The following is an example script extract that gets a privileged account password on Windows. This example assumes that the SAM Agent is installed on the CA ControlMinder endpoint.
The script in this example attempts to add and delete an entry in the Windows registry using a privileged account password it obtains from CA ControlMinder Enterprise Management.
set AdminUser=PowerUser
FOR /F "tokens=*" %%i IN ('"C:\Program Files\AccessControl\bin\acpwd.exe" -get -account PowerUser
-ep comp1_123 -eptype "Windows Agentless" -container "Windows Accounts" -nologo') DO SET AdminPassword=%%i
set runasadmin="C:\utils\psexec.exe" -u %AdminUser% -p
%runasadmin% %AdminPassword% REG ADD "HKLM\SOFTWARE\PUPM Registry"
%runasadmin% %AdminPassword% REG DELETE "HKLM\SOFTWARE\PUPM Registry" /F
In this example, the script runs the SAM Agent to get a privileged account password. The script contains the account name (PowerUser), the endpoint name (comp1_123), the endpoint type (Windows Agentless), the container name of the user (Windows Accounts). The script instructs the SAM agent to display only the password, and uses the password to run the PsExec program as an administrative user to add and delete a registry entry.
|
Copyright © 2013 CA Technologies.
All rights reserved.
|
|