Public/Test-PVWAServer.ps1
|
Function Test-PVWAServer { <# .SYNOPSIS This Function Tests a specified PVWA Address point with a provided Connection Account and Server Function Assumes the Test Account has both RDP and ADMIN access on the specified Test Server .NOTES Name: Start-PVWAPSMValidation Author: Luke Hagar Version: 1.0 DateCreated: 6/1/2021 .Parameter TestServer Server to Generate a connection to with the Test Account .Parameter TestAccount User to Generate a connection with to the Test Server .Parameter ConnectionAddress Connection address to Run New-PASSession Against Provide Full BaseURI in general format of "https://myvault.wholefoods.com" .Parameter StartTime .EXAMPLE Get-Certificates -ComputerName Hostname1 .LINK #> [CmdletBinding()] param ( [Parameter( valuefrompipelinebypropertyname )] [String] $TestServer, [Parameter( valuefrompipelinebypropertyname )] [String] $TestAccount, [Parameter( valuefrompipelinebypropertyname )] [String] $ConnectionAddress, [Parameter( valuefrompipelinebypropertyname )] [string] $LogLocation = "C:\temp\CyberArk Testing\PVWA" ) Begin { Try { Get-PASSession | Close-PASSession } Catch { } } Process { #region Variable Instantiation $StartTime = (Get-Date) $SafeUserCredential = Get-Credential -Message "Provide Password Vault Credentials" $TestResult = $null Add-Type -AssemblyName PresentationFramework [System.Windows.MessageBox]::Show('Please Accept the MFA Prompt', 'PVWA Connection Process', 'Ok') Write-Verbose "Starting PVWA Session" New-PASSession -Credential $SafeUserCredential -BaseURI $ConnectionAddress -Type RADIUS Write-Verbose "Validatiing Provided Account" $TestAccount = Get-PASAccount -id $TestAccount.id | Select-Object * $TestAccountCredential = Get-PASAdminCredential $TestAccount If (!(Test-Path $LogLocation)) { New-Item -ItemType Directory $LogLocation } #endregion Variable Instantiation Write-Host "Testing Connection Point: $ConnectionAddress" -ForegroundColor Blue Write-Host "Server: $TestServer " Write-Host "Account: $TestAccount" -ForegroundColor Blue Write-Host "Test Start Time: $StartTime" -ForegroundColor Blue $RDPFile = New-PASPSMSession -AccountID $TestAccount.id -PSMRemoteMachine $TestServer -ConnectionComponent PSM-RDP $RDPFileFullPath = $RDPFile.FullName if (Test-Path $RDPFileFullPath) { Write-Host "$TestServer RDP File Created Successfully" -ForegroundColor Green Write-Host $RDPFileFullPath Write-Host "" } Write-Host "Starting RDP Connection" -ForegroundColor Green $RDPProcess = Start-Process $RDPFileFullPath -PassThru Write-Host "Waiting 20 Seconds" -ForegroundColor Green Start-Sleep -Seconds 20 Write-Host "Ending RDP Connection" -ForegroundColor Green Stop-Process $RDPProcess Try { #TODO Investigate the proper use of this command, possibly with Privileges #cant test yet, appears to require CyberArk Admin privileges Get-PASPSMSession } Catch { #Query Server directly with the same account that is used to connect - Assumes Account also has admin on server not just RDP privileges $LogData = Get-Winevent -Credential $TestAccountCredential -Computer $TestServer -FilterHashtable @{Logname = 'security'; ID = 4624; StartTime = $StartTime } $ParsedLogData = $LogData | Get-WinEventData | Select-Object * | Where-Object { $_.EventDataTargetUserName -eq $TestAccount.Username } If ($ParsedLogData.EventDataTargetUserName -contains $TestAccount.Username) { Foreach ($Log in $ParsedLogData) { If ($Log.KeywordsDisplayNames -contains "Audit Success") { $TestResult = "Success" Break } else { $TestResult = "Failure" } Write-Host "Login Data from $TestServer shows $($Log.KeywordsDisplayNames) for $($Log.EventDataTargetUserName) at $($Log.TimeCreated)" } } Else { Write-Error "Login Logs from server do not show authentication events with the specified connection account" } $LogData | Export-CSV "$LogLocation\LogData.csv" $ParsedLogData | Export-CSV "$LogLocation\ParsedLogData.csv" } Return [PSCustomObject]@{ TestServer = $TestServer TestAccount = $TestAccount ConnectionAddress = $ConnectionAddress RDPFilePath = $RDPFileFullPath LogLocation = $LogLocation TestResult = $TestResult } } End { Try { Get-PASSession | Close-PASSession } Catch { } } } |