Public/Test-PVWAServer.ps1
|
Function Test-PVWAServer { <# .SYNOPSIS This Function Tests a specified PVWA Address point with a provided Connection Account and Server Function Assumes the Test Account has both RDP and ADMIN access on the specified Test Server .NOTES Name: Start-PVWAPSMValidation Author: Luke Hagar Version: 1.0 DateCreated: 6/1/2021 .Parameter TestServer Server to Generate a connection to with the Test Account .Parameter TestAccount User to Generate a connection with to the Test Server .Parameter ConnectionAddress Connection address to Run New-PASSession Against Provide Full BaseURI in general format of "https://myvault.wholefoods.com" .Parameter StartTime .EXAMPLE Get-Certificates -ComputerName Hostname1 .LINK #> [CmdletBinding()] param ( [Parameter( valuefrompipelinebypropertyname )] $TestServer, [Parameter( valuefrompipelinebypropertyname )] $TestAccount, [Parameter( valuefrompipelinebypropertyname )] [String] $ConnectionAddress, [Parameter( valuefrompipelinebypropertyname )] [pscredential] $SafeCredential, [Parameter( valuefrompipelinebypropertyname )] [string] $LogLocation = "C:\temp\CyberArk Testing\PVWA" ) Begin { Try { Close-PASSession } Catch { } } Process { #region Variable Instantiation $StartTime = (Get-Date) $TestResult = $null Add-Type -AssemblyName PresentationFramework Write-Verbose "Starting PVWA Session" If ($null -eq $SafeCredential) { $RunningUser = Get-UserInfo $SafeCredential = Get-Credential -UserName $RunningUser.UserPrincipalName -Message "Provide Credentials for CyberArk Password Vault" } if ($null -ne $SafeCredential) { Write-Verbose "Testing Address:$ConnectionAddress with Account:$($SafeCredential.UserName)" [System.Windows.MessageBox]::Show('Please Approve the Sign in Request on the Microsoft Authenticator app', 'CyberArk Connection Process', 'Ok') | Out-Null New-PASSession -Credential $SafeCredential -BaseURI $ConnectionAddress -type RADIUS } else { Throw "No Credentials Provided" } Write-Verbose "Validatiing Provided Account" $TestAccount = Get-PASAccount -id $TestAccount.id | Select-Object * $TestAccountCredential = Get-PASAdminCredential $TestAccount If (!(Test-Path $LogLocation)) { New-Item -ItemType Directory $LogLocation } #endregion Variable Instantiation Write-Host "" Write-Host "Testing Connection Point: $ConnectionAddress" Write-Host "Server: $TestServer" Write-Host "Account: $TestAccount" Write-Host "Test Start Time: $StartTime" Write-Host "" Write-Verbose "Generating RDP File" $RDPFile = New-PASPSMSession -AccountID $TestAccount.id -PSMRemoteMachine $TestServer -ConnectionComponent PSM-RDP $RDPFileFullPath = $RDPFile.FullName if (Test-Path $RDPFileFullPath) { Write-Host "$TestServer RDP File Created Successfully" -ForegroundColor Green Write-Host $RDPFileFullPath Write-Host "" Write-Host "Starting RDP Connection" -ForegroundColor Green $RDPProcess = Start-Process $RDPFileFullPath -PassThru Write-Host "Waiting 20 Seconds" -ForegroundColor Green Start-Sleep -Seconds 20 Write-Host "Ending RDP Connection" -ForegroundColor Green Stop-Process $RDPProcess } else { Throw " RDP File Generation Failed ($TestServer) ($TestAccount) ($ConnectionAddress)" } Try { #TODO Investigate the proper use of this command, possibly with Privileges #cant test yet, appears to require CyberArk Admin privileges Get-PASPSMSession } Catch { #Query Server directly with the same account that is used to connect - Assumes Account also has admin on server not just RDP privileges $LogData = Get-Winevent -Credential $TestAccountCredential -Computer $TestServer -FilterHashtable @{Logname = 'security'; ID = 4624; StartTime = $StartTime } $ParsedLogData = $LogData | Get-WinEventData | Select-Object * | Where-Object { $_.EventDataTargetUserName -eq $TestAccount.Username } If ($ParsedLogData.EventDataTargetUserName -contains $TestAccount.Username) { Foreach ($Log in $ParsedLogData) { If ($Log.KeywordsDisplayNames -contains "Audit Success") { $TestResult = "Success" Break } else { $TestResult = "Failure" } Write-Host "Login Data from $TestServer shows $($Log.KeywordsDisplayNames) for $($Log.EventDataTargetUserName) at $($Log.TimeCreated)" } } Else { Write-Error "Login Logs from server do not show authentication events with the specified connection account" } $LogData | Export-CSV "$LogLocation\LogData.csv" $ParsedLogData | Export-CSV "$LogLocation\ParsedLogData.csv" } Return [PSCustomObject]@{ TestServer = $TestServer TestAccount = $TestAccount ConnectionAddress = $ConnectionAddress RDPFilePath = $RDPFileFullPath LogLocation = $LogLocation TestResult = $TestResult } } End { Try { Close-PASSession } Catch { } } } |