Tag : pouvoirs

Create the credential files (on a ControlUp Monitor machine) required by script actions that use the ControlUp Streaming Database.
Stored in %ALLUSERSPROFILE%ControlUpScriptingSupport but the API key stored in the files can only be decrypted by the Windows user that created that file.
This script should be run on the same machine and as the same Windows user that will run the scripts that interact with the ControlUp Streaming DB.
The script will overwrite any existing CU API key for the user.

Searches one or more Azure Tenants for Certificates and Client Secrets. The script reports on all credentials discovered, with their expiry date and a 'hint' that identifies the secret.
If expired or soon-to-expire credentials are discovered, an event log is written - this can be used as a trigger to generate an alert
The Application specified in the credential set must have the following permissions:
Application.Read.All (mandatory) - to read the secret metadata attached to the application
User.Read.All (mandatory) - to report the owner name and contact details
Directory.Read.All (optional) - to report the tenant name

Create the credential files (locally) required by the Azure script actions.
Stored in %ALLUSERSPROFILE%ControlUpScriptingSupport but the client secret stored in the files can only be decrypted by the Windows user that created that file.
The files created contain the tenant id in the file name so that a single Windows user can have credential files for multiple tenants. Original Azure scripts did have this feature and the files contained the tenant id so only a single file can exist - this script creates both credential files so both new and old Azure script actions can be run.
The script willl overwrite any existing credential files for the user and tenant.

Create the credential files (locally) required by the Citrix Cloud script actions.
Stored in %ALLUSERSPROFILE%ControlUpScriptingSupport but the client secret stored in the files can only be decrypted by the Windows user that created that file.
The files created contain the tenant id in the file name so that a single Windows user can have credential files for multiple tenants. Original Azure scripts did have this feature and the files contained the tenant id so only a single file can exist - this script creates both credential files so both new and old Azure script actions can be run.
The script willl overwrite any existing credential files for the user and tenant.

La connexion à un serveur Horizon Connection est nécessaire pour exécuter les scripts Horizon. Le serveur ne permet pas l'authentification passthrough (Active Directory). Pour permettre aux scripts de s'exécuter sans demander un mot de passe à chaque fois (comme dans les actions automatisées), un objet PSCredential doit être stocké sur chaque appareil cible (c'est-à-dire chaque machine qui sera utilisée pour exécuter les scripts Horizon). Ce script peut créer cet objet PSCredential sur les cibles.
LES OBJETS PSCREDENTIIAL NE PEUVENT ÊTRE UTILISÉS QUE PAR L'UTILISATEUR QUI A CRÉÉ L'OBJET ET SUR LA MACHINE SUR LAQUELLE L'OBJET A ÉTÉ CRÉÉ.
- L'utilisateur qui crée le fichier doit avoir un profil local lors de la création du fichier. Il s'agit d'une limitation de Powershell

Historique des modifications : 20/08/2019 - Anthonie de Vreede - Première version
03/06/2020 - Wouter Kursten - Deuxième version

Changelog ;
Deuxième version
- Vérification de l'existence d'un profil local
- modification du message d'erreur en cas d'échec de la création du fichier xml