Powershell Password Change Job for IPMI Devices
Start with the following PowerShell snippet to create a password change job for an IPMI device that has been previously enrolled.
Note that there is only a cmdlet to perform a Windows password change job. All jobs start as Windows password change jobs and are transformed into jobs for the other target platforms. This the proper way to create a password change job for an IPMI device is:
- New-LSJobWindowsChangePassword - this creates the initial job (yes, for the wrong platform).
- Set-LSJobChangePasswordChangeSettings - this will let you define everything, including that you want to do it for an IPMI device.
In the example code below, the schedule portion of the job is not configured.
#The following will create an IPMI password change job that will login as ADMIN using the password from the store and randomize an account called Scooby. #Be aware, most of these devices are case sensitive!!!
#You have to authenticate first! $token = Get-LSLoginToken #Set target elements $tsystem = '192.168.1.151' $lAccount = 'ADMIN' #$lAPwd = 'ADMIN' #shouldn't be needed as the device is already enrolled with a password as a valid account store. But just in case, use this value when 'UseSavedPasswords = 0' for JobSettings
$tType = 'ACCOUNT_TYPE_IPMI' #This sets the job to an IPMI password change job $tAccount = 'Scooby' $pwCType = 'PWD_CHANGE_TYPE_GEN_RANDOM' #This sets the job to use a random password rather than a fixed/static password $pwCompat = 'PWD_COMPAT_W2K' #This sets the job to use WIN2K compatibility mode so you can use passwords longer than 14 characters #Create the new job #The new job is added to a variable $nJob as we will need to pull the JobID from the message output $nJob = New-LSJobWindowsChangePassword -SystemName $tsystem -AccountName $tAccount -PasswordLength 10 -AuthenticationToken $token -CreateAccountIfNotFound $False #Grab JobID from Operation Message. JobID is the last element in the output message on success. $OMArray=$nJob.OperationMessage.Split() $JID = $OMArray[-1] #Update the job to be used for IPMI rather than for Windows and set other password constraints #Create PCJobSettings Objects $PCJobSettings = New-Object -TypeName LSClientAgentCommandlets.RouletteWebService.PasswordChangeSettings $PWConstraints = New-Object -TypeName LSClientAgentCommandlets.RouletteWebService.PasswordChangeConstraints #Define job settings $PCJobSettings.AccountType = [LSClientAgentCommandlets.RouletteWebService.EAccountType]::$tType $PCJobSettings.PasswordChangeType =[LSClientAgentCommandlets.RouletteWebService.EPasswordChangeType]::$pwCType $PCJobSettings.PasswordCompatibilityLevel = [LSClientAgentCommandlets.RouletteWebService.EPasswordCompatibilityLevel]::$pwCompat $PCJobSettings.FullAccountName = $tAccount $PCJobSettings.LoginName = $lAccount #$PCJobSettings.CurrentPassword = $lAPwd #Uncomment when 'UseSavedPasswords = 0' $PCJobSettings.Unique = 1 #Set to 1 to use a unique random password rather than a fixed random password $PCJobSettings.UseSavedPasswords = 1 #Set to 1 to instruct the job to use the password stored for the login account. If set to 0 you must supply (uncomment) the Current password and #lAPwd above $PCJobSettings.FirstCharacterSetBits = 15 #This sets the password settings to use all possible characters in the first position $PCJobSettings.LastCharacterSetBits = 15 #This sets the password settings to use all possible characters in the last position $PCJobSettings.MiddleCharactersSetBits = 15 #This sets the password settings to use all possible characters in the middle position $PCJobSettings.PasswordCharacterSetBits = 15 #This sets the password settings to use all possible characters for the general job $PCJobSettings.PasswordLength = 8 $PCJobSettings.MinLettersLcase = 1 $PCJobSettings.MinLettersUcase = 1 $PCJobSettings.MinNumbers = 1 $PCJobSettings.MinSymbols = 1 $PCJobSettings.PasswordSegments = 1 #Define constraints $PWConstraints.FailGenerationOnMissingPassfiltDLL = $False #If set to $True or not included, you must also define a path to the password filter or the job will fail. $PWConstraints.SymbolsExcludeProblematicWithAPIs = $True #Set to $False to enable all possible characters in the job #Assign the password constraints $PCJobSettings.PasswordConstraints = $PWConstraints #Apply the job with the new settings Set-LSJobPasswordChangeSettings -AuthenticationToken $token -PasswordChangeSettings $PCJobSettings -JobId $JID #Define the Job Schedule (commented out in this example as it is not configured) #Set-LSJobSchedule