Skip to main content

Use cases

The following use cases represent a few possible scenarios.

Use case: Automate simple maintenance tasks on multiple servers

Quite often, administrators must perform a simple set of maintenance tasks across multiple servers. These tasks might include:

  • Updating Configuration

  • Restarting Services

  • Applying Patches

Note

Ensure the targets are configured to run the commands. For example, to run a PowerShell script on an NT target, ensure Bravura Security Fabric can communicate to the NT systems through PowerShell. This may include enabling remote access and running commands on the client such as:

Set-ExecutionPolicy RemoteSigned -Force
Set-Item wsman:\\localhost\\Client\\TrustedHosts -value *

If they need to perform these tasks on hundreds or thousands of servers, this process could take an extremely long time to perform, and is very tedious. Instead of doing the steps above over and over for each machine, the administrator could use account set access to:

  1. Search for managed accounts on the machines that require attention, saving this as an account set.

  2. Check out administrative access to the account set.

  3. Once approved and checked out, specify a series of commands to run on each machine.

  4. Execute the operation on every machine asynchronously with a single button press.

  5. View the results of the operation to ensure all actions were successful.

Under the covers, Bravura Privilege automatically performs the manual tasks of connecting, running and disconnecting from every selected machine.

Sample commands

Sample command to copy a file to your remote server in PowerShell:

net use "\\[COMPUTER]\c$" "[PASSWORD]" /USER:"[USERNAME]" /persistent:no
Copy-Item [PACKAGEPATH]\* \\[COMPUTER]\c$\installer
net use "\\$ComputerName\c$" /USER:"$Username" /delete

Sample command to deploy a script remotely in PowerShell:

$pw = convertto-securestring -AsPlainText -Force -String "[PASSWORD]"
$credentials = new-object -typename System.Management.Automation.PSCredential
   
 -argumentlist "[USERNAME]",$pw
invoke-command -ComputerName [COMPUTER] -Credential $credentials -scriptblock
   
 { [STATEMENT TO EXECUTE] }

Sample command to restart a service remotely in PowerShell:

$service = Get-WmiObject -Class Win32_Service -Filter "Name = '$ServiceName'"
$service | restart-service -Force

Sample command to install a utility in PowerShell:

[PACKAGEPATH]\package.exe

Use case: Query Status of Multiple Servers

This use case is similar to Use case: Automate simple maintenance tasks on multiple servers; however, instead of collecting logs, the administrator collects the output of the commands that were run. This would allow administrators to run commands such as ”report status” and collect standard output data for analysis.

Use case: Perform interactive maintenance on multiple servers

In this case, an administrator needs to perform the same maintenance actions on multiple servers; however, the action cannot be performed without human intervention. The search and check-out process for this use case would be the same as Use case: Automate simple maintenance tasks on multiple servers . However, instead of specifying a list of commands to run, the administrator could instead launch N (where N = some configurable value) interactive sessions, such as:

  • Remote Desktop Sessions

  • SSH Sessions

  • SQL Studio/Developer Sessions

These would all show up as separate windows on the authorized user’s desktop. The administrator could then perform the required maintenance, closing the sessions as they finish; for example:

  • The Remote desktop/ Remote App RDP access disclosure plug-in has been configured to allow the user to override the domain and hostname.

  • An administrator checks out an account set.

  • The administrator selects one managed account from the account set.

  • The administrator can edit the hostname and domain and run many RDP sessions, all on different servers.

  • The administrator then uses a different managed account in the account set to run more RDP sessions on different servers again.

    If more than one account in an account set is selected, the Run command is the only access disclosure plug-in available.

See Access disclosure plugins for information on the various access disclosure plug-ins.

In this section: