update
This commit is contained in:
Zack Meier
+27
@@ -0,0 +1,27 @@
|
||||
##### Teams Used for entire vertical teams, not specific applications, systems, or products
|
||||
New-PSUAccessControl -Role "Team-Windows" -Tag "Team-Windows_Execute" -Type "View, Execute"
|
||||
New-PSUAccessControl -Role "Team-Windows" -Tag "Team-Windows_Modify" -Type "View, Edit, Create, Delete, Execute"
|
||||
|
||||
New-PSUAccessControl -Role "Team-Network" -Tag "Team-Network_Execute" -Type "View, Execute"
|
||||
|
||||
New-PSUAccessControl -Role "Team-Linux" -Tag "Team-Linux_Execute" -Type "View, Execute"
|
||||
|
||||
New-PSUAccessControl -Role "Team-Tier2" -Tag "Team-Tier2_Execute" -Type "View, Execute"
|
||||
|
||||
New-PSUAccessControl -Role "Team-Mgmt" -Tag "Team-Mgmt_Execute" -Type "View, Execute"
|
||||
New-PSUAccessControl -Role "Team-Mgmt" -Tag "Team-Mgmt_Modify" -Type "View, Edit, Create, Delete, Execute"
|
||||
|
||||
##### Apps (or specific AppNames)
|
||||
<# New App Tag example
|
||||
New-PSUAccessControl -Role "App-Infra-XXXXX" -Tag "Infra-XXXXX_Execute" -Type "View, Execute"
|
||||
New-PSUAccessControl -Role "App-Infra-XXXXX" -Tag "Infra-XXXXX_Modify" -Type "View, Edit, Create, Delete, Execute"
|
||||
#>
|
||||
New-PSUAccessControl -Role "App-Infra-VMware" -Tag "Infra-VMware_Execute" -Type "View, Execute"
|
||||
New-PSUAccessControl -Role "App-Infra-VMware" -Tag "Infra-VMware_Modify" -Type "View, Edit, Create, Delete, Execute"
|
||||
|
||||
New-PSUAccessControl -Role "App-ITD-WindowsServer" -Tag "ITD-WindowsServer_Execute" -Type "View, Execute"
|
||||
New-PSUAccessControl -Role "App-ITD-WindowsServer" -Tag "ITD-WindowsServer_Modify" -Type "View, Edit, Create, Delete, Execute"
|
||||
|
||||
New-PSUAccessControl -Role "App-Shared-PowerSchool" -Tag "Shared-PowerSchool_Execute" -Type "View, Execute"
|
||||
New-PSUAccessControl -Role "App-Shared-PowerSchool" -Tag "Shared-PowerSchool_Modify" -Type "View, Edit, Create, Delete, Execute"
|
||||
|
||||
+14
@@ -0,0 +1,14 @@
|
||||
Set-PSUAuthenticationMethod -Type "Form" -ScriptBlock {
|
||||
param(
|
||||
[PSCredential]$Credential
|
||||
)
|
||||
|
||||
#
|
||||
# You can call whatever cmdlets you like to conduct authentication here.
|
||||
# Just make sure to return the $Result with the Success property set to $true
|
||||
#
|
||||
|
||||
New-PSUAuthenticationResult -ErrorMessage 'Bad username or password'
|
||||
}
|
||||
Set-PSUAuthenticationMethod -Type "Windows"
|
||||
Set-PSUAuthenticationMethod -Type "Saml2" -Disabled
|
||||
+87
@@ -0,0 +1,87 @@
|
||||
Set-PSUAuthenticationMethod -Type "Form" -ScriptBlock {
|
||||
param(
|
||||
[PSCredential]$Credential
|
||||
)
|
||||
|
||||
Add-Type -AssemblyName System.DirectoryServices.AccountManagement
|
||||
|
||||
# is this a UPN?
|
||||
if ( $Credential.UserName.IndexOf('@') -gt -1 ) {
|
||||
|
||||
# juggle back and forth from SID to get NTAccount format
|
||||
$NTAccountName = ([System.Security.Principal.NTAccount]$Credential.UserName).Translate([System.Security.Principal.SecurityIdentifier]).Translate([System.Security.Principal.NTAccount]).Value
|
||||
|
||||
} elseif ( $Credential.UserName.IndexOf('\') -gt -1 ) {
|
||||
|
||||
# already NTAccount format
|
||||
$NTAccountName = $Credential.UserName
|
||||
|
||||
} else {
|
||||
|
||||
# someone didn't enter their domain...
|
||||
$NTAccountName = "NDGOV\" + $Credential.GetNetworkCredential().UserName
|
||||
|
||||
}
|
||||
|
||||
# split domain and username
|
||||
$DomainName, $UserName = $NTAccountName.Split('\',2)
|
||||
|
||||
# perform auth with AD
|
||||
$PrincipalContext = New-Object System.DirectoryServices.AccountManagement.PrincipalContext( 'Domain', $DomainName )
|
||||
$Authenticated = $PrincipalContext.ValidateCredentials( $UserName, $Credential.GetNetworkCredential().Password, 'Negotiate, Sealing' )
|
||||
|
||||
if ( $Authenticated ) {
|
||||
|
||||
# discover the user principal, needed for the user DN
|
||||
$UserPrincipal = [System.DirectoryServices.AccountManagement.UserPrincipal]::FindByIdentity($PrincipalContext, [System.DirectoryServices.AccountManagement.IdentityType]::SamAccountName, $NTAccountName )
|
||||
|
||||
# get the user's domain
|
||||
#$UserDomainContext = [System.DirectoryServices.ActiveDirectory.DirectoryContext]::new( 'Domain', $DomainName, $Credential.UserName, $Credential.GetNetworkCredential().Password )
|
||||
#$UserDomain = [System.DirectoryServices.ActiveDirectory.Domain]::GetDomain( $UserDomainContext )
|
||||
|
||||
# get the computer's domain
|
||||
#$ComputerDomain = [System.DirectoryServices.ActiveDirectory.Domain]::GetComputerDomain()
|
||||
|
||||
# hold all the user groups
|
||||
[System.Collections.Generic.List[hashtable]]$Groups = @()
|
||||
|
||||
# get groups from user's domain
|
||||
[adsisearcher]::new( $UserDomain.GetDirectoryEntry(), "(&(objectCategory=group)(objectClass=group)(member:1.2.840.113556.1.4.1941:=$($UserPrincipal.DistinguishedName)))", @('name') ).FindAll().ForEach({
|
||||
|
||||
$Groups.Add(@{
|
||||
Type = 'Group'
|
||||
Value = $_.Properties['name'][0]
|
||||
Issuer = $UserDomain.Name
|
||||
})
|
||||
|
||||
})
|
||||
<#
|
||||
# get groups from the computer's domain (if different)
|
||||
if ( $UserDomain.Name -ne $ComputerDomain.Name ) {
|
||||
|
||||
# lookup the user's foreign security principal in the computer's domain
|
||||
$ForeignSecurityPrincipal = [adsisearcher]::new( $ComputerDomain.GetDirectoryEntry(), "(&(objectCategory=foreignSecurityPrincipal)(objectClass=foreignSecurityPrincipal)(name=$($UserPrincipal.Sid)))", @('distinguishedName') ).FindOne().Properties['distinguishedName'][0]
|
||||
|
||||
# find all the group memberships
|
||||
[adsisearcher]::new( $ComputerDomain.GetDirectoryEntry(), "(&(objectCategory=group)(objectClass=group)(member:1.2.840.113556.1.4.1941:=$ForeignSecurityPrincipal))", @('name') ).FindAll().ForEach({
|
||||
|
||||
$Groups.Add(@{
|
||||
Type = 'Group'
|
||||
Value = $_.Properties['name'][0]
|
||||
Issuer = $ComputerDomain.Name
|
||||
})
|
||||
|
||||
})
|
||||
|
||||
}
|
||||
#>
|
||||
New-PSUAuthenticationResult -Success -UserName $UserPrincipal.UserPrincipalName -Claims {
|
||||
$Groups | ForEach-Object { New-PSUAuthorizationClaim @_ }
|
||||
}
|
||||
|
||||
} else {
|
||||
|
||||
New-PSUAuthenticationResult -ErrorMessage 'Bad username or password :)'
|
||||
|
||||
}
|
||||
}
|
||||
+86
@@ -0,0 +1,86 @@
|
||||
Set-PSUAuthenticationMethod -Type "Form" -ScriptBlock {
|
||||
param(
|
||||
[PSCredential]$Credential
|
||||
)
|
||||
|
||||
Add-Type -AssemblyName System.DirectoryServices.AccountManagement
|
||||
|
||||
# is this a UPN?
|
||||
if ( $Credential.UserName.IndexOf('@') -gt -1 ) {
|
||||
|
||||
# juggle back and forth from SID to get NTAccount format
|
||||
$NTAccountName = ([System.Security.Principal.NTAccount]$Credential.UserName).Translate([System.Security.Principal.SecurityIdentifier]).Translate([System.Security.Principal.NTAccount]).Value
|
||||
|
||||
} elseif ( $Credential.UserName.IndexOf('\') -gt -1 ) {
|
||||
|
||||
# already NTAccount format
|
||||
$NTAccountName = $Credential.UserName
|
||||
|
||||
} else {
|
||||
|
||||
# someone didn't enter their domain...
|
||||
$NTAccountName = "NDGOV\" + $Credential.GetNetworkCredential().UserName
|
||||
|
||||
}
|
||||
|
||||
# split domain and username
|
||||
$DomainName, $UserName = $NTAccountName.Split('\',2)
|
||||
|
||||
# perform auth with AD
|
||||
$PrincipalContext = New-Object System.DirectoryServices.AccountManagement.PrincipalContext( 'Domain', $DomainName )
|
||||
$Authenticated = $PrincipalContext.ValidateCredentials( $UserName, $Credential.GetNetworkCredential().Password, 'Negotiate, Sealing' )
|
||||
|
||||
if ( $Authenticated ) {
|
||||
|
||||
# discover the user principal, needed for the user DN
|
||||
$UserPrincipal = [System.DirectoryServices.AccountManagement.UserPrincipal]::FindByIdentity($PrincipalContext, [System.DirectoryServices.AccountManagement.IdentityType]::SamAccountName, $NTAccountName )
|
||||
|
||||
# get the user's domain
|
||||
$UserDomainContext = [System.DirectoryServices.ActiveDirectory.DirectoryContext]::new( 'Domain', $DomainName, $Credential.UserName, $Credential.GetNetworkCredential().Password )
|
||||
$UserDomain = [System.DirectoryServices.ActiveDirectory.Domain]::GetDomain( $UserDomainContext )
|
||||
|
||||
# get the computer's domain
|
||||
#$ComputerDomain = [System.DirectoryServices.ActiveDirectory.Domain]::GetComputerDomain()
|
||||
|
||||
# hold all the user groups
|
||||
[System.Collections.Generic.List[hashtable]]$Groups = @()
|
||||
|
||||
# get groups from user's domain
|
||||
#[adsisearcher]::new( $UserDomain.GetDirectoryEntry(), "(&(objectCategory=group)(objectClass=group)(member:1.2.840.113556.1.4.1941:=$($UserPrincipal.DistinguishedName)))", @('name') ).FindAll().ForEach({
|
||||
[adsisearcher]::new( $UserDomain.GetDirectoryEntry(), "(&(objectCategory=group)(objectClass=group)(member:1.2.840.113556.1.4.1941:=$($UserPrincipal.DistinguishedName))(name=ITD-PSUniversal-*))", @('name') ).FindAll().ForEach({
|
||||
$Groups.Add(@{
|
||||
Type = 'Group'
|
||||
Value = $_.Properties['name'][0]
|
||||
Issuer = $UserDomain.Name
|
||||
})
|
||||
})
|
||||
<#
|
||||
# get groups from the computer's domain (if different)
|
||||
if ( $UserDomain.Name -ne $ComputerDomain.Name ) {
|
||||
|
||||
# lookup the user's foreign security principal in the computer's domain
|
||||
$ForeignSecurityPrincipal = [adsisearcher]::new( $ComputerDomain.GetDirectoryEntry(), "(&(objectCategory=foreignSecurityPrincipal)(objectClass=foreignSecurityPrincipal)(name=$($UserPrincipal.Sid)))", @('distinguishedName') ).FindOne().Properties['distinguishedName'][0]
|
||||
|
||||
# find all the group memberships
|
||||
[adsisearcher]::new( $ComputerDomain.GetDirectoryEntry(), "(&(objectCategory=group)(objectClass=group)(member:1.2.840.113556.1.4.1941:=$ForeignSecurityPrincipal))", @('name') ).FindAll().ForEach({
|
||||
|
||||
$Groups.Add(@{
|
||||
Type = 'Group'
|
||||
Value = $_.Properties['name'][0]
|
||||
Issuer = $ComputerDomain.Name
|
||||
})
|
||||
|
||||
})
|
||||
|
||||
}
|
||||
#>
|
||||
New-PSUAuthenticationResult -Success -UserName $UserPrincipal.UserPrincipalName -Claims {
|
||||
$Groups | ForEach-Object { New-PSUAuthorizationClaim @_ }
|
||||
}
|
||||
|
||||
} else {
|
||||
|
||||
New-PSUAuthenticationResult -ErrorMessage 'Bad username or password :)'
|
||||
|
||||
}
|
||||
}
|
||||
+6
@@ -0,0 +1,6 @@
|
||||
New-PSUApp -Name "PSUVariableReview" -FilePath "dashboards\PSUVariableReview\PSUVariableReview.ps1" -BaseUrl "/PSUVariableReview" -Authenticated -AutoDeploy
|
||||
New-PSUApp -Name "Infra-VMware_Snapshot" -FilePath "dashboards\Infra-VMware_Snapshot\Infra-VMware_Snapshot.ps1" -BaseUrl "/Infra-VMware_Snapshot" -Authenticated -AutoDeploy
|
||||
New-PSUApp -Name "ServiceNowDumps" -FilePath "dashboards\ServiceNowDumps\ServiceNowDumps.ps1" -BaseUrl "/ServiceNowDumps" -Authenticated -AutoDeploy
|
||||
New-PSUApp -Name "NewITDADServiceAccount" -FilePath "dashboards\NewITDADServiceAccount\NewITDADServiceAccount.ps1" -BaseUrl "/NewITDADServiceAccount" -Authenticated -AutoDeploy
|
||||
New-PSUApp -Name "ITD-WindowsServer_FileManagement" -FilePath "dashboards\ITD-WindowsServer_FileManagement\ITD-WindowsServer_FileManagement.ps1" -BaseUrl "/ITD-WindowsServer_FileManagement" -Authenticated -AutoDeploy
|
||||
New-PSUApp -Name "ServiceNow" -FilePath "dashboards\ServiceNow\ServiceNow.ps1" -BaseUrl "/ServiceNow" -Authenticated -AutoDeploy
|
||||
+107
@@ -0,0 +1,107 @@
|
||||
New-PSUEndpoint -Url "/Get-ITDService" -Method @('GET') -Endpoint {
|
||||
# Enter your script to process requests.
|
||||
$GetServiceParams = @{}
|
||||
If ($Name) {
|
||||
#$GetServiceParams.Name = $Name
|
||||
}
|
||||
Else {
|
||||
# Write-Error "Please add query string to Url" # moar notes
|
||||
}
|
||||
|
||||
If ($ComputerName) {
|
||||
$ComputerName = $ComputerName -split ','
|
||||
}
|
||||
Else {
|
||||
$ComputerName = $env:COMPUTERNAME
|
||||
}
|
||||
|
||||
$Services = Invoke-Command -ComputerName $ComputerName -ArgumentList $Name -ScriptBlock {
|
||||
$GetServiceParams = @{
|
||||
Name = $args[0]
|
||||
}
|
||||
Get-Service @GetServiceParams -ErrorAction SilentlyContinue
|
||||
}
|
||||
|
||||
Write-Output ($Services | select pscomputername, name, displayname, status, servicetype, @{n = 'DependentServicesName'; e = { $_.servicesdependedon.name } })
|
||||
}
|
||||
New-PSUEndpoint -Url "/Get-ITDADUser" -Method @('GET') -Endpoint {
|
||||
#If($Identity){
|
||||
# Get-ADUser -Identity $Identity -Properties LockedOut,MemberOf
|
||||
# }
|
||||
|
||||
|
||||
|
||||
Invoke-PSUScript -Script 'Get-ITDADUser_script.ps1' -Identity $Identity -Wait
|
||||
} -Authentication -Role @('ITD-PSUniversal-API-Execute')
|
||||
New-PSUEndpoint -Url "/Get-ITDADGroup" -Method @('GET') -Endpoint {
|
||||
If ($Identity) {
|
||||
Get-ADGroup -Identity $Identity
|
||||
}
|
||||
}
|
||||
New-PSUEndpoint -Url "/Get-ITDADGroupMember" -Method @('GET') -Endpoint {
|
||||
# test notes
|
||||
If ($Identity) {
|
||||
Get-ADGroupMember -Identity $Identity | select SamAccountName, Name, DistinguishedName
|
||||
}
|
||||
}
|
||||
New-PSUEndpoint -Url "/New-ITDVMwareVMSnapshot" -Method @('POST') -Endpoint {
|
||||
$User = ConvertFrom-Json $Body
|
||||
#New-User $User
|
||||
Write-Output $User
|
||||
}
|
||||
New-PSUEndpoint -Url "/zm" -Method @('GET') -Endpoint {
|
||||
$env:username
|
||||
|
||||
Connect-ITDvCenter
|
||||
Get-Datacenter
|
||||
Disconnect-VIServer -Server * -Confirm:$false
|
||||
}
|
||||
New-PSUEndpoint -Url "/Get-ITDVMwareVM" -Method @('GET') -Endpoint {
|
||||
# Enter your script to process requests.
|
||||
Connect-ITDvCenter
|
||||
|
||||
$Names = $Name -split ','
|
||||
$Result = [System.Collections.ArrayList]@()
|
||||
|
||||
$LoopOutput = ForEach ($n in $Names) {
|
||||
$VM = Get-VM -Name $n
|
||||
$VMDisks = $VM | Get-HardDisk
|
||||
$obj = [PSCustomObject]@{
|
||||
Name = $VM.Name;
|
||||
PowerState = $VM.PowerState;
|
||||
NumCpu = $VM.NumCpu;
|
||||
MemoryGB = $VM.MemoryGB;
|
||||
ProvisionedSpaceGB = ($VMDisks | Measure-Object -Sum CapacityGB).Sum
|
||||
}
|
||||
$null = $Result.Add($obj)
|
||||
}
|
||||
#>
|
||||
|
||||
Disconnect-VIServer -Server * -Confirm:$false | Out-Null
|
||||
|
||||
Write-Output $Result
|
||||
}
|
||||
New-PSUEndpoint -Url "/SyncVMwareVMtoSharePointAPI" -Method @('GET') -Endpoint {
|
||||
# Enter your script to process requests.
|
||||
Connect-ITDvCenter
|
||||
|
||||
If ($Name) {
|
||||
$VM = Get-VM -Name $Name
|
||||
$VMDisks = $VM | Get-HardDisk
|
||||
$obj = [PSCustomObject]@{
|
||||
Name = $VM.Name;
|
||||
PowerState = $VM.PowerState;
|
||||
NumCpu = $VM.NumCpu;
|
||||
MemoryGB = $VM.MemoryGB;
|
||||
ProvisionedSpaceGB = ($VMDisks | Measure-Object -Sum CapacityGB).Sum
|
||||
}
|
||||
|
||||
Write-Output "VMware:"
|
||||
Write-Output $obj
|
||||
|
||||
Sync-ITDVMwareVMMetadataToSharePoint -ComputerName $Name
|
||||
}
|
||||
#>
|
||||
|
||||
Disconnect-VIServer -Server * -Confirm:$false | Out-Null
|
||||
}
|
||||
+5
@@ -0,0 +1,5 @@
|
||||
New-PSUEnvironment -Name "7.2.19" -Version "7.2.19" -Path "C:\Program Files\PowerShell\7\pwsh.exe" -Variables @('*') -Description "PowerShell environment for version 7.2.19. This was automatically detected on the server."
|
||||
New-PSUEnvironment -Name "Windows PowerShell 5.1" -Version "5.1.20348.2582" -Path "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Variables @('*') -Description "PowerShell environment for version 5.1.20348.2582. This was automatically detected on the server."
|
||||
New-PSUEnvironment -Name "Integrated" -Version "7.3.7" -Path "Universal.Server" -Variables @('*') -Description "An environment for running scripts directly in the PowerShell Universal server."
|
||||
New-PSUEnvironment -Name "Agent" -Version "7.3.7" -Path "Universal.Agent" -Variables @('*') -Description "An environment for running scripts in an external PowerShell Universal agent process."
|
||||
New-PSUEnvironment -Name "PowerShell 7" -Version "7.2.19" -Path "pwsh" -Variables @('*') -Description "The current version of PowerShell 7."
|
||||
+15
@@ -0,0 +1,15 @@
|
||||
$Parameters = @{
|
||||
Image = "/PSUniversal_Extras/logo.png"
|
||||
Title = "PowerShell Universal"
|
||||
Links = @(
|
||||
New-PSULoginPageLink -Text 'ServiceNow' -Url 'https://northdakota.service-now.com/'
|
||||
New-PSULoginPageLink -Text 'VMware vCenter' -Url 'https://itdvmvc1.nd.gov/ui'
|
||||
New-PSULoginPageLink -Text 'Microsoft Azure' -Url 'https://portal.azure.com'
|
||||
New-PSULoginPageLink -Text 'Passwordstate' -Url 'https://itdpv.nd.gov'
|
||||
New-PSULoginPageLink -Text 'Solarwinds' -Url 'https://solarwinds.nd.gov/'
|
||||
New-PSULoginPageLink -Text 'Panorama' -Url 'https://panorama-gov.nd.gov/php/login.php'
|
||||
New-PSULoginPageLink -Text 'Ansible' -Url 'https://ansible.nd.gov/#/login'
|
||||
New-PSULoginPageLink -Text 'Confluence Wiki' -Url 'https://wiki.nd.gov/i/dashboard.action'
|
||||
)
|
||||
}
|
||||
New-PSULoginPage @Parameters
|
||||
+1
@@ -0,0 +1 @@
|
||||
New-PSUPublishedFolder -RequestPath "/PSUniversal_Extras" -Path "E:\PSUniversal_Extras" -Name "PSUniversal_Extras"
|
||||
@@ -0,0 +1,160 @@
|
||||
New-PSURole -Name "Administrator" -Description "Administrators can manage settings, create and edit any entity and view all the entities with PowerShell Universal." -Policy {
|
||||
param(
|
||||
[Security.ClaimsPrincipal]$User
|
||||
)
|
||||
|
||||
<#
|
||||
Policies should return $true or $false to determine whether the user has the particular
|
||||
claim that require them for that role.
|
||||
#>
|
||||
|
||||
#$false
|
||||
|
||||
<#
|
||||
$UserName = ($User.Identity.Name)
|
||||
$UserName = $UserName.Substring($UserName.IndexOf('\') + 1, ($UserName.Length - ($UserName.IndexOf('\') + 1)))
|
||||
|
||||
$IsMember = $false;
|
||||
|
||||
# Perform LDAP Group Member Lookup
|
||||
$Searcher = New-Object DirectoryServices.DirectorySearcher
|
||||
$Searcher.SearchRoot = 'LDAP://OU=USERS, OU=ITD, DC=nd, DC=gov' # INSERT ROOT LDAP HERE
|
||||
$Searcher.Filter = "(&(objectCategory=person)(memberOf=CN=ITD-PSUniversal-Admin,OU=ITDGROUPS,OU=GROUPS,OU=ITD,DC=nd,DC=gov))" #GROUP INSERT DN TO CHECK HERE
|
||||
$Users = $Searcher.FindAll()
|
||||
$Users | ForEach-Object {
|
||||
If ($_.Properties.samaccountname -eq $UserName) {
|
||||
$IsMember = $true;
|
||||
"$UserName is a member of admin group!" | Out-File "C:\test\adgroup.txt"
|
||||
}
|
||||
else {
|
||||
"$UserName is NOT member of admin group!" | Out-File "C:\test\adgroup.txt"
|
||||
}
|
||||
}
|
||||
|
||||
return $IsMember
|
||||
#>
|
||||
|
||||
param($User)
|
||||
|
||||
$Roles = $User.Claims | Where-Object Type -eq Group | Select-Object -ExpandProperty Value
|
||||
$Roles -contains 'ITD-PSUniversal-Admin'
|
||||
}
|
||||
New-PSURole -Name "Operator" -Description "Operators have access to manage and execute scripts, create other entities within PowerShell Universal but cannot manage PowerShell Universal itself." -Policy {
|
||||
param(
|
||||
[Security.ClaimsPrincipal]$User
|
||||
)
|
||||
|
||||
<#
|
||||
Policies should return $true or $false to determine whether the user has the particular
|
||||
claim that require them for that role.
|
||||
#>
|
||||
|
||||
$false
|
||||
}
|
||||
New-PSURole -Name "Reader" -Description "Readers have read-only access to PowerShell Universal. They cannot make changes to any entity within the system." -Policy {
|
||||
param(
|
||||
[Security.ClaimsPrincipal]
|
||||
$User
|
||||
)
|
||||
|
||||
<#
|
||||
Policies should return $true or $false to determine whether the user has the particular
|
||||
claim that require them for that role.
|
||||
#>
|
||||
$User | ConvertTo-Json | Set-Content ("C:\temp\user-" + $User.Identity.Name + ".json")
|
||||
$Roles = $User.Claims | Where-Object Type -eq Group | Select-Object -ExpandProperty Value
|
||||
$Roles -match "ITD-PSUniversal-*"
|
||||
|
||||
}
|
||||
New-PSURole -Name "Execute" -Description "Execute scripts within PowerShell Universal." -Policy {
|
||||
param(
|
||||
[Security.ClaimsPrincipal]$User
|
||||
)
|
||||
|
||||
<#
|
||||
Policies should return $true or $false to determine whether the user has the particular
|
||||
claim that require them for that role.
|
||||
#>
|
||||
|
||||
$false
|
||||
}
|
||||
New-PSURole -Name "User" -Description "Does not have access to the admin console but can be assigned resources like APIs, scripts, dashboards and pages." -Policy {
|
||||
param(
|
||||
[Security.ClaimsPrincipal]$User
|
||||
)
|
||||
|
||||
<#
|
||||
Policies should return $true or $false to determine whether the user has the particular
|
||||
claim that require them for that role.
|
||||
#>
|
||||
|
||||
$false
|
||||
}
|
||||
|
||||
|
||||
###### Team-TeamName nd.gov Active Directory groups
|
||||
New-PSURole -Name "Team-Windows" -Policy {
|
||||
param($User)
|
||||
$Roles = $User.Claims | Where-Object Type -eq Group | Select-Object -ExpandProperty Value
|
||||
$Roles -contains "ITD-PSUniversal-Team-Windows"
|
||||
}
|
||||
|
||||
New-PSURole -Name "Team-Linux" -Policy {
|
||||
param($User)
|
||||
$Roles = $User.Claims | Where-Object Type -eq Group | Select-Object -ExpandProperty Value
|
||||
$Roles -contains "ITD-PSUniversal-Team-Linux"
|
||||
}
|
||||
|
||||
New-PSURole -Name "Team-ConnectND" -Policy {
|
||||
param($User)
|
||||
$Roles = $User.Claims | Where-Object Type -eq Group | Select-Object -ExpandProperty Value
|
||||
$Roles -contains "ITD-PSUniversal-Team-ConnectND"
|
||||
}
|
||||
|
||||
New-PSURole -Name "Team-Network" -Policy {
|
||||
param($User)
|
||||
$Roles = $User.Claims | Where-Object Type -eq Group | Select-Object -ExpandProperty Value
|
||||
$Roles -contains "ITD-PSUniversal-Team-Network"
|
||||
}
|
||||
|
||||
New-PSURole -Name "Team-Tier2" -Policy {
|
||||
param($User)
|
||||
$Roles = $User.Claims | Where-Object Type -eq Group | Select-Object -ExpandProperty Value
|
||||
$Roles -contains "ITD-PSUniversal-Team-Tier2"
|
||||
}
|
||||
|
||||
New-PSURole -Name "Team-Mgmt" -Policy {
|
||||
param($User)
|
||||
$Roles = $User.Claims | Where-Object Type -eq Group | Select-Object -ExpandProperty Value
|
||||
$Roles -contains "ITD-PSUniversal-Team-Mgmt"
|
||||
}
|
||||
|
||||
|
||||
###### ITD App-AppName nd.gov Active Directory Groups
|
||||
<# New Role for Apps example
|
||||
New-PSURole -Name "App-Infra-XXXXX" -Policy {
|
||||
param($User)
|
||||
$Roles = $User.Claims | Where-Object Type -eq Group | Select-Object -ExpandProperty Value
|
||||
$Roles -contains "ITD-PSUniversal-App-Infra-XXXXX"
|
||||
}
|
||||
#>
|
||||
|
||||
New-PSURole -Name "App-Infra-VMware" -Policy {
|
||||
param($User)
|
||||
$Roles = $User.Claims | Where-Object Type -eq Group | Select-Object -ExpandProperty Value
|
||||
$Roles -contains "ITD-PSUniversal-App-Infra-VMware"
|
||||
}
|
||||
|
||||
New-PSURole -Name "App-ITD-WindowsServer" -Policy {
|
||||
param($User)
|
||||
$Roles = $User.Claims | Where-Object Type -eq Group | Select-Object -ExpandProperty Value
|
||||
$Roles -contains "ITD-PSUniversal-App-ITD-WindowsServer"
|
||||
}
|
||||
|
||||
New-PSURole -Name "App-Shared-Powerschool" -Policy {
|
||||
param($User)
|
||||
$Roles = $User.Claims | Where-Object Type -eq Group | Select-Object -ExpandProperty Value
|
||||
$Roles -contains "ITD-PSUniversal-App-Shared-PowerSchool"
|
||||
}
|
||||
|
||||
|
||||
+13
@@ -0,0 +1,13 @@
|
||||
New-PSUSchedule -Cron "0 13 * * 1-5" -Script "Infra-VMware.VirtualMachine\Move-ITDVMwareVMToAppNameFolder_Auto.ps1" -TimeZone "America/Chicago" -Parameters @{
|
||||
NewBuilds = $true
|
||||
} -Name "Move-ITDVMwareVMToAppNameFolder_Auto"
|
||||
New-PSUSchedule -Cron "7/30 8-16 * * *" -Script "ITD-WindowsServer.Lifecycle\New-ITDWindowsVm_Auto.ps1" -TimeZone "America/Chicago" -Name "New-ITDWindowsVm_Auto" -Paused
|
||||
New-PSUSchedule -Cron "0 * * * *" -Script "Infra-VMware.Snapshot\Remove-ITDVMwareVMSnapshotExpired.ps1" -TimeZone "America/Chicago" -Name "Remove-ITDVMwareVMSnapshotExpired" -Paused -RandomDelay
|
||||
New-PSUSchedule -Cron "27 8-16/2 * * 1-5" -Script "ITD-WindowsServer.General\Remove-ITDWindowsServer.ps1" -TimeZone "America/Chicago" -Name "Remove-ITDWindowsServer" -Paused -RandomDelay -RandomDelayMaximum 300
|
||||
New-PSUSchedule -Cron "33 8-16/2 * * *" -Script "Infra-VMware.VirtualMachine\Set-ITDVMwareVMTagFromCmdb.ps1" -TimeZone "America/Chicago" -Name "Set-ITDVMwareVMTagFromCmdb_NewBuilds" -Paused
|
||||
New-PSUSchedule -Cron "0 */1 * * *" -Script "Infra-VMware.VirtualMachine\Sync-ITDServerBuildRITMs.ps1" -TimeZone "America/Chicago" -Name "Sync-ITDServerBuildRITMs.ps1" -Paused -RandomDelay -RandomDelayMaximum 600
|
||||
New-PSUSchedule -Cron "23 8-16/2 * * *" -Script "Infra-VMware.VirtualMachine\Sync-ITDVMwareVMTagsFromCmdb.ps1" -TimeZone "America/Chicago" -Name "Sync-ITDVMwareVMTagsFromCmdb" -Paused
|
||||
New-PSUSchedule -Cron "13 8-17 * * *" -Script "Infra-Servers-PowerShellUniversal\Update-ITDModule.ps1" -TimeZone "America/Chicago" -Name "Update-ITDModule.ps1" -Paused -RandomDelay -RandomDelayMaximum 600
|
||||
New-PSUSchedule -Cron "*/20 * * * *" -Script "Infra-VMware.VirtualMachine\Update-ITDSnowVMTaskDescription.ps1" -TimeZone "America/Chicago" -Name "Update-ITDSnowVMTaskDescription" -Paused -RandomDelay
|
||||
New-PSUSchedule -Cron "*/20 * * * *" -Script "Infra-VMware.Snapshot\Update-ITDVMwareVMSnapshotStatus.ps1" -TimeZone "America/Chicago" -Name "Update-ITDVMwareVMSnapshotStatus" -Paused -RandomDelay
|
||||
New-PSUSchedule -Cron "* * * * *" -Script "ZM-Test\Test-ITDSchedule.ps1" -TimeZone "America/Chicago" -Credential "ndgov_svcitdvmvcauto" -Environment "Agent" -Name "ZM-Test\Test-ITDSchedule" -Paused
|
||||
@@ -0,0 +1,39 @@
|
||||
New-PSUScript -Name "Add-ITDADUserSPN.ps1" -Description "Add-ITDADUserSPN.ps1" -Tag @('ITD-WindowsServer_Modify','Team-Windows_Execute') -Path "Infra-ActiveDirectory.Object\Add-ITDADUserSPN.ps1" -Environment "Agent" -ErrorAction "Stop" -Credential "ndgov_svcitdpsuad"
|
||||
New-PSUScript -Name "Add-ITDServerBuildRitmToSql.ps1" -Description "Add-ITDServerBuildRitmToSql.ps1" -Tag @('Infra-VMware_Modify') -Path "Infra-VMware.VirtualMachine\Add-ITDServerBuildRitmToSql.ps1" -Environment "Agent"
|
||||
New-PSUScript -Name "Add-ITDSolarwindsNode.ps1" -Description "Add-ITDSolarwindsNode.ps1" -Tag @('ITD-WindowsServer_Modify') -Path "Infra-Monitoring-Solarwinds\Add-ITDSolarwindsNode.ps1" -Environment "PowerShell 7" -Credential "ndgov_svcitdiaasauto"
|
||||
New-PSUScript -Name "Approve-ITDWindowsServer.ps1" -Description "Approve-ITDWindowsServer.ps1" -Tag @('ITD-WindowsServer_Modify') -Path "ITD-WindowsServer.General\Approve-ITDWindowsServer.ps1" -Environment "Agent" -Credential "ndgov_svcitdiaasauto"
|
||||
New-PSUScript -Name "Get-HelloWorld.ps1" -Description "Get-HelloWorld.ps1" -Tag @('ITD-WindowsServer_Modify') -Path "ZM-Test\Get-HelloWorld.ps1" -Environment "Agent" -Credential "ndgov_svcitdiaasauto"
|
||||
New-PSUScript -Name "Get-ITDExpiredFiles.ps1" -Description "Get-ITDExpiredFiles.ps1" -Tag @('ITD-WindowsServer_Modify','Team-Windows_Execute') -Path "ITD-WindowsServer.FileManagement\Get-ITDExpiredFiles.ps1" -Environment "PowerShell 7" -ErrorAction "Stop" -Credential "ndgov_svcitdpsuwin"
|
||||
New-PSUScript -Name "Get-ITDVMwareLunIdNextAvailable.ps1" -Description "Get-ITDVMwareLunIdNextAvailable.ps1" -Tag @('Infra-VMware_Modify') -Path "Infra-VMware.Administration\Get-ITDVMwareLunIdNextAvailable.ps1"
|
||||
New-PSUScript -Name "Get-ITDVMwareVMGuestIPsForPA.ps1" -Description "Get-ITDVMwareVMGuestIPsForPA.ps1" -Tag @('Infra-VMware_Modify') -Path "Infra-VMware.Administration\Get-ITDVMwareVMGuestIPsForPA.ps1"
|
||||
New-PSUScript -Name "Move-ITDVMwareVMToAppNameFolder_Auto.ps1" -Description "Move-ITDVMwareVMToAppNameFolder_Auto.ps1" -Tag @('Infra-VMware_Modify') -Path "Infra-VMware.VirtualMachine\Move-ITDVMwareVMToAppNameFolder_Auto.ps1" -Environment "Agent" -Credential "ndgov_svcitdvmvcauto"
|
||||
New-PSUScript -Name "New-ITDADServiceAccount.ps1" -Description "New-ITDADServiceAccount.ps1" -Tag @('ITD-WindowsServer_Modify','Team-Windows_Execute') -Path "Infra-ActiveDirectory.Object\New-ITDADServiceAccount.ps1" -Environment "Agent" -ErrorAction "Stop" -Credential "ndgov_svcitdpsuad"
|
||||
New-PSUScript -Name "New-ITDPSUScript.ps1" -Description "New-ITDPSUScript.ps1" -Tag @('ITD-WindowsServer_Modify','Team-Windows_Execute') -Path "Infra-Servers-PowerShellUniversal\New-ITDPSUScript.ps1" -Environment "Integrated"
|
||||
New-PSUScript -Name "New-ITDVMwareSharePointVMRecordFromRITM.ps1" -Description "New-ITDVMwareSharePointVMRecordFromRITM.ps1 [[-Fqdn] <string>] [[-RitmNum] <string>]" -Tag @('Infra-VMware_Modify') -Path "Infra-VMware.VirtualMachine\New-ITDVMwareSharePointVMRecordFromRITM.ps1" -Environment "PowerShell 7" -Credential "ndgov_svcitdiaassprw"
|
||||
New-PSUScript -Name "New-ITDVMwareVMSnapshotTask.ps1" -Description "New-ITDVMwareVMSnapshotTask.ps1" -Tag @('Infra-VMware_Modify','Team-Linux_Execute','Team-Network_Execute','Team-Tier2_Execute','Team-Windows_Execute') -Path "Infra-VMware.Snapshot\New-ITDVMwareVMSnapshotTask.ps1" -Environment "PowerShell 7" -Credential "ndgov_svcitdvmsnapmgr" -Role @('Team-Windows')
|
||||
New-PSUScript -Name "New-ITDWindowsVm_Auto.ps1" -Description "New-ITDWindowsVm_Auto.ps1" -Tag @('ITD-WindowsServer_Modify') -Path "ITD-WindowsServer.Lifecycle\New-ITDWindowsVm_Auto.ps1" -Environment "Agent" -Credential "ndgov_svcitdiaasauto"
|
||||
New-PSUScript -Name "New-ITDWindowsVm_Step3.ps1" -Description "New-ITDWindowsVm_Step3.ps1" -Tag @('ITD-WindowsServer_Modify') -Path "ITD-WindowsServer.Lifecycle\New-ITDWindowsVm_Step3.ps1" -Environment "Agent" -Credential "ndgov_svcitdiaasauto"
|
||||
New-PSUScript -Name "New-ITDWindowsVmAzure_Manual.ps1" -Description "New-ITDWindowsVmAzure_Manual.ps1" -Tag @('ITD-WindowsServer_Modify') -Path "ITD-WindowsServer.General\New-ITDWindowsVmAzure_Manual.ps1" -Environment "Agent" -Credential "ndgov_svcitdiaasauto"
|
||||
New-PSUScript -Name "New-ITDWindowsVmAzure_Step1.ps1" -Description "New-ITDWindowsVmAzure_Step1.ps1" -Tag @('ITD-WindowsServer_Modify') -Path "ITD-WindowsServer.Lifecycle\New-ITDWindowsVmAzure_Step1.ps1" -Environment "Agent" -Credential "ndgov_svcitdiaasauto"
|
||||
New-PSUScript -Name "New-ITDWindowsVmAzure_Step2.ps1" -Description "New-ITDWindowsVmAzure_Step2.ps1" -Tag @('ITD-WindowsServer_Modify') -Path "ITD-WindowsServer.Lifecycle\New-ITDWindowsVmAzure_Step2.ps1" -Environment "Agent" -Credential "ndgov_svcitdiaasauto"
|
||||
New-PSUScript -Name "New-ITDWindowsVmVMware_Manual.ps1" -Description "New-ITDWindowsVmVMware_Manual.ps1" -Tag @('ITD-WindowsServer_Modify') -Path "ITD-WindowsServer.General\New-ITDWindowsVmVMware_Manual.ps1" -Environment "Agent" -DisableManualInvocation -Credential "ndgov_svcitdiaasauto"
|
||||
New-PSUScript -Name "New-ITDWindowsVmVMware_Step1.ps1" -Description "New-ITDWindowsVmVMware_Step1.ps1" -Tag @('ITD-WindowsServer_Modify') -Path "ITD-WindowsServer.Lifecycle\New-ITDWindowsVmVMware_Step1.ps1" -Environment "Agent" -Credential "ndgov_svcitdiaasauto"
|
||||
New-PSUScript -Name "New-ITDWindowsVmVMware_Step2.ps1" -Description "New-ITDWindowsVmVMware_Step2.ps1" -Tag @('ITD-WindowsServer_Modify') -Path "ITD-WindowsServer.Lifecycle\New-ITDWindowsVmVMware_Step2.ps1" -Environment "Agent" -Credential "ndgov_svcitdiaasauto"
|
||||
New-PSUScript -Name "New-TestNestedInvoke.ps1" -Description "New-TestNestedInvoke.ps1" -Tag @('Team-Windows_Modify') -Path "ZM-Test\New-TestNestedInvoke.ps1" -Environment "Agent" -Credential "ndgov_svcitdiaasauto"
|
||||
New-PSUScript -Name "Remove-ITDExpiredFiles.ps1" -Description "Remove-ITDExpiredFiles.ps1" -Tag @('ITD-WindowsServer_Modify') -Path "ITD-WindowsServer.FileManagement\Remove-ITDExpiredFiles.ps1" -Environment "PowerShell 7" -ErrorAction "Stop" -Credential "ndgov_svcitdpsuwin"
|
||||
New-PSUScript -Name "Remove-ITDSolarwindsNode.ps1" -Description "Remove-ITDSolarwindsNode.ps1" -Tag @('ITD-WindowsServer_Modify') -Path "Infra-Monitoring-Solarwinds\Remove-ITDSolarwindsNode.ps1" -Environment "PowerShell 7" -Credential "ndgov_svcitdiaasauto"
|
||||
New-PSUScript -Name "Remove-ITDVMwareVMSnapshotExpired.ps1" -Description "Remove-ITDVMwareVMSnapshotExpired.ps1" -Tag @('Infra-VMware_Modify') -Path "Infra-VMware.Snapshot\Remove-ITDVMwareVMSnapshotExpired.ps1" -Environment "PowerShell 7" -Credential "ndgov_svcitdvmsnapmgr"
|
||||
New-PSUScript -Name "Remove-ITDWindowsServer.ps1" -Description "Remove-ITDWindowsServer.ps1" -Tag @('ITD-WindowsServer_Modify') -Path "ITD-WindowsServer.General\Remove-ITDWindowsServer.ps1" -Environment "Agent" -Credential "ndgov_svcitdiaasauto"
|
||||
New-PSUScript -Name "Set-ITDVMwareVMTagFromCmdb.ps1" -Description "Set-ITDVMwareVMTagFromCmdb.ps1" -Tag @('Infra-VMware_Modify') -Path "Infra-VMware.VirtualMachine\Set-ITDVMwareVMTagFromCmdb.ps1" -Environment "Agent" -Credential "ndgov_svcitdvmvcauto"
|
||||
New-PSUScript -Name "Sync-ITDServerBuildRITMs.ps1" -Description "Sync-ITDServerBuildRITMs.ps1" -Tag @('Infra-VMware_Modify') -Path "Infra-VMware.VirtualMachine\Sync-ITDServerBuildRITMs.ps1" -Environment "Agent"
|
||||
New-PSUScript -Name "Sync-ITDVMwareVMMetadataToSharePoint.ps1" -Description "Sync-ITDVMwareVMMetadataToSharePoint.ps1" -Tag @('Infra-VMware_Modify','Team-Mgmt_Execute') -Path "Infra-VMware.VirtualMachine\Sync-ITDVMwareVMMetadataToSharePoint.ps1" -Environment "Agent" -Credential "ndgov_svcitdiaassprw"
|
||||
New-PSUScript -Name "Sync-ITDVMwareVMTagsFromCmdb.ps1" -Description "Sync-ITDVMwareVMTagsFromCmdb.ps1" -Tag @('Infra-VMware_Modify') -Path "Infra-VMware.VirtualMachine\Sync-ITDVMwareVMTagsFromCmdb.ps1" -Environment "Agent" -Credential "ndgov_svcitdvmvcauto"
|
||||
New-PSUScript -Name "Sync-ITDVMwareVMToSql.ps1" -Description "Sync-ITDVMwareVMToSql.ps1" -Tag @('Infra-VMware_Modify') -Path "Infra-VMware.Administration\Sync-ITDVMwareVMToSql.ps1" -Environment "PowerShell 7" -Credential "ndgov_itdvcenterscript"
|
||||
New-PSUScript -Name "Test-InvokeZM.ps1" -Description "Test-InvokeZM.ps1" -Path "ZM-Test\Test-InvokeZM.ps1"
|
||||
New-PSUScript -Name "Test-ITDSchedule.ps1" -Description "Test-ITDSchedule.ps1" -Tag @('Infra-VMware_Modify') -Path "ZM-Test\Test-ITDSchedule.ps1"
|
||||
New-PSUScript -Name "Test-PSUVariable.ps1" -Description "Test-PSUVariable.ps1" -Tag @('Infra-VMware_Execute') -Path "ZM-Test\Test-PSUVariable.ps1"
|
||||
New-PSUScript -Name "test-sql.ps1" -Description "test-sql.ps1" -Path "ZM-Test\test-sql.ps1"
|
||||
New-PSUScript -Name "Update-ITDModule.ps1" -Description "Update-ITDModule.ps1" -Tag @('Infra-VMware_Modify') -Path "Infra-Servers-PowerShellUniversal\Update-ITDModule.ps1" -Environment "7.2.24"
|
||||
New-PSUScript -Name "Update-ITDSnowVMTaskDescription.ps1" -Description "Update-ITDSnowVMTaskDescription.ps1" -Tag @('Infra-VMware_Modify') -Path "Infra-VMware.VirtualMachine\Update-ITDSnowVMTaskDescription.ps1" -Environment "Agent" -ErrorAction "Stop"
|
||||
New-PSUScript -Name "Update-ITDSolarwindsNodeFromSNowRitm.ps1" -Description "Update-ITDSolarwindsNodeFromSNowRitm.ps1" -Tag @('ITD-WindowsServer_Modify') -Path "Infra-Monitoring-Solarwinds\Update-ITDSolarwindsNodeFromSNowRitm.ps1" -Environment "PowerShell 7" -Credential "ndgov_svcitdiaasauto"
|
||||
New-PSUScript -Name "Update-ITDVMwareVMSnapshotStatus.ps1" -Description "Update-ITDVMwareVMSnapshotStatus.ps1" -Tag @('Infra-VMware_Modify') -Path "Infra-VMware.Snapshot\Update-ITDVMwareVMSnapshotStatus.ps1" -Environment "PowerShell 7" -Credential "ndgov_svcitdvmsnapmgr"
|
||||
@@ -0,0 +1,6 @@
|
||||
$Parameters = @{
|
||||
LogLevel = "Error"
|
||||
HideRunAs = $true
|
||||
HideRunOn = $true
|
||||
}
|
||||
Set-PSUSetting @Parameters
|
||||
@@ -0,0 +1,16 @@
|
||||
New-PSUTag -Name "Infra-VMware_Execute" -Color "#d4380d"
|
||||
New-PSUTag -Name "Team-Windows_Execute" -Color "#391085"
|
||||
New-PSUTag -Name "Team-Network_Execute" -Color "#c41d7f"
|
||||
New-PSUTag -Name "Infra-VMware_Modify" -Color "#fa541c"
|
||||
New-PSUTag -Name "Team-Windows_Modify" -Color "#722ed1"
|
||||
New-PSUTag -Name "Team-Network_Modify" -Color "#f759ab"
|
||||
New-PSUTag -Name "Team-Linux_Execute" -Color "#096dd9"
|
||||
New-PSUTag -Name "Team-Linux_Modify" -Color "#40a9ff"
|
||||
New-PSUTag -Name "Team-Tier2_Execute" -Color "#389e0d"
|
||||
New-PSUTag -Name "Team-Tier2_Modify" -Color "#7cb305"
|
||||
New-PSUTag -Name "Shared-PowerSchool_Execute"
|
||||
New-PSUTag -Name "Shared-PowerSchool_Modify"
|
||||
New-PSUTag -Name "ITD-WindowsServer_Execute" -Color "#874d00"
|
||||
New-PSUTag -Name "ITD-WindowsServer_Modify" -Color "#d48806"
|
||||
New-PSUTag -Name "Team-Mgmt_Execute" -Color "#780650"
|
||||
New-PSUTag -Name "Team-Mgmt_Modify" -Color "#c41d7f"
|
||||
@@ -0,0 +1 @@
|
||||
|
||||
+12
@@ -0,0 +1,12 @@
|
||||
New-PSUVariable -Name "sql_itdpsu1" -Vault "Database" -Type "PSCredential"
|
||||
New-PSUVariable -Name "ndgov_svcitdvmsnapmgr" -Vault "Database" -Type "PSCredential" -Description "Owner: Infra-VMware"
|
||||
New-PSUVariable -Name "ndgov_svcitdvmvcauto" -Vault "Database" -Type "PSCredential" -Description "Owner: Infra-VMware" -Role @('App-Infra-VMware')
|
||||
New-PSUVariable -Name "ndgov_svcitdpsuad" -Vault "Database" -Type "PSCredential" -Description "Owner: Infra-WindowsServer" -Role @('Team-Windows','Team-Tier2')
|
||||
New-PSUVariable -Name "snow_vmcred" -Vault "Database" -Type "PSCredential" -Description "Owner: Infra-VMware"
|
||||
New-PSUVariable -Name "ndgov_svcitdiaasauto" -Vault "Database" -Type "PSCredential" -Description "Owner: Infra-WindowsServer" -Role @('App-ITD-WindowsServer','Administrator')
|
||||
New-PSUVariable -Name "ndgov_itdsccmsrvcpia" -Vault "Database" -Type "PSCredential" -Description "Owner: Infra-WindowsServer" -Role @('App-ITD-WindowsServer')
|
||||
New-PSUVariable -Name "ndgov_svcitdpsuwin" -Vault "Database" -Type "PSCredential" -Description "Owner: Infra-WindowsServer" -Role @('App-ITD-WindowsServer')
|
||||
New-PSUVariable -Name "ndgov_svcitdvmvcro" -Vault "Database" -Type "PSCredential" -Description "Owner: Infra-VMware"
|
||||
New-PSUVariable -Name "ndgov_svcitdiaassprw" -Vault "Database" -Type "PSCredential" -Description "Owner: Infra-VMware"
|
||||
New-PSUVariable -Name "ndgov_itdvcenterscript" -Vault "Database" -Type "PSCredential" -Description "Owner: Infra-VMware" -Role @('App-Infra-VMware')
|
||||
New-PSUVariable -Name "azure_iaasserviceprincipal" -Vault "Database" -Type "System.String" -Description "Owner: App-ITD-WindowsServer" -Role @('App-ITD-WindowsServer')
|
||||
Reference in New Issue
Block a user