psake calling msdeploy.cmd with parameter containing an ampersand

I have a psake script to manage my deployments, the process is as follows:

1. Compile & run tests
2. Generate a deployment package using msbuild
3. Check to see if we are deploying internally or externally
4. If internal, execute the generated cmd file
5. if external, prompt for username and password and execute the generated cmd file with the username and password as parameters

I'm executing msdeploy in the following manne开发者_Python百科r when deploying externally:

exec { & $deploy_cmd /Y /M:$msdeploy_url /U:$user /P:$pwd /A:NTLM }

When the password contains an ampersand (&) then the cmd file, I assume, when assigning the parameter to a variable assigns the portion of the password before the & and tries to execute the portion afterwards. Which is bat file behaviour (& are used to separate commands).

I've tried escaping the password with the caret (^) during the prompt for the password, but that didn't work.

Other than changing the password, are there any other alternatives?

Because the cmd file is parsing the parameters and then passing them again as raw strings the only way I've gotten a | character to work in a password is to triple escaped it with ^^^ before some of the special characters. I'm assuming & will work similarly. Or you can just escape all characters in the password:

    $pwd = $pwd -replace '.','^^^$&'