Forum

Posts by ryan04 (ryan04)

ryan04
ryan04
Posts: 66

I believe DVLS is only available on Windows? If there is not a roadmap to port it to other platforms, the Windows event log would likely be the easiest to implement.

2 yrs External monitoring
ryan04
ryan04
Posts: 66

That could work... I have been thinking about moving to the synchronizers. I remember reading something about a potential PowerShell synchronizer somewhere on the forums... is that still in the works?
I'll do some testing with the CSV synchronizer and see what works. There's always more than one way to do something in RDM smile

2 yrs Credentials parameter for PowerShell cmdlets
ryan04
ryan04
Posts: 66

Would it be possible to add this setting to the search options? Some folks like it and others don't. My users don't have access to the options in our terminal server environment and would like to be able to enable/disable as needed.
https://forum.devolutions.net/topic26971-performance-issues-search.aspx


image

2 yrs Filter on Enter Only
ryan04
ryan04
Posts: 66

Is there a non-proprietary way to monitor the DVLS logs besides using syslog? I need to be able to monitor and alert on errors and can't seem to find a native method for monitoring. Every now and again, an error occur which render the service unusable but our current web service monitoring doesn't catch it. In one particular case, large batch edits cause an issue with Windows authentication for all users but none of our current monitors capture this.


Syslog would certainly work, unfortunately this is owned by the security team and is not intended for use for operational systems monitoring.

2 yrs External monitoring
ryan04
ryan04
Posts: 66

I'd like to be able to pass an elevated PSCredential for a read only user within PowerShell.


Set-RDMSession $Session -Credential (elevated-PSCredential)


This would allow me to create PowerShell macros for read only users with the ability to update the metainformation of the session. I am using a data source custom variable to pull the password of an account that has edit rights and I can use "Run As" within a template macro but this has been a bit inconsistent and requires the script to validate and change the repository which takes a bit of time.

2 yrs Credentials parameter for PowerShell cmdlets
ryan04
ryan04
Posts: 66

Thanks David. I setup a quick test database(attached). It's rather basic using Host session and a couple template types. I don't think I can send a personal credential, but if you create a "my personal credential" with the Password List type, then user override credentials for one of the test servers... this will replicate the dual password prompt. With the latest addition of "allow credentials only" in the password vault, this might be a moot point as users can create as many username\password credentials as they want.


If you modify the test host sessions and credentials to a value that is functional, close with multiple active sessions, then reopen... you will get this prompt.

image


While this will reopen the session, it does not take into account the credential or template that was previously used and prompts again for credential and template. With a large list of opened sessions... it's nearly impossible to identify what device you are connecting to. When prompted again for credentials and/or template.... What is RDM trying to connect to? Which credential to use? What template? Etc.


Regarding repositories, the Restore Connections only pulls information from the currently logged on data source when RDM is first launched.

  • Create two repositories. Set one to "always log on to" in the data source properties.
  • In the other repository, create and connect to multiple sessions (close RDM with active sessions)
When opening RDM, it will logon to the specified data source that had no active sessions and will not prompt to open previous sessions even when changing repositories.


The ideal behavior (at least for us) would be that the previous session, the credential, and the template are all stored and passed through automatically. Preferably when changing repositories rather than just at application start.

2 yrs (Templates) Password List Credential - Open existing sessions
ryan04
ryan04
Posts: 66

Would it be possible to include a Credential parameter for Set-RDMSession and Set-RDMSessionProperty? My users are read only, but I'd like to be able to elevate their access via a macro or tool so they can modify specific session properties. I've had some pretty inconsistent results attempting to "Run As Different User" on a PowerShell session.

2 yrs Credentials parameter for PowerShell cmdlets
ryan04
ryan04
Posts: 66

Thank you!

2 yrs Disabling import features
ryan04
ryan04
Posts: 66

My users really like the password list credential type. The challenge is that they are prompted twice when sending to a template (for obvious reasons). Would it be possible to pass the selected Password List item as a "converted" username\password credential type?


This also presents a couple challenges when using the "Open existing sessions" option with the password list (or any prompt for credentials). When selecting the option to connect previous sessions on open, they are initially prompted for a password and then a template (with no indication of what system they are connecting to).


Could the credential (possibly index number of password list) and thetemplate ID's be saved and passed to RDM so it doesn't require any action on the users part?


If not, would it be possible to identify what session they are connecting to in the password or template prompt?


Lastly (and likely a major architecture change) , could open previous sessions be allowed to execute against all repositories? Currently, users are only prompted to open sessions within the repository they login to initially.

  • An alternative might be to be able to prompt as they switch repositories?
  • Most of our users will work in a single repository however, we currently force all users into an initial repository that contains a knowledgebase on how to use the product (for new users). If we change this to "last used repository", new users will get a seemingly random (I think alphabetical) repository which they likely don't have permissions for. If we could force new users into a default repository, we could enable 'last used repository" for everyone else.
  • Prompt for repository on open

Sorry for being so long winded. smile

2 yrs (Templates) Password List Credential - Open existing sessions
ryan04
ryan04
Posts: 66

You can do this with Macro's and templates fairly easily by creating a new file explorer template. In the template - use \\$HOST$\C$ in the folder field. You can just use open with template or create a Macro using the "Template" type and point it to the new file explorer template you created. This will work as a subconnection as well by using $PARENT_HOST$ but then you have to create entries for every object.
Using a PowerShell template type you could query the system for all available shares and have a user selection popup to choose which share they want to connect to.
I'm not familiar with what features are available in the free version but the enterprise version is worth every penny.

2 yrs Administration Tab
ryan04
ryan04
Posts: 66

I have been using Open-RDMQuickConnect in a lot of my macros and was looking to add additional parameters. I have been doing this using templates but had a thought that allowing it to dynamically build the session in PowerShell would allow me a lot more granular control of how to display the information. For example, I have a PowerShell macro that executes performance counters against a remote system. It then analyzes the performance metrics, applies thresholds, and provides an HTML report using Open-RDMQuickConnect to embed the report in the RDM UI.

Example 1:
.\script.ps1
$URL = [system.Uri]$global:oPal.ArgsProcessed.HtmlOutputFileName | Select-Object AbsoluteUri -ExpandProperty AbsoluteUri
[System.String]$Template = (Get-RDMTemplate | Where-Object { $_.Name -eq 'HTML Report Viewer' } | Select-Object ID -ExpandProperty ID)

Open-RDMQuickConnect -Host $URL -TemplateID $Template


Example 2:
.\script.ps1
Copy-Item (Get-ChildItem '\\$PARENT_IP$\c$\PerfLogs\perfmon.blg') -Destination $env:temp\$PARENT_NAME$.blg -Force

[System.String]$Template = (Get-RDMTemplate | Where-Object { $_.Name -eq 'External Command' } | Select-Object ID -ExpandProperty ID)
Open-RDMQuickConnect -Host "$env:TEMP\$PARENT_NAME$.blg" -TemplateID $Template

.
This actually works very well... except the quick connect cmdlet only has a small number of parameters available I can use (Host, Template, etc.). I'm limited to what I statically defined in the template.
.
Example enhancement:
.\script.ps1
$Session = New-RDMSession -Name $scriptvar -Type $scriptvar1
$session.element1 = $scriptvar1

$session.element2 = $scriptvar2


$session.element3 = $scriptvar3

$etc.etc.etc
Open-RDMQuickConnect -Session $Session
.
Notice that I never actually save the New-RDMSession. Since the data processed by the script is different for every asset I run against, I could... say change the tab color to red for a perfmon counter that is over threshold. Really, the options are endless at that point.

2 yrs Powershell : execute temporary sessions using Open-RDMQuickConnect
ryan04
ryan04
Posts: 66

Would it be possible to add Events to Macro\Script\Tools? We are currently adding validation prompts in the scripts but it would be nice to have it in a unified UI. Some of our macro's make system changes and we want to make sure that a user doesn't click on them accidentally.

We can sort of get around this for some things by using the macro to kick off a template but prefer not to have so many templates. BTW... LOVE, LOVE, LOVE the new template options (allow for import, host, etc). Great addition!


image

2 yrs Add events option to macro sessions
ryan04
ryan04
Posts: 66

... not sure how I missed that one. #facepalm

Hammer Time

RTFM

2 yrs Open with parameters
ryan04
ryan04
Posts: 66

Rather than having multiple RDP\SSH templates with different Gateway settings, would it be possible to allow the VPN settings configured in the Host session override the template (if not defined in the template)?
Another option would be to allow for a prompt for gateway option (if unable to ping\scan) that can be set in the template and would pull from a list of available sessions within a specific folder.
Personally, I like the prompt for gateway option.

2 yrs Passing VPN settings from Host session to template
ryan04
ryan04
Posts: 66

Sorry Mark, I didn't think I was clear. I do not want the "Open with parameters" option in the context menu. In 13.0.4, I was able to remove the option by disabling "Allow special open actions in dashboard".
image


image

2 yrs Open with parameters
ryan04
ryan04
Posts: 66

Hi Mark, I'm testing the latest beta 13.0.8 and discovered this issues if that provides additional insight. I can download and test the 13.0.6 version as well if need be.
To be clear, I do not want the "Open with parameters" in the context menu.

2 yrs Open with parameters
ryan04
ryan04
Posts: 66

Ah, I misunderstood. Yes, I would like to be able to hide the import options from the private vault.

2 yrs Disabling import features
ryan04
ryan04
Posts: 66

In v13.0.4.0 when disallowing "Allow special open actions in dashboard", this also disabled the "Open with parameters" in the context menu.
After 13.0.4.0, unchecking this option will allow the context menu, but enabling it again will not hide it. Did this setting get separated and available elsewhere?

2 yrs Open with parameters
ryan04
ryan04
Posts: 66

Thanks! I haven't been able to find the setting to disallow the import features you mention. I have a read-only account with explicit "None" in the user privileges (Import and Export). In the client settings, I have Include Import/Export Menus unchecked but I am still able to use the import functions in the private vault and it will create session types that I have explicitly disallowed.

Is there a setting elsewhere that I missed?

2 yrs Disabling import features
ryan04
ryan04
Posts: 66

Thank you!

2 yrs Force loading of default.cfg
ryan04
ryan04
Posts: 66

I was trying to find a short term solution rather than waiting for new features to be released. You guys are really on top of things in regards to releasing new features... but I'll have to wait for an actual release (not beta) before I can deploy in production.
Either option would be fine. The ultimate goal is to enable the private vault for credential objects only. If there is not an existing method to remove the import features, my preference would be to wait for the "credentials only" private vault.

  • Ability to remove the import options from the New Entry dialog or disable the import functions altogether
  • Credentials only private vault setting

2 yrs Disabling import features
ryan04
ryan04
Posts: 66

Is there a way to disable the import options in the Add New Entry dialog? I have Import\Export disabled in the context menu but need to remove it completely. I have a feature request submitted to lock down the private vault to allow credentials only but in the short term, if I can hide\disable the import options from showing, this could be a good temporary solution.

2 yrs Disabling import features
ryan04
ryan04
Posts: 66

Would it be possible to add force loading of the default.cfg file through the group policy settings? Maurice touched on this a couple years ago in this thread (https://forum.devolutions.net/topic26615-terminal-server-deployment-best-practices.aspx) but I haven't seen any other discussion regarding it. We have hundreds of users on terminal services and no matter how many times we tell them to always choose "Use new config (lose mine)", they inevitably ignore it. This causes us to deploy a new configuration file for hundreds of users because of one... (expletive) person.
If the user chooses to ignore the new configuration file when presented with the dialog below, he will not be presented with the choice until the date/time of the default.cfg file has changed.

2 yrs Force loading of default.cfg
ryan04
ryan04
Posts: 66

Ah... that might help smile The prompt from the first screenshot is when using Credential Repository - Prompt on Connection


image

2 yrs My Credential option in Credential List
ryan04
ryan04
Posts: 66

Thanks Erica. The PowerShell commands for setting the personal credentials does exist. The only challenge is the ability to use something other than the basic username\password credential type. As a short term workaround, I've created a session that deletes their local credentials.rdt file, and when executing a future session using "My Credentials", they are prompted through the UI to recreate it (with all of the allowed credential types).
What I was hoping for was a way to kick off the GUI for "My Personal Credentials" to allow them to edit their existing credential. This is particularly useful with the "Password List" credential that everyone (for obvious reasons) is using. Recreating a large password list every time they change or add a password is particularly painful.

2 yrs My Personal Credentials vs Personal Vault
ryan04
ryan04
Posts: 66

The only concern would be the additional options for "Use Session Credentials" or "Use Tools Credentials" that is available in the parameters UI. We have service accounts in these fields that shouldn't be used for interactive sessions.

2 yrs My Credential option in Credential List
ryan04
ryan04
Posts: 66

I noticed this is already available in the "Open with Credential" option within parameters. Maybe just a UI change to include it in the "Prompt for Credentials" dialog?
image

2 yrs My Credential option in Credential List
ryan04
ryan04
Posts: 66

Would it be difficult to add an option to use "My Credential" in the credential list when using "Prompt for Credentials". Either add it to the searchable Credentials list or a button on the custom tab?
image

2 yrs My Credential option in Credential List
ryan04
ryan04
Posts: 66

smile looking forward to it!

2 yrs Dynamic template list ...
ryan04
ryan04
Posts: 66

Did you give everyone the day off today except yourself? smile

Yes, that is very useful for restricting access to the macro so that it shows up for some users but not others. In the use case above, it restricts their access completely rather than just hiding it from the navigation pane. I would still want them to see and be able to execute the macros in the dashboard (as well as credentials)

2 yrs Hide from Users\Read-Only Users (Navigation pane) - Apply macros to folders