WFM-Tools

2.0.5.8

Public/Test-PVWAServer.ps1

                                Function Test-PVWAServer {

    <#

.SYNOPSIS

    This Function Tests a specified PVWA Address point with a provided Connection Account and Server

    Function Assumes the Test Account has both RDP and ADMIN access on the specified Test Server

.NOTES

    Name: Start-PVWAPSMValidation

    Author: Luke Hagar

    Version: 1.0

    DateCreated: 6/1/2021

.Parameter TestServer 

    Server to Generate a connection to with the Test Account

.Parameter TestAccount

    User to Generate a connection with to the Test Server

.Parameter ConnectionAddress

    Connection address to Run New-PASSession Against

    Provide Full BaseURI in general format of "https://myvault.wholefoods.com"

.Parameter StartTime

.EXAMPLE

    Get-Certificates -ComputerName Hostname1

.LINK

#>

    [CmdletBinding()]

    param (

        [Parameter(

            valuefrompipelinebypropertyname

        )]

        $TestServer,

        [Parameter(

            valuefrompipelinebypropertyname

        )]

        $TestAccount,

        [Parameter(

            valuefrompipelinebypropertyname

        )]

        [String]

        $ConnectionAddress,

        [Parameter(

            valuefrompipelinebypropertyname

        )]

        [pscredential]

        $SafeCredential,

        [Parameter(

            valuefrompipelinebypropertyname

        )]

        [string]

        $LogLocation = "C:\temp\CyberArk Testing\PVWA"

    )

    Begin {

        Try { Close-PASSession }

        Catch { } 

    }

    Process {

        #region Variable Instantiation

        $StartTime = (Get-Date)

        $TestResult = $null

        Add-Type -AssemblyName PresentationFramework

        Write-Verbose "Starting PVWA Session"

        If ($null -eq $SafeCredential) {

            $RunningUser = Get-UserInfo

            $SafeCredential = Get-Credential -UserName $RunningUser.UserPrincipalName -Message "Provide Credentials for CyberArk Password Vault"

        }

        if ($null -ne $SafeCredential) {

            [System.Windows.MessageBox]::Show('Please Approve the Sign in Request on the Microsoft Authenticator app', 'CyberArk Connection Process', 'Ok') | Out-Null

            New-PASSession -Credential $SafeCredential -BaseURI $ConnectionAddress -type RADIUS

        } 

        else {

            Throw "No Credentials Provided"

        }

        Write-Verbose "Validatiing Provided Account"

        $TestAccount = Get-PASAccount -id $TestAccount.id | Select-Object *

        $TestAccountCredential = Get-PASAdminCredential $TestAccount

        If (!(Test-Path $LogLocation)) {

            New-Item -ItemType Directory $LogLocation 

        }

        #endregion Variable Instantiation

        Write-Host ""

        Write-Host "Testing Connection Point: $ConnectionAddress"

        Write-Host "Server: $TestServer"

        Write-Host "Account: $TestAccount"

        Write-Host "Test Start Time: $StartTime"

        Write-Host ""

        Write-Verbose "Generating RDP File"

        $RDPFile = New-PASPSMSession -AccountID $TestAccount.id -PSMRemoteMachine $TestServer -ConnectionComponent PSM-RDP

        $RDPFileFullPath = $RDPFile.FullName

        if (Test-Path $RDPFileFullPath) {

            Write-Host "$TestServer RDP File Created Successfully" -ForegroundColor Green

            Write-Host $RDPFileFullPath

            Write-Host ""

            Write-Host "Starting RDP Connection" -ForegroundColor Green

            $RDPProcess = Start-Process $RDPFileFullPath -PassThru

            Write-Host "Waiting 20 Seconds" -ForegroundColor Green

            Start-Sleep -Seconds 20

            Write-Host "Ending RDP Connection" -ForegroundColor Green

            Stop-Process $RDPProcess

        }

        else {

            Throw "

    RDP File Generation Failed 

    ($TestServer)

    ($TestAccount)

    ($ConnectionAddress)"

        }

        Try { 

            #TODO Investigate the proper use of this command, possibly with Privileges

            #cant test yet, appears to require CyberArk Admin privileges 

            Get-PASPSMSession 

        }

        Catch {

            #Query Server directly with the same account that is used to connect - Assumes Account also has admin on server not just RDP privileges

            $LogData = Get-Winevent -Credential $TestAccountCredential -Computer $TestServer -FilterHashtable @{Logname = 'security'; ID = 4624; StartTime = $StartTime }

            $ParsedLogData = $LogData | Get-WinEventData | Select-Object * | Where-Object { $_.EventDataTargetUserName -eq $TestAccount.Username }

            If ($ParsedLogData.EventDataTargetUserName -contains $TestAccount.Username) {

                Foreach ($Log in $ParsedLogData) {

                    If ($Log.KeywordsDisplayNames -contains "Audit Success") {

                        $TestResult = "Success"

                        Break

                    }

                    else {

                        $TestResult = "Failure"

                    }

                    Write-Host "Login Data from $TestServer shows $($Log.KeywordsDisplayNames) for $($Log.EventDataTargetUserName) at $($Log.TimeCreated)"

                }

            }

            Else {

                Write-Error "Login Logs from server do not show authentication events with the specified connection account"

            }

            $LogData | Export-CSV "$LogLocation\LogData.csv"

            $ParsedLogData | Export-CSV "$LogLocation\ParsedLogData.csv"

        }

        Return [PSCustomObject]@{

            TestServer        = $TestServer

            TestAccount       = $TestAccount

            ConnectionAddress = $ConnectionAddress

            RDPFilePath       = $RDPFileFullPath

            LogLocation       = $LogLocation

            TestResult        = $TestResult

        }

    }

    End {

        Try { Close-PASSession }

        Catch { } 

    }

}