan to use")][string]$ServicePlan = "default",
+    [Parameter(Mandatory = $false, HelpMessage = "The name of the service instance")][string]$ServiceInstanceName = "sampleNetworkShare"
 )
 $ErrorActionPreference = "Stop"
 
-$ParamJSON = [string]::Format('{{\"location\":\"{0}\",\"username\":\"{1}\",\"password\":\"{2}\"}}', $NetworkAddress, $UserName, $Password)
+# Build parameter object and convert to JSON using PowerShell's built-in JSON serialization
+# This automatically handles escaping of special characters including backslashes, quotes, etc.
+$params = @{
+    location = $NetworkAddress
+    username = $UserName
+    password = $Password
+}
+$jsonParams = $params | ConvertTo-Json -Compress
 
-Write-Host "cf create-service $ServiceName $ServicePlan $ServiceInstanceName -c $ParamJSON -t $ServiceInstanceName"
+# Create a redacted copy of the parameters for logging so the password is not exposed
+$redactedParams = $params.Clone()
+$redactedParams['password'] = 'REDACTED'
+$redactedJsonParams = $redactedParams | ConvertTo-Json -Compress
 
-cf create-service $ServiceName $ServicePlan $ServiceInstanceName -c $ParamJSON -t $ServiceInstanceName
+Write-Host "cf create-service $ServiceName $ServicePlan $ServiceInstanceName -c $redactedJsonParams -t $ServiceInstanceName"
+cf create-service $ServiceName $ServicePlan $ServiceInstanceName -c $jsonParams -t $ServiceInstanceName
diff --git a/FileShares/scripts/remove-user-and-share.ps1 b/FileShares/scripts/remove-user-and-share.ps1
@@ -2,11 +2,12 @@
 #Requires -Modules Microsoft.PowerShell.LocalAccounts, SmbShare
 
 Param(
-    [string]$ShareName = "steeltoe_network_share",
-    [string]$SharePath = "c:\steeltoe_network_share",
-    [string]$UserName = "shareWriteUser"
+    [Parameter(Mandatory = $false, HelpMessage = "The name of the share")][string]$ShareName = "steeltoe_network_share",
+    [Parameter(Mandatory = $false, HelpMessage = "The path to the share. For example: 'c:\steeltoe_network_share'")][string]$SharePath = "c:\steeltoe_network_share",
+    [Parameter(Mandatory = $false, HelpMessage = "The name of the user")][string]$UserName = "shareWriteUser"
 )
 $ErrorActionPreference = "Stop"
+
 if ($PSVersionTable.PSVersion.Major -lt 6)
 {
     Write-Output "Running in Windows PowerShell (version < 6)"
@@ -17,6 +18,7 @@ else
     Add-Type -AssemblyName System.Management.Automation
     Import-Module Microsoft.PowerShell.LocalAccounts -SkipEditionCheck
 }
+
 if (Get-SmbShare $ShareName -ErrorAction SilentlyContinue)
 {
     Remove-SmbShare -Name $ShareName