-
Notifications
You must be signed in to change notification settings - Fork 75
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #94 from krikk/master
Support for the new LAPS (April 2023 Update)
- Loading branch information
Showing
2 changed files
with
103 additions
and
1 deletion.
There are no files selected for viewing
2 changes: 1 addition & 1 deletion
2
...ft/Windows/LAPS (Windows PowerShell).rdfe → ...PS (deprecated) (Windows PowerShell).rdfe
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1 +1 @@ | ||
| {"Name":"Dynamic Folder Export","Objects":[{"Type":"DynamicFolder","Name":"Server (LAPS)","Notes":"<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">\r\n<html xmlns=\"http://www.w3.org/1999/xhtml\">\r\n\t<head>\r\n\t\t<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" /><title>\r\n\t\t</title>\r\n\t\t<style type=\"text/css\">\r\n\t\t\t.cs2654AE3A{text-align:left;text-indent:0pt;margin:0pt 0pt 0pt 0pt}\r\n\t\t\t.csAF99984B{color:#000000;background-color:transparent;font-family:Calibri;font-size:14pt;font-weight:bold;font-style:normal;}\r\n\t\t\t.csC8F6D76{color:#000000;background-color:transparent;font-family:Calibri;font-size:11pt;font-weight:normal;font-style:normal;}\r\n\t\t\t.cs26DADAAD{color:#000000;background-color:transparent;font-family:Calibri;font-size:11pt;font-weight:normal;font-style:normal;text-decoration: none;}\r\n\t\t\t.csCCA9035D{color:#0000FF;background-color:transparent;font-family:Calibri;font-size:11pt;font-weight:normal;font-style:normal;text-decoration: underline;}\r\n\t\t\t.csCB8A910D{color:#000000;background-color:transparent;font-family:Calibri;font-size:12pt;font-weight:bold;font-style:normal;}\r\n\t\t\t.cs9579B52F{color:#3C3C3C;background-color:transparent;font-family:Calibri;font-size:11pt;font-weight:bold;font-style:italic;}\r\n\t\t\t.cs56A2682C{color:#3C3C3C;background-color:transparent;font-family:Calibri;font-size:11pt;font-weight:normal;font-style:normal;}\r\n\t\t\t.cs747BF1FB{color:#000000;background-color:transparent;font-family:Calibri;font-size:11pt;font-weight:bold;font-style:italic;}\r\n\t\t\t.cs6DC30935{color:#3C3C3C;background-color:transparent;font-family:Calibri;font-size:11pt;font-weight:normal;font-style:normal;text-decoration: none;}\r\n\t\t</style>\r\n\t</head>\r\n\t<body>\r\n\t\t<p class=\"cs2654AE3A\"><span class=\"csAF99984B\">Local Administrator Password Solution (LAPS)</span></p><p class=\"cs2654AE3A\"><span class=\"csC8F6D76\"> </span></p><p class=\"cs2654AE3A\"><span class=\"csC8F6D76\">More information on LAPS can be found here:<br/><a class=\"cs26DADAAD\" href=\"https://www.microsoft.com/en-us/download/details.aspx?id=46899\"><span class=\"csCCA9035D\">https://www.microsoft.com/en-us/download/details.aspx?id=46899</span></a></span></p><p class=\"cs2654AE3A\"><span class=\"csC8F6D76\"> </span></p><p class=\"cs2654AE3A\"><span class=\"csCB8A910D\">Requirements:</span></p><p class=\"cs2654AE3A\"><span class=\"csC8F6D76\">The dynamic credential script executes the </span><span class=\"cs9579B52F\">Get-AdmPwdPassword</span><span class=\"cs56A2682C\"> cmdlet of the </span><span class=\"cs9579B52F\">AdmPwd</span><span class=\"cs747BF1FB\">.</span><span class=\"cs9579B52F\">PS</span><span class=\"cs56A2682C\"> module:<br/><a class=\"cs6DC30935\" href=\"https://www.powershellgallery.com/packages/AdmPwd.PS\"><span class=\"csCCA9035D\">https://www.powershellgallery.com/packages/AdmPwd.PS</span></a></span></p><p class=\"cs2654AE3A\"><span class=\"cs56A2682C\">Make sure the module is installed/available on your system!</span></p><p class=\"cs2654AE3A\"><span class=\"csC8F6D76\"> </span></p><p class=\"cs2654AE3A\"><span class=\"csCB8A910D\">Configuration:</span></p><p class=\"cs2654AE3A\"><span class=\"csC8F6D76\">The dynamic folder script creates a list of available machine from the Active Directory. Configure the </span><span class=\"cs747BF1FB\">SearchBase</span><span class=\"csC8F6D76\"> path in the </span><span class=\"cs747BF1FB\">Custom Properties</span><span class=\"csC8F6D76\">.</span></p></body>\r\n</html>\r\n","CustomProperties":[{"Name":"SearchBase","Type":"Text","Value":"OU=Server,OU=contoso,DC=com"}],"ScriptInterpreter":"powershell","DynamicCredentialScriptInterpreter":"powershell","DynamicCredentialScript":"$ErrorActionPreference = \"Stop\"\r\n\r\nImport-Module AdmPwd.PS\r\n\r\n$Pass = Get-AdmPwdPassword -Computername $Target.Name$\r\n\r\n$JSON = \"\"\r\n$JSON += \"{`n\"\r\n$JSON += \" `\"Username`\" : `\".\\\\Administrator`\",`n\"\r\n$JSON += \" `\"Password`\" : `\"$($Pass.Password)`\"`n\"\r\n$JSON += \"}`n\"\r\n\r\nWrite-Host $JSON\r\n\r\n\r\n","Script":"$ErrorActionPreference = \"Stop\"\r\n\r\n[string] $JSON = \"{ `\"Objects`\" : [ `n\"\r\n\r\n$JSON += \"{`n\"\r\n$JSON += \" `\"Type`\" : `\"DynamicCredential`\",`n\"\r\n$JSON += \" `\"Name`\" : `\"Administrator`\",`n\"\r\n$JSON += \" `\"ID`\" : `\"LAPS`\"`n\"\r\n$JSON += \"},`n\"\r\n\r\nforeach ($comp in (Get-ADComputer -SearchBase $CustomProperty.SearchBase$ -filter *))\r\n{\r\n $JSON += \"{`n\"\r\n $JSON += \" `\"Type`\" : `\"RemoteDesktopConnection`\",`n\"\r\n $JSON += \" `\"Name`\" : `\"$($comp.Name)`\",`n\"\r\n $JSON += \" `\"ComputerName`\" : `\"$($comp.DNSHostName)`\",`n\"\r\n\t$JSON += \" `\"Path`\" : `\"Connections`\",`n\"\r\n\t$JSON += \" `\"CredentialID`\" : `\"LAPS`\"`n\"\r\n $JSON += \"},`n\"\r\n}\r\n\r\n$JSON = $JSON.Substring(0, $JSON.Length - 2)\r\n$JSON += \"`n]`n}`n\"\r\n\r\nWrite-Host $JSON"}]} | ||
| {"Name":"Dynamic Folder Export","Objects":[{"Type":"DynamicFolder","Name":"Server (LAPS)","Notes":"<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">\r\n<html xmlns=\"http://www.w3.org/1999/xhtml\">\r\n\t<head>\r\n\t\t<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\" /><title>\r\n\t\t</title>\r\n\t\t<style type=\"text/css\">\r\n\t\t\t.cs2654AE3A{text-align:left;text-indent:0pt;margin:0pt 0pt 0pt 0pt}\r\n\t\t\t.csAF99984B{color:#000000;background-color:transparent;font-family:Calibri;font-size:14pt;font-weight:bold;font-style:normal;}\r\n\t\t\t.csC8F6D76{color:#000000;background-color:transparent;font-family:Calibri;font-size:11pt;font-weight:normal;font-style:normal;}\r\n\t\t\t.cs26DADAAD{color:#000000;background-color:transparent;font-family:Calibri;font-size:11pt;font-weight:normal;font-style:normal;text-decoration: none;}\r\n\t\t\t.csCCA9035D{color:#0000FF;background-color:transparent;font-family:Calibri;font-size:11pt;font-weight:normal;font-style:normal;text-decoration: underline;}\r\n\t\t\t.csCB8A910D{color:#000000;background-color:transparent;font-family:Calibri;font-size:12pt;font-weight:bold;font-style:normal;}\r\n\t\t\t.cs9579B52F{color:#3C3C3C;background-color:transparent;font-family:Calibri;font-size:11pt;font-weight:bold;font-style:italic;}\r\n\t\t\t.cs56A2682C{color:#3C3C3C;background-color:transparent;font-family:Calibri;font-size:11pt;font-weight:normal;font-style:normal;}\r\n\t\t\t.cs747BF1FB{color:#000000;background-color:transparent;font-family:Calibri;font-size:11pt;font-weight:bold;font-style:italic;}\r\n\t\t\t.cs6DC30935{color:#3C3C3C;background-color:transparent;font-family:Calibri;font-size:11pt;font-weight:normal;font-style:normal;text-decoration: none;}\r\n\t\t</style>\r\n\t</head>\r\n\t<body>\r\n\t\t<p class=\"cs2654AE3A\"><span class=\"csAF99984B\">Local Administrator Password Solution (LAPS)</span></p><p class=\"cs2654AE3A\"><span class=\"csC8F6D76\"> </span></p><p class=\"cs2654AE3A\"><span class=\"csC8F6D76\">More information on LAPS can be found here:<br/><a class=\"cs26DADAAD\" href=\"https://www.microsoft.com/en-us/download/details.aspx?id=46899\"><span class=\"csCCA9035D\">https://www.microsoft.com/en-us/download/details.aspx?id=46899</span></a></span></p><p class=\"cs2654AE3A\"><span class=\"csC8F6D76\"> </span></p><p class=\"cs2654AE3A\"><span class=\"csCB8A910D\">Requirements:</span></p><p class=\"cs2654AE3A\"><span class=\"csC8F6D76\">The dynamic credential script executes the </span><span class=\"cs9579B52F\">Get-AdmPwdPassword</span><span class=\"cs56A2682C\"> cmdlet of the </span><span class=\"cs9579B52F\">AdmPwd</span><span class=\"cs747BF1FB\">.</span><span class=\"cs9579B52F\">PS</span><span class=\"cs56A2682C\"> module:<br/><a class=\"cs6DC30935\" href=\"https://www.powershellgallery.com/packages/AdmPwd.PS\"><span class=\"csCCA9035D\">https://www.powershellgallery.com/packages/AdmPwd.PS</span></a></span></p><p class=\"cs2654AE3A\"><span class=\"cs56A2682C\">Make sure the module is installed/available on your system!</span></p><p class=\"cs2654AE3A\"><span class=\"csC8F6D76\"> </span></p><p class=\"cs2654AE3A\"><span class=\"csCB8A910D\">Configuration:</span></p><p class=\"cs2654AE3A\"><span class=\"csC8F6D76\">The dynamic folder script creates a list of available machine from the Active Directory. Configure the </span><span class=\"cs747BF1FB\">SearchBase</span><span class=\"csC8F6D76\"> path in the </span><span class=\"cs747BF1FB\">Custom Properties</span><span class=\"csC8F6D76\">.</span></p></body>\r\n</html>\r\n","CustomProperties":[{"Name":"SearchBase","Type":"Text","Value":"OU=Server,OU=contoso,DC=com"}],"ScriptInterpreter":"powershell","DynamicCredentialScriptInterpreter":"powershell","DynamicCredentialScript":"$ErrorActionPreference = \"Stop\"\r\n\r\nImport-Module AdmPwd.PS\r\n\r\n$Pass = Get-AdmPwdPassword -Computername $Target.Name$\r\n\r\n$JSON = \"\"\r\n$JSON += \"{`n\"\r\n$JSON += \" `\"Username`\" : `\".\\\\Administrator`\",`n\"\r\n$JSON += \" `\"Password`\" : `\"$($Pass.Password)`\"`n\"\r\n$JSON += \"}`n\"\r\n\r\nWrite-Host $JSON\r\n\r\n\r\n","Script":"$ErrorActionPreference = \"Stop\"\r\n\r\n[string] $JSON = \"{ `\"Objects`\" : [ `n\"\r\n\r\n$JSON += \"{`n\"\r\n$JSON += \" `\"Type`\" : `\"DynamicCredential`\",`n\"\r\n$JSON += \" `\"Name`\" : `\"Administrator`\",`n\"\r\n$JSON += \" `\"ID`\" : `\"LAPS`\"`n\"\r\n$JSON += \"},`n\"\r\n\r\nforeach ($comp in (Get-ADComputer -SearchBase $CustomProperty.SearchBase$ -filter *))\r\n{\r\n $JSON += \"{`n\"\r\n $JSON += \" `\"Type`\" : `\"RemoteDesktopConnection`\",`n\"\r\n $JSON += \" `\"Name`\" : `\"$($comp.Name)`\",`n\"\r\n $JSON += \" `\"ComputerName`\" : `\"$($comp.DNSHostName)`\",`n\"\r\n\t$JSON += \" `\"Path`\" : `\"Connections`\",`n\"\r\n\t$JSON += \" `\"CredentialID`\" : `\"LAPS`\"`n\"\r\n $JSON += \"},`n\"\r\n}\r\n\r\n$JSON = $JSON.Substring(0, $JSON.Length - 2)\r\n$JSON += \"`n]`n}`n\"\r\n\r\nWrite-Host $JSON"}]} |
102 changes: 102 additions & 0 deletions
102
Dynamic Folder/Microsoft/Windows/LAPS April 2023 (Windows PowerShell).rdfx
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,102 @@ | ||
| <DynamicFolderExport> | ||
| <Name>Dynamic Folder Export</Name> | ||
| <Objects> | ||
| <DynamicFolderExportObject> | ||
| <Type>DynamicFolder</Type> | ||
| <Name>Clients (LAPS)</Name> | ||
| <Notes><![CDATA[<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> | ||
| <html xmlns="http://www.w3.org/1999/xhtml"> | ||
| <head> | ||
| <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><title> | ||
| </title> | ||
| <style type="text/css"> | ||
| .csFC40E5FF{text-align:left;text-indent:0pt;margin:0pt 0pt 0pt 0pt} | ||
| .csAABFD46C{color:#000000;background-color:transparent;font-family:Calibri;font-size:14pt;font-weight:bold;font-style:normal;} | ||
| .cs73EF5A7D{color:#000000;background-color:transparent;font-family:Calibri;font-size:11pt;font-weight:normal;font-style:normal;} | ||
| .csE900F44F{color:#000000;background-color:transparent;font-family:Calibri;font-size:11pt;font-weight:normal;font-style:normal;text-decoration: none;} | ||
| .csD77EFB98{color:#0000FF;background-color:transparent;font-family:Calibri;font-size:11pt;font-weight:normal;font-style:normal;text-decoration: underline;} | ||
| .csD0F74F29{color:#000000;background-color:transparent;font-family:Calibri;font-size:12pt;font-weight:bold;font-style:normal;} | ||
| .cs1E274505{color:#242424;background-color:transparent;font-family:Calibri;font-size:12pt;font-weight:bold;font-style:normal;} | ||
| .cs7866C708{color:#3C3C3C;background-color:transparent;font-family:Calibri;font-size:11pt;font-weight:normal;font-style:normal;} | ||
| .csE001836B{color:#000000;background-color:transparent;font-family:Calibri;font-size:11pt;font-weight:bold;font-style:italic;} | ||
| </style> | ||
| </head> | ||
| <body> | ||
| <p class="csFC40E5FF"><span class="csAABFD46C">Local Administrator Password Solution (LAPS)</span></p><p class="csFC40E5FF"><span class="cs73EF5A7D"> </span></p><p class="csFC40E5FF"><span class="cs73EF5A7D">More information on LAPS can be found here:</span></p><p class="csFC40E5FF"><span class="cs73EF5A7D"><a class="csE900F44F" href="https://learn.microsoft.com/en-us/windows-server/identity/laps/laps-overview"><span class="csD77EFB98">https://learn.microsoft.com/en-us/windows-server/identity/laps/laps-overview</span></a></span><span class="cs73EF5A7D"> <br/> </span></p><p class="csFC40E5FF"><span class="csD0F74F29">Requirements:</span></p><p class="csFC40E5FF"><span class="cs73EF5A7D">The dynamic credential script executes the </span><span class="cs1E274505">Get-LapsADPassword</span><span class="cs7866C708"> cmdlet of the new LAPS (April 2023 Update) module:<br/>Make sure the new LAPS is installed on the System</span></p><p class="csFC40E5FF"><span class="cs73EF5A7D"> </span></p><p class="csFC40E5FF"><span class="csD0F74F29">Configuration:</span></p><p class="csFC40E5FF"><span class="cs73EF5A7D">The dynamic folder script creates a list of available machine from the Active Directory. Configure the </span><span class="csE001836B">SearchBase and Filter</span><span class="cs73EF5A7D"> path in the </span><span class="csE001836B">Custom Properties</span><span class="cs73EF5A7D">.</span></p></body> | ||
| </html> | ||
| ]]></Notes> | ||
| <CustomProperties> | ||
| <CustomProperty> | ||
| <Name>SearchBase</Name> | ||
| <Type>Text</Type> | ||
| <Value>OU=ADM01,OU=ADM,DC=vie01,DC=local</Value> | ||
| </CustomProperty> | ||
| <CustomProperty> | ||
| <Name>Filter</Name> | ||
| <Type>Text</Type> | ||
| <Value>(OperatingSystem -like "Windows 10*" -or OperatingSystem -like "Windows 11*") -and (Enabled -eq $true)</Value> | ||
| </CustomProperty> | ||
| </CustomProperties> | ||
| <ScriptInterpreter>powershell</ScriptInterpreter> | ||
| <Script><![CDATA[$ErrorActionPreference = "Stop" | ||
|
|
||
| [string] $JSON = "{ `"Objects`" : [ `n" | ||
|
|
||
| #foreach ($comp in (Get-ADComputer -SearchBase "$CustomProperty.SearchBase$" -filter *)) | ||
| foreach ($comp in (Get-ADComputer -SearchBase "$CustomProperty.SearchBase$" -Properties Description -filter '$CustomProperty.Filter$')|sort) | ||
| { | ||
| $JSON += "{`n" | ||
| $JSON += " `"Type`" : `"RemoteDesktopConnection`",`n" | ||
| $JSON += " `"Name`" : `"$($comp.Name)`",`n" | ||
| $JSON += " `"ComputerName`" : `"$($comp.DNSHostName)`",`n" | ||
| $JSON += " `"Description`" : `"$($comp.Description)`",`n" | ||
| # $JSON += " `"Path`" : `"Connections`",`n" | ||
| $JSON += " `"CredentialID`" : `"LAPS`"`n" | ||
| $JSON += "},`n" | ||
| } | ||
|
|
||
| $JSON += "{`n" | ||
| $JSON += " `"Type`" : `"DynamicCredential`",`n" | ||
| $JSON += " `"Name`" : `"LAPSAdmin`",`n" | ||
| $JSON += " `"ID`" : `"LAPS`"`n" | ||
| $JSON += "},`n" | ||
|
|
||
|
|
||
| $JSON = $JSON.Substring(0, $JSON.Length - 2) | ||
| $JSON += "`n]`n}`n" | ||
| [System.Console]::OutputEncoding = [System.Text.Encoding]::UTF8 | ||
| Write-Host $JSON]]></Script> | ||
| <DynamicCredentialScriptInterpreter>powershell</DynamicCredentialScriptInterpreter> | ||
| <DynamicCredentialScript><![CDATA[# --------------------------------------------------------------------------------------------------------------------- | ||
| # Note that the whole output of the script will be parsed as rJSON and should be UTF8 encoded | ||
| # The following lines ensure that informational cmdlet output, warnings or errors are not written to the output stream | ||
| # --------------------------------------------------------------------------------------------------------------------- | ||
| $global:ErrorActionPreference = "Stop" | ||
| $global:WarningPreference = "SilentlyContinue" | ||
| $global:InformationPreference = "SilentlyContinue" | ||
| $global:VerbosePreference = "SilentlyContinue" | ||
| $global:DebugPreference = "SilentlyContinue" | ||
| $global:ProgressPreference = "SilentlyContinue" | ||
| $global:OutputEncoding = New-Object Text.Utf8Encoding -ArgumentList (,$false) # BOM-less | ||
| [Console]::OutputEncoding = $global:OutputEncoding | ||
| # --------------------------------------------------------------------------------------------------------------------- | ||
|
|
||
| $computername = "$Target.Name$" | ||
| #$computername = "wvie01002" | ||
| $LAPS = Get-LapsADPassword -AsPlainText $computername | ||
| $Pass = $LAPS.Password | ||
| $Username = $computername + "\\" + $LAPS.Account | ||
| #$Username = (Get-LapsADPassword -AsPlainText $computername).Account | ||
|
|
||
|
|
||
|
|
||
| $JSON = "" | ||
| $JSON += "{`n" | ||
| $JSON += " `"Username`" : `"$Username`",`n" | ||
| $JSON += " `"Password`" : `"$($Pass)`"`n" | ||
| $JSON += "}`n" | ||
| [System.Console]::OutputEncoding = [System.Text.Encoding]::UTF8 | ||
| Write-Host $JSON]]></DynamicCredentialScript> | ||
| </DynamicFolderExportObject> | ||
| </Objects> | ||
| </DynamicFolderExport> |