Last active
January 27, 2022 16:49
-
-
Save infamousjoeg/2d12c9d5ae9eef3d878bf4a495f06582 to your computer and use it in GitHub Desktop.
PACLI EXAMPLE - How to add Usage/Dependency to Vaulted Service Account using CyberArk PACLI
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @ECHO OFF | |
| :: Method 1: Run a command prompt from the directory PACLI.exe is located in and type each command out line-by-line | |
| :: Method 2: Store into a .bat BATCH script and run that from the same directory as PACLI.exe | |
| :: Starts PACLI.exe to start receiving commands | |
| PACLI INIT | |
| :: Set Vault connection parameters | |
| PACLI DEFINEFROMFILE VAULT="CAMainVault" PARMFILE="Vault.ini" | |
| :: Set Default values for duration of PACLI session | |
| PACLI DEFAULT VAULT="CAMainVault" USER="PACLIUser" SAFE="Win-SvcAcct-Safe" FOLDER="Root" | |
| :: Logon to Vault using Logon cred or ini file storing user encrypted credentials | |
| PACLI LOGON LOGONFILE="User.ini" | |
| :: Open "Win-SvcAcct-Safe" for access | |
| PACLI OPENSAFE | |
| :: Add a password object to the safe where the master service account for this usage/dependency resides | |
| PACLI STOREPASSWORDOBJECT FILE="Operating System-WinDomain-ca.lab-svc1-WinService-memberserver.ca.lab-test" PASSWORD="password" | |
| :: Add required server file categories that define it as a Windows Service Usage and associated to it's master service account | |
| PACLI ADDFILECATEGORY FILE="Operating System-WinDomain-ca.lab-svc1-WinService-memberserver.ca.lab-test" CATEGORY="MasterPassName" VALUE="Operating System-WinDomain-ca.lab-svc1" | |
| PACLI ADDFILECATEGORY FILE="Operating System-WinDomain-ca.lab-svc1-WinService-memberserver.ca.lab-test" CATEGORY="MasterPassFolder" VALUE="Root" | |
| PACLI ADDFILECATEGORY FILE="Operating System-WinDomain-ca.lab-svc1-WinService-memberserver.ca.lab-test" CATEGORY="ServiceName" VALUE="Test" | |
| PACLI ADDFILECATEGORY FILE="Operating System-WinDomain-ca.lab-svc1-WinService-memberserver.ca.lab-test" CATEGORY="DeviceType" VALUE="Operating System" | |
| PACLI ADDFILECATEGORY FILE="Operating System-WinDomain-ca.lab-svc1-WinService-memberserver.ca.lab-test" CATEGORY="Address" VALUE="memberserver.ca.lab" | |
| PACLI ADDFILECATEGORY FILE="Operating System-WinDomain-ca.lab-svc1-WinService-memberserver.ca.lab-test" CATEGORY="PolicyID" VALUE="WinService" | |
| :: Add optional server file categories for Windows Service Usage, if desired | |
| PACLI ADDFILECATEGORY FILE="Operating System-WinDomain-ca.lab-svc1-WinService-memberserver.ca.lab-test" CATEGORY="RestartService" VALUE="Yes" | |
| :: Add optional server file categories for Logon Account to Usage | |
| PACLI ADDFILECATEGORY FILE="Operating System-WinDomain-ca.lab-svc1-WinService-memberserver.ca.lab-test" CATEGORY="ExtraPass1Folder" VALUE="<Logon Account Folder>" | |
| PACLI ADDFILECATEGORY FILE="Operating System-WinDomain-ca.lab-svc1-WinService-memberserver.ca.lab-test" CATEGORY="ExtraPass1Name" VALUE="<Logon Account Name>" | |
| PACLI ADDFILECATEGORY FILE="Operating System-WinDomain-ca.lab-svc1-WinService-memberserver.ca.lab-test" CATEGORY="ExtraPass1Safe" VALUE="<Logon Account Safe>" | |
| :: Add optional server file category to disable Usage for CPM Management | |
| PACLI ADDFILECATEGORY FILE="Operating System-WinDomain-ca.lab-svc1-WinService-memberserver.ca.lab-test" CATEGORY="CPMDisabled" VALUE="<Disable Reason>" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add-ServiceAccountUsage.bat
This BATCH script shows how to utilize the CyberArk PACLI to add service account usages/dependencies into CyberArk Enterprise Password Vault.