Best Practices For Scheduling PowerShell Scripts
Hi,
we are using RDM, Devolutions Server and several PowerShell Scripts to automate certain tasks within RDM.
E.g. linking entries to specific folders.
Now we would like to schedule such a script (e.g. run at 04:00 am).
Do you have any best practice recommendations on how best to implement this?
We are primarily interested in the security perspective (authentication within the scheduled PowerShell script etc.).
Best Regards
All Comments (5)
Hello an33,
Thank you for contacting the Devolutions support team.
Depending on the data, there are entries called synchronizers.
Those entries could be configured to synchronize automatically using the Scheduler service account.
I invite you to have a look at those entries to see if this could useful.
For PowerShell:
To run a Windows schedule task, you need to authenticate with the Application Identity.
This account could be used with DS and RDM cmdlet.
https://docs.devolutions.net/powershell/dvls-powershell/powershell-connectivity/
Could you tell me if you have already used the PowerShell module from Devolutions?
Best regards,
Patrick Ouimet
Hi,
yes, thanks, we also use the synchronizers, but unfortunately this would not be possible for this type of entry.
And yes, we also use the Devolutions PowerShell module.
We would have planned the following now:
1) Create Application Identity (thanks to your suggestion)
2) Store this encrypted in our configuration management system
3) The configuration management system then executes the PowerShell code on a scheduled basis
Would this be best practice or are we missing something?
Hello,
Thank you for your feedback.
The configuration may vary depending on your environment and the cmdlet you are using.
The DS cmdlet should function as intended without requiring authentication.
Regarding the RDM cmdlet, you need to ensure that the application identity is correctly set in RDM, especially if you have created a new data source. You can do this by navigating to File -> Data Sources -> Edit -> PowerShell.
If you have multiple data sources configured, please note that the active one will always prompt for authentication before you can switch to another data source (as is the case when you open RDM).
I hope this information helps. If you need any further assistance, please let me know.
Best regards,
Patrick Ouimet
Hi,
thanks for your detailed explanation.
From my point of view that means that the secret for the application ID needs to be stored on the client where RDM is installed, right?
Is there also a way where we can authenticate directly using PowerShell commands without the need of storing a secret on the client?
Then we could store the credentials in our configuration management tool.
Best regards
Hello an33,
Absolutely, you can create a new data source in RDM using the first method from this article:
https://docs.devolutions.net/powershell/dvls-powershell/powershell-connectivity/
With this method, you will create a new data source in RDM with the application identity.
Note that if you already have a data source registered, you will be prompted to authenticate with the current active data source.
If there is no RDM installed on the server, you can still create a new data source using PowerShell with the application identity as authentication.
Best regards,
Patrick Ouimet