|
|
|
The following is an example script extract that gets a privileged account password on Windows. This example assumes that the PUPM Agent is installed on the CA Access Control endpoint.
The script in this example attempts to add and delete an entry in the Windows registry using a privileged account password it obtains from CA Access Control Enterprise Management.
set AdminUser=PowerUser
FOR /F "tokens=*" %%i IN ('"C:\Program Files\AccessControl\bin\acpwd.exe" -get -account PowerUser
-ep comp1_123 -eptype "Windows Agentless" -container "Windows Accounts" -nologo') DO SET AdminPassword=%%i
set runasadmin="C:\utils\psexec.exe" -u %AdminUser% -p
%runasadmin% %AdminPassword% REG ADD "HKLM\SOFTWARE\PUPM Registry"
%runasadmin% %AdminPassword% REG DELETE "HKLM\SOFTWARE\PUPM Registry" /F
In this example, the script runs the PUPM Agent to get a privileged account password. The script contains the account name (PowerUser), the endpoint name (comp1_123), the endpoint type (Windows Agentless), the container name of the user (Windows Accounts). The script instructs the PUPM agent to display only the password, and uses the password to run the PsExec program as an administrative user to add and delete a registry entry.
| Copyright © 2012 CA. All rights reserved. |
|