In part four of this post series, you will see how you could get the encrypted password back from the MiniWebService. You can implement this script to the ConfigMgr console, run it standalone or you can embed it for example to netECM:UserDevice.
Part 1 – Background Information
Part 2 – Solution Overview and installing MiniWebservice
Part 3 – Creating ConfigMgr Compliance Settings Item
Part 4 – Retrieve the passwords with PowerShell (This Post)
Script Flow Chart
The following diagram will illustrate the actions of the PowerShell script.
Download the Scripts
I have created different scripts for different usages. One Script returns the whole password history, the other script returns only the last password.
Then there are slightly modified scripts for the ConfigMgr console, standalone or netECM integration available. Please the correct one for your environment.
Only last Password | Password History | |
Standalone | Download | Download |
ConfigMgr Console | Download | Download |
netECM:UserDevice | Download | Download |
Customize the Script
First, we have to customize some variables in the scripts. Change the $privatekey variable to your privatekey (generated in the prerequisites step in post 3). Then you have also to specify the FQDN of the server on which the netECM:MiniWebService is installed.
Run the Scripts
Standalone
ConfigMgr Console
Create an XML file with this content and customize the orange marked parts:
<ActionDescription Class="Group" DisplayName="Local Admin Passwords" MnemonicDisplayName="Local Admin Passwords" Description="" SqmDataPoint="53" SelectionMode="Single"> <ShowOn> <string>DefaultHomeTab</string> <!-- RIBBON --> <string>ContextMenu</string> <!-- ContextMenu --> </ShowOn> <ActionGroups> <ActionDescription Class="Executable" DisplayName="Show Last Password" MnemonicDisplayName="Show Last Password" Description="" SelectionMode="Single"> <ShowOn> <string>DefaultHomeTab</string> <!-- RIBBON --> <string>ContextMenu</string> </ShowOn> <Executable> <FilePath>powershell.exe</FilePath> <Parameters> -executionpolicy bypass -file "C:\Scripts\Custom_GetAdminPW_ConfigMgrConsole_002.ps1" ##SUB:Name##</Parameters> </Executable> </ActionDescription> <ActionDescription Class="Executable" DisplayName="Show Password History" MnemonicDisplayName="Show Password History" Description="" RibbonDisplayType="TextAndSmallImage"> <ShowOn> <string>DefaultHomeTab</string> <string>ContextMenu</string> </ShowOn> <Executable> <FilePath>powershell.exe</FilePath> <Parameters>-executionpolicy bypass -file "C:\Scripts\Custom_GetOldAdminPWs_ConfigMgrConsole_002.ps1" ##SUB:Name##</Parameters> </Executable> </ActionDescription> </ActionGroups> </ActionDescription>Save the file to the following directories in the install root of your ConfigMgr Console:
- .\AdminConsole\XmlStorage\Extensions\Actions\3fd01cd1-9e01-461e-92cd-94866b8d1f39
- .\AdminConsole\XmlStorage\Extensions\Actions\ed9dee86-eadd-4ac8-82a1-7234a4646e62
The filename doesn’t care.
Restart the ConfigMgr console and you will see the new commands on every device:
netECM:UserDevice
In netECM:UserDevice it’s easy to add a device action. To use the password scripts, use these values:
Abstract
In the last four blog posts is explained how we could change admin passwords randomly on devices with built in and free tools. The scripts are provided as is, so test them well and report issues back.
- Microsoft Sentinel ASIM Parser demystified - March 31, 2024
- Enhancing Network Security Insights with IDS/IPS of Ubiquiti Dream Machine Pro and Microsoft Sentinel - March 10, 2024
- Ubiquiti Dream Machine Pro Logs to Microsoft Sentinel - February 6, 2024
0 Comments