Public/Test-PVWAServer.ps1

Function Test-PVWAServer {
    <#
.SYNOPSIS
    This Function Tests a specified PVWA Address point with a provided Connection Account and Server
    Function Assumes the Test Account has both RDP and ADMIN access on the specified Test Server
.NOTES
    Name: Start-PVWAPSMValidation
    Author: Luke Hagar
    Version: 1.0
    DateCreated: 6/1/2021
 
.Parameter TestServer
    Server to Generate a connection to with the Test Account
 
.Parameter TestAccount
    User to Generate a connection with to the Test Server
 
.Parameter ConnectionAddress
    Connection address to Run New-PASSession Against
    Provide Full BaseURI in general format of "https://myvault.wholefoods.com"
 
.Parameter StartTime
 
.EXAMPLE
    Get-Certificates -ComputerName Hostname1
.LINK
     
#>

    [CmdletBinding()]
    param (
        [Parameter(
            valuefrompipelinebypropertyname
        )]
        $TestServer,
        [Parameter(
            valuefrompipelinebypropertyname
        )]
        $TestAccount,
        [Parameter(
            valuefrompipelinebypropertyname
        )]
        [String]
        $ConnectionAddress,
        [Parameter(
            valuefrompipelinebypropertyname
        )]
        [pscredential]
        $SafeCredential,
        [Parameter(
            valuefrompipelinebypropertyname
        )]
        [string]
        $LogLocation = "C:\temp\CyberArk Testing\PVWA"
    )

    Begin {
        Try { Close-PASSession }
        Catch { } 
    }
    Process {
        #region Variable Instantiation
        $StartTime = (Get-Date)
        $TestResult = $null
        Add-Type -AssemblyName PresentationFramework
        Write-Verbose "Starting PVWA Session"
        If ($null -eq $SafeCredential) {
            $RunningUser = Get-UserInfo
            $SafeCredential = Get-Credential -UserName $RunningUser.UserPrincipalName -Message "Provide Credentials for CyberArk Password Vault"
        }
        if ($null -ne $SafeCredential) {
            [System.Windows.MessageBox]::Show('Please Approve the Sign in Request on the Microsoft Authenticator app', 'CyberArk Connection Process', 'Ok') | Out-Null
            New-PASSession -Credential $SafeCredential -BaseURI $ConnectionAddress -type RADIUS
        } 
        else {
            Throw "No Credentials Provided"
        }
        Write-Verbose "Validatiing Provided Account"
        $TestAccount = Get-PASAccount -id $TestAccount.id | Select-Object *
        $TestAccountCredential = Get-PASAdminCredential $TestAccount
        If (!(Test-Path $LogLocation)) {
            New-Item -ItemType Directory $LogLocation 
        }
        #endregion Variable Instantiation

        Write-Host ""
        Write-Host "Testing Connection Point: $ConnectionAddress"
        Write-Host "Server: $TestServer"
        Write-Host "Account: $TestAccount"
        Write-Host "Test Start Time: $StartTime"
        Write-Host ""

        Write-Verbose "Generating RDP File"
        $RDPFile = New-PASPSMSession -AccountID $TestAccount.id -PSMRemoteMachine $TestServer -ConnectionComponent PSM-RDP
        $RDPFileFullPath = $RDPFile.FullName
        if (Test-Path $RDPFileFullPath) {
            Write-Host "$TestServer RDP File Created Successfully" -ForegroundColor Green
            Write-Host $RDPFileFullPath
            Write-Host ""
            Write-Host "Starting RDP Connection" -ForegroundColor Green
            $RDPProcess = Start-Process $RDPFileFullPath -PassThru
            Write-Host "Waiting 20 Seconds" -ForegroundColor Green
            Start-Sleep -Seconds 20
            Write-Host "Ending RDP Connection" -ForegroundColor Green
            Stop-Process $RDPProcess
        }
        else {
            Throw "
    RDP File Generation Failed
    ($TestServer)
    ($TestAccount)
    ($ConnectionAddress)"

        }

        Try { 
            #TODO Investigate the proper use of this command, possibly with Privileges
            #cant test yet, appears to require CyberArk Admin privileges
            Get-PASPSMSession 
        }

        Catch {
            #Query Server directly with the same account that is used to connect - Assumes Account also has admin on server not just RDP privileges
            $LogData = Get-Winevent -Credential $TestAccountCredential -Computer $TestServer -FilterHashtable @{Logname = 'security'; ID = 4624; StartTime = $StartTime }
            $ParsedLogData = $LogData | Get-WinEventData | Select-Object * | Where-Object { $_.EventDataTargetUserName -eq $TestAccount.Username }
            If ($ParsedLogData.EventDataTargetUserName -contains $TestAccount.Username) {
                Foreach ($Log in $ParsedLogData) {
                    If ($Log.KeywordsDisplayNames -contains "Audit Success") {
                        $TestResult = "Success"
                        Break
                    }
                    else {
                        $TestResult = "Failure"
                    }
                    Write-Host "Login Data from $TestServer shows $($Log.KeywordsDisplayNames) for $($Log.EventDataTargetUserName) at $($Log.TimeCreated)"
                }
            }
            Else {
                Write-Error "Login Logs from server do not show authentication events with the specified connection account"
            }
            $LogData | Export-CSV "$LogLocation\LogData.csv"
            $ParsedLogData | Export-CSV "$LogLocation\ParsedLogData.csv"
        }
        Return [PSCustomObject]@{
            TestServer        = $TestServer
            TestAccount       = $TestAccount
            ConnectionAddress = $ConnectionAddress
            RDPFilePath       = $RDPFileFullPath
            LogLocation       = $LogLocation
            TestResult        = $TestResult
        }
    }
    End {
        Try { Close-PASSession }
        Catch { } 
    }
}