IT’s TIME: Update Those Security Settings with PowerShell
Secret Server 8.4, released in January, included additional ways to update Secret security settings via the web services API. This week, we’ll show you how to use PowerShell to access the Secret Server web services API and configure security settings for Secrets.
Web Service security settings: What’s available?
The web services API can help you configure Remote Password Changing and advanced security settings, including:
These settings correspond to those you will see in the browser interface on the Remote Password Changing and Security tabs of a Secret.
The sample script we’ll use today creates a new Secret and then updates it to use the Require Approval for Access security setting. Because this setting also requires Approvers, our PowerShell script includes parameters to set both a user and a group as approvers. For the entire script, see our KB article HERE.
First, provide your Secret Server URL in the script. You’ll be prompted for your Secret Server login credentials at runtime:
If you’re using a domain account, add a similar line for the domain. See Using Web Services with Windows Authentication (PowerShell) if you use Integrated Windows Authentication.
Utilize the password generator to create new, randomized passwords when you aren’t using an already-existing password:
Create the Secret
Create a Secret by providing the Template ID, new Secret name, field ID’s and value, and destination folder with the AddSecret method. Helper functions findFieldId, findTemplate and findFolderId take care of automating the process of determining ID’s, if you don’t already know these ID values.
Update Secret security settings
Once your new Secret has been created, modify its security settings using the result of AddSecret. In this case, we’ll utilize another method to obtain the object type necessary for adding groups and users, and create new records (one for a user, one for a group). Then we’ll add them to the Secret as approvers:
Finally, we’ll use the UpdateSecret method to apply our new security settings to the same Secret we created earlier.
Keep errors in check!
Don’t forget to use an error-checking function to assist with debugging and determine whether there are any errors to return for each web services call you make:
For an example of retrieving and updating Remote Password Changing settings for existing Secrets, see our previous blog post on the web services API.
For additional resources on using the web services API, see our Knowledge Base and Web Services API Guide. Troubleshooting your own script using Secret Server web services? Our technical support team is always available to help! Contact support HERE.
Latest posts by Thycotic Team (see all)
- Security Metrics Must Tell a Story That is Relevant to Your Business - September 6, 2016
- Predicting Potential Threat: Behavior Analytics & Threat Modeling - October 21, 2014
- (Video) Are You Following Password Best Practices? - September 23, 2014