Ideas about Powershell/Tools section
0 vote
Hello,
David encouraged me to post my ideas and suggestions. So actually this is not a real feature request it is more a collection about ideas regarding Tools/Scripting in general.
Scripting and Powershell are getting more and more important so i think RDM could be a central tool for it. And maybe some of my ideas are already solvable or already implemented, but i couldn't find them in a straightforward way.
Macros/Script/Tools Section in Dashboard in general
It is not visible which Entries act local or remote and which work for the current Entry at all. So for example "Computer Management" does not help at a Website connection entry of a switch or "Netstat" is always only about my local machine. The function of the "visibility" entry in Description of a tool is complete unclear to me but points in a good direction. So it would be great to have a general Macros/Script/Tools container where i can set the visibility of the entries on different rules. So for example "Computer Management" is only visible on Dashboard of RDP Entries, or Tool "x" is only available on entries in a certain Folder or on entries with a certain Tag. The mentioned container could also act as global Script Repository for a whole database. I know some things could be maybe already handled with Templates as a workaround but for me it is not very straightforward.
Credentials and Powershell
While playing around with Powershell Tools entries i was not able to get a value with the $TOOL_PASSWORD$ variable. I think for sure there is somewhere a security entry to allow it, but i was not able to find. Anyway it would be not a good idea to have a plain password as a parameter. It would be nice for scripting to have [PSCredential] Variables ready to use as parameter. They are already encrypted and safe and cannot reversed to plain text (as far as i know). So what about having variables like $PSCRED$, $PSTOOLCRED$, $PSVPNCRED$ ready for parameters in Powershell Entries which can than directly be used as parameter for various commands with credentials needs.
Powershell and Parameters
With the existence of a script repository the parameters could be read from the script. So it would be nice to handle them in various ways.
So for example think of a simple "AddUser" or "DisableUser" Script which can work for several Domains (Customers).
To use "AddUser" in the most simple way you need Name, Domain, OU, Password, UPNSuffix
To use this script out of the repository you can make it f.e. available as a Tool entry of domain controllers.
The parameter Domain could be inherited from the entry
The parameter OU could be set as property
The parameter UPNSuffix could have another script from the repository as a source which fetches the available Suffixes for that specific domain
For the other parameters a dynamic dialogbox opens which contains a text field for Name, a password field for Password and a drop down box to choose UPNSuffix.
For a DisableUser Script the Parameter User could be first fetched from another script from AD and then presented as a DropDown Box.
With this possibilities Users using RDM would not need the credentials to log on to a machine. So the security could completely stay within RDM and Helpdesk Users only have the rights they really need
Powershell Output
Currently if you use a Powershell script you can leave the window open to see any output. In this case it the user is still able to use then powershell commands. If you choose to close the shell after running, you cannot see any outcome of the script. It would be nice to have the possibility for a result view. Either in a pane where the output of powershell is shown but the session is already closed or a msg box with the output.
Powershell and Cloud
It would be nice to have ready entries for Cloud Connectors. Building a powershell connection to the graph API to AAD, ExchangeOnline, Intune,... is a common but not so easy task. Often you don't want that the user has all passwords and so on to do it by himself. Having these kind of entries with the security context of RDM for interactive Shell or for Scripting would be a great help.
So i hope you like some of my ideas even if some would mean a lot of work and lot of changes.
If something of the ideas is unclear please let me know or anyway looking forward for an "ideas" discussion.
Best regards,
Heinrich
All Comments (2)
Hello,
There is a lot of stuff to analyze and I will try to read it carefully. About the last one (PowerShell and Cloud), could you give me an example on how you see the integration in RDM? Perhaps a mock or a special entry types?
David Hervieux
Hello David,
Thanks for answering and reading my lines. What i mean i found actually in the meantime by random in another forum post
https://forum.devolutions.net/topics/4978/connecting-to-office--powershell (I havn't tested the solutions described but they are pointing in the right direction)
Taking this post shows the necessary steps to have a powershell session for 365 services... So it would be a big improvement having f.e. a Online Powershell Session Entry Type where i can tick Sharepoint, Exchange, Intune, AAD, and so on... where for example the Hostname could be the tenant name and RDM handles all the logic. Without working with plain text password variables as parameters at all (Which is by the way as far as i analyzed not possible for a "Tool" entry type at all cause the "Allow password in variable" does not exist in Powershell Tool object). I don't know if it is possible to implement this in the structure of RDM because of the authentication types Microsoft uses but it would be definitely worth to investigate. Graph API might be even more difficult regarding authentication. Maybe not everything could be done automatic but then an additional dedicated help or best practice guide could help.
Another example for my big picture idea: Shortly i found a PS module to export/backup Intune configuration and to import it into another tenant (I can send you the link in PM, i don't want to link 3rd party pages here). Going back to the Tools idea. Having this script ready in RDM could be a help. Having all my customers organized as Folders in RDM and simply clicking on a tool to get the export for one customer would be what i call a tool.
There are also a lot of examples of simple reports which are fetching various information from O365. Having them right where i need them when i work, as a tool/session object for an customer, would speed up work. At the moment i have my scripts organized in scripts folder on my disk. Whenever i use them i open a powershell session and run them with copy paste of username and password and so on. If a colleague needs a tool i have to copy it over to him. And years ago i also started with lot of RDP Files organized in Folders. RDM is a great product for me but for working with (online) scripts i currently work outside of it but i would like to work inside with all logging, central database, and so on.
Sorry, was a bit more then only about cloud. But i hope it is getting clearer what i mean.
Regards,
Heinrich