Powershell and CyberArk PSM
Our Info Sec team has pushed through management that we will need to use CyberArk PSM for our Remote Desktop needs starting next month.
I need to rebuild our powershell automation that runs on new server deployments to be able to build the server entry appropriately in RDM for us.
Currently when I run the New-RDMSession command and try to set it to the Type of CyberArkPSM it generates an error that this Type is not a valid argument.
Any help I can get on this is appreciated.
All Comments (10)
Hello,
Are you trying to generate the PSM /u ... /a ... command line? if so it would be simpler to use the RDP type (as long as you have all of the info on hand already)
We are designing a new console to help bridge the gap between endpoints and accounts, but that may be available only Q3...
As for creating the PSM types using powershell, let us know if you want to pursue that track, but we'll probably need to escalate to engineering for troubleshooting.
Best regards,
Maurice
So I'm talking about creating the PSM Connection Entry as seen on Page 7 here:
Devolutions Remote Desktop Manager - CyberArk PSM integration guide
As for the powershell, or original command to create new RDP entries was:
$rdm = New-RDMSession -Group "Folder" -Name "EntryName" -Host "ServerFQDN" -Type "RDPConfigured"
But we now need a command to create new PSM entries.
Hello,
The combination of PSM Server and PSM Connection components ultimately only generate the PSM command line.
We will escalate to engineering.
Best regards,
Maurice
It was as simple as allowing the types to be created using the CmdLet. I have just commited to our code base and it will be available in the first RDM 2021.1 beta that is coming soon.
It may be easier to subscribe to https://forum.devolutions.net/forums/14/remote-desktop-manager--beta to get a notification as soon as it comes out.
Best Regards,
Maurice
As far as Powershell is concerned, I have posted a sample in
https://github.com/Devolutions/RDMSamples-ps/blob/main/module/entries/CyberArk/CyberArkPSM.ps1
Maurice
Thank you!
Really Thank you.
Hello,
I am trying to achieve the same thing over here but I haven't found a way to populate the "Programs > Program path and filename" via the PowerShell module.
So far I am using this command line as a test : "New-RDMSession -Name "Test" -Host "PSM.test.local" -Type RDPConfigured -SetSession" but I need to configure the line "PSM /u ... /a ..." as well.
Could you please help me out ?
Thank you.
Hello,
Try the following$computerName = "MyPSMServer.domain.com";$session = New-RDMSession -Host $computerName -Type "RDPConfigured" -Name $computerName;$session.AlternateShell = "PSM /u PrivilegedAccountName /a destination.domain.com /c PSM-RDP"Set-RDMSession -Session $session -Refresh;
Maurice
The example script saved my bacon, I've managed to adapt it to ensure that when I'm setting up new users all I have to do is tell them to run it.
Are there any plans to be able to create a new-rdmtemplate with the type of CyberArkPSM? I would like to run a command as such to be able to create a PSM Connection template then to be able to import a list of servers using the synchronizer pointing to the template.
Hi,
Well to be frank our current implementation was just a stepping stone to something that requires a fundamental change in how we handle connections.
We've seen that our community needs to be able to connect to any HOST, that requiring them to create a PSM Connection entry forced them to have multiple entries per host. In the 2021.2 release, you should be able to pick ANY entry that defines a host, right click on it to be offered to offer a menu like
CyberArk
- PSM Server A
- Connection Component - RDP
- Connection Component - SSH
It will remove the need for hundreds of entries that duplicate what you already have
Maurice