Blog

  • IT’s TIME: Update Those Security Settings with PowerShell

    Secret Server 8.4, released in January, included additional ways to update Secret security settings via the web services API. This week, we’ll show you how to use PowerShell to access the Secret Server web services API and configure security settings for Secrets.

    Web Service security settings: What’s available?

    The web services API can help you configure Remote Password Changing and advanced security settings, including:

    capture3

    These settings correspond to those you will see in the browser interface on the Remote Password Changing and Security tabs of a Secret.

    The sample script we’ll use today creates a new Secret and then updates it to use the Require Approval for Access security setting. Because this setting also requires Approvers, our PowerShell script includes parameters to set both a user and a group as approvers. For the entire script, see our KB article HERE.

    Review: Authentication

    First, provide your Secret Server URL in the script. You’ll be prompted for your Secret Server login credentials at runtime:

    Webservices1

    If you’re using a domain account, add a similar line for the domain. See Using Web Services with Windows Authentication (PowerShell) if you use Integrated Windows Authentication.

    Generating Passwords

    Utilize the password generator to create new, randomized passwords when you aren’t using an already-existing password:

    Webservices2

    Create the Secret

    Create a Secret by providing the Template ID, new Secret name, field ID’s and value, and destination folder with the AddSecret method. Helper functions findFieldId, findTemplate and findFolderId take care of automating the process of determining ID’s, if you don’t already know these ID values.

    Webservices3

    Update Secret security settings

    Once your new Secret has been created, modify its security settings using the result of AddSecret. In this case, we’ll utilize another method to obtain the object type necessary for adding groups and users, and create new records (one for a user, one for a group). Then we’ll add them to the Secret as approvers:

    Webservices4

    Finally, we’ll use the UpdateSecret method to apply our new security settings to the same Secret we created earlier.

    Keep errors in check!

    Don’t forget to use an error-checking function to assist with debugging and determine whether there are any errors to return for each web services call you make:

    Webservices5

    For an example of retrieving and updating Remote Password Changing settings for existing Secrets, see our previous blog post on the web services API.

    For additional resources on using the web services API, see our Knowledge Base and Web Services API Guide. Troubleshooting your own script using Secret Server web services? Our technical support team is always available to help! Contact support HERE.

    The following two tabs change content below.
    We deploy smart, reliable, IT security solutions that empower companies to control and monitor privileged account credentials and identities.
    Leave a reply →

Leave a reply

Cancel reply