functions/configurations/Set-TssConfigurationLocalUserPassword.ps1
|
function Set-TssConfigurationLocalUserPassword { <# .SYNOPSIS Set Local User Password configuration options .DESCRIPTION Set Local User Password configuration options .EXAMPLE $session = New-TssSession -SecretServer https://alpha -Credential $ssCred Set-TssConfigurationLocalUserPassword -TssSession $session -PasswordHistory -PasswordHistoryCount 50 Enable Password History, keeping 50 passwords of history .LINK https://thycotic-ps.github.io/thycotic.secretserver/commands/configurations/Set-TssConfigurationLocalUserPassword .LINK https://github.com/thycotic-ps/thycotic.secretserver/blob/main/src/functions/configurations/Set-TssConfigurationLocalUserPassword.ps1 .NOTES Requires TssSession object returned by New-TssSession #> [cmdletbinding(SupportsShouldProcess)] param( # TssSession object created by New-TssSession for authentication [Parameter(Mandatory,ValueFromPipeline,Position = 0)] [Thycotic.PowerShell.Authentication.Session] $TssSession, # Enable Password History [switch] $PasswordHistory, # Number of passwords stored in history, defaults to All [int] $PasswordHistoryCount = [int]::MaxValue, # Allow users to reset forgotten passwords [switch] $ResetForgottenPassword, # Enable Local User password expiration [switch] $PasswordExpiration, # Expiration in days [int] $ExpirationDay, # Expiration in hours [ValidateRange(0,24)] [int] $ExpirationHour, # Expiration in minutes [ValidateRange(0,1440)] [int] $ExpirationMinute, # Enable minimum password age [switch] $MinimumPasswordAge, # Age in days [int] $AgeDay, # Age in hours [ValidateRange(0,24)] [int] $AgeHour, # Age in minutes [ValidateRange(0,1440)] [int] $AgeMinute, # Require numbers in a password [switch] $RequireNumber, # Require symbols in a password [switch] $RequireSymbol, # Require uppercase in a password [switch] $RequireUppercase, # Require lowercase in a password [switch] $RequireLowercase ) begin { $setParams = $PSBoundParameters $invokeParams = . $GetInvokeApiParams $TssSession } process { Get-TssInvocation $PSCmdlet.MyInvocation if ($setParams.ContainsKey('TssSession') -and $TssSession.IsValidSession()) { Compare-TssVersion $TssSession '11.0.000005' $PSCmdlet.MyInvocation $uri = $TssSession.ApiUrl, 'configuration', 'local-user-passwords' -join '/' $invokeParams.Uri = $uri $invokeParams.Method = 'PATCH' $setBody = @{ data = @{ } } switch ($setParams.Keys) { 'PasswordHistory' { $enablePwdHistory = @{ dirty = $true value = [boolean]$PasswordHistory } $setBody.data.Add('enablePasswordHistory',$enablePwdHistory) } 'PasswordHistoryCount' { if ($PasswordHistoryCount -eq [int]::MaxValue) { $enableHistoryAll = @{ dirty = $true value = $true } $setBody.data.Add('passwordHistoryItemsAll',$enableHistoryAll) } else { $enableHistoryItem = @{ dirty = $true value = $PasswordHistoryCount } $setBody.data.Add('passwordHistoryItems',$enableHistoryItem) } } 'ResetForgottenPassword' { $allowForgotten = @{ dirty = $true value = [boolean]$ResetForgottenPassword } $setBody.data.Add('allowUsersToResetForgottenPasswords',$allowForgotten) } 'PasswordExpiration' { $enableExpiration = @{ dirty = $true value = [boolean]$PasswordExpiration } $setBody.data.Add('enableLocalUserPasswordExpiration',$enableExpiration) } 'ExpirationDay' { $expireDay = @{ dirty = $true value = $ExpirationDay } $setBody.data.Add('localUserPasswordExpirationDays',$expireDay) } 'ExpirationHour' { $expireHr = @{ dirty = $true value = $ExpirationDay } $setBody.data.Add('localUserPasswordExpirationHours',$expireHr) } 'ExpirationMinute' { $expireMin = @{ dirty = $true value = $Expirationminute } $setBody.data.Add('localUserPasswordExpirationMinutes',$expireMin) } 'MinimumPasswordAge' { $pwdAge = @{ dirty = $true value = [boolean]$MinimumPasswordAge } $setBody.data.Add('enableMinimumPasswordAge',$pwdAge) } 'AgeDay' { $ageD = @{ dirty = $true value = $AgeDay } $setBody.data.Add('minimumPasswordAgeDays',$ageD) } 'AgeHour' { $ageH = @{ dirty = $true value = $AgeHour } $setBody.data.Add('minimumPasswordAgeHours',$ageH) } 'AgeMinute' { $ageM = @{ dirty = $true value = $AgeMinute } $setBody.data.Add('minimumPasswordAgeMinutes',$ageM) } 'RequireNumber' { $requireNum = @{ dirty = $true value = [boolean]$RequireNumber } $setBody.data.Add('passwordRequireNumbers',$requireNum) } 'RequireSymbol' { $requireSym = @{ dirty = $true value = [boolean]$RequireSymbol } $setBody.data.Add('passwordRequireSymbols',$requireSym) } 'RequireUppercase' { $requireUpper = @{ dirty = $true value = [boolean]$RequireUppercase } $setBody.data.Add('passwordRequireUppercase',$requireUpper) } 'RequireLowercase' { $requireLower = @{ dirty = $true value = [boolean]$RequireLowercase } $setBody.data.Add('passwordRequireLowercase',$requireLower) } } $invokeParams.Body = $setBody | ConvertTo-Json if ($PSCmdlet.ShouldProcess("Local User Configuration", "$($invokeParams.Method) $($invokeParams.Uri) with:`n$($invokeParams.Body)`n")) { Write-Verbose "Performing the operation $($invokeParams.Method) $($invokeParams.Uri) with:`n$($invokeParams.Body)`n" try { $apiResponse = Invoke-TssApi @invokeParams $restResponse = . $ProcessResponse $apiResponse } catch { Write-Warning "Issue setting configuration" $err = $_ . $ErrorHandling $err } } if ($restResponse) { Write-Verbose "Setting updated successfully" } } else { Write-Warning "No valid session found" } } } |