Powershell Password Change Job for IPMI Devices
Start with the following PowerShell snippet to create a password change job for an IPMI device that has been previously enrolled.
Note that there is only a cmdlet to perform a Windows password change job. All jobs start as Windows password change jobs and are transformed into jobs for the other target platforms. This the proper way to create a password change job for an IPMI device is:
- New-LSJobWindowsChangePassword - this creates the initial job (yes, for the wrong platform).
- Set-LSJobChangePasswordChangeSettings - this will let you define everything, including that you want to do it for an IPMI device.
- Set-LSJobSchedule
In the example code below, the schedule portion of the job is not configured.
#The following will create an IPMI password change job that will login as ADMIN using the password from the store and randomize an account called Scooby. #Be aware, most of these devices are case sensitive!!! #You have to authenticate first! $token = Get-LSLoginToken #Set target elements $tsystem = '192.168.1.151' $lAccount = 'ADMIN' #$lAPwd = 'ADMIN' #shouldn't be needed as the device is already enrolled with a password as a valid account store. But just in case, use this value when 'UseSavedPasswords = 0' for JobSettings $tType = 'ACCOUNT_TYPE_IPMI' #This sets the job to an IPMI password change job $tAccount = 'Scooby' $pwCType = 'PWD_CHANGE_TYPE_GEN_RANDOM' #This sets the job to use a random password rather than a fixed/static password $pwCompat = 'PWD_COMPAT_W2K' #This sets the job to use WIN2K compatibility mode so you can use passwords longer than 14 characters #Create the new job #The new job is added to a variable $nJob as we will need to pull the JobID from the message output $nJob = New-LSJobWindowsChangePassword -SystemName $tsystem -AccountName $tAccount -PasswordLength 10 -AuthenticationToken $token -CreateAccountIfNotFound $False #Grab JobID from Operation Message. JobID is the last element in the output message on success. $OMArray=$nJob.OperationMessage.Split() $JID = $OMArray[-1] #Update the job to be used for IPMI rather than for Windows and set other password constraints #Create PCJobSettings Objects $PCJobSettings = New-Object -TypeName LSClientAgentCommandlets.RouletteWebService.PasswordChangeSettings $PWConstraints = New-Object -TypeName LSClientAgentCommandlets.RouletteWebService.PasswordChangeConstraints #Define job settings $PCJobSettings.AccountType = [LSClientAgentCommandlets.RouletteWebService.EAccountType]::$tType $PCJobSettings.PasswordChangeType =[LSClientAgentCommandlets.RouletteWebService.EPasswordChangeType]::$pwCType $PCJobSettings.PasswordCompatibilityLevel = [LSClientAgentCommandlets.RouletteWebService.EPasswordCompatibilityLevel]::$pwCompat $PCJobSettings.FullAccountName = $tAccount $PCJobSettings.LoginName = $lAccount #$PCJobSettings.CurrentPassword = $lAPwd #Uncomment when 'UseSavedPasswords = 0' $PCJobSettings.Unique = 1 #Set to 1 to use a unique random password rather than a fixed random password $PCJobSettings.UseSavedPasswords = 1 #Set to 1 to instruct the job to use the password stored for the login account. If set to 0 you must supply (uncomment) the Current password and #lAPwd above $PCJobSettings.FirstCharacterSetBits = 15 #This sets the password settings to use all possible characters in the first position $PCJobSettings.LastCharacterSetBits = 15 #This sets the password settings to use all possible characters in the last position $PCJobSettings.MiddleCharactersSetBits = 15 #This sets the password settings to use all possible characters in the middle position $PCJobSettings.PasswordCharacterSetBits = 15 #This sets the password settings to use all possible characters for the general job $PCJobSettings.PasswordLength = 8 $PCJobSettings.MinLettersLcase = 1 $PCJobSettings.MinLettersUcase = 1 $PCJobSettings.MinNumbers = 1 $PCJobSettings.MinSymbols = 1 $PCJobSettings.PasswordSegments = 1 #Define constraints $PWConstraints.FailGenerationOnMissingPassfiltDLL = $False #If set to $True or not included, you must also define a path to the password filter or the job will fail. $PWConstraints.SymbolsExcludeProblematicWithAPIs = $True #Set to $False to enable all possible characters in the job #Assign the password constraints $PCJobSettings.PasswordConstraints = $PWConstraints #Apply the job with the new settings Set-LSJobPasswordChangeSettings -AuthenticationToken $token -PasswordChangeSettings $PCJobSettings -JobId $JID #Define the Job Schedule (commented out in this example as it is not configured) #Set-LSJobSchedule