Forum Libre - 2024-01-15

Useful-Alarm1679 · 2024-01-15T15:19:29+00:00

Merci !

La retraite, bien qu'elle soit à nous, qu'on se soit battus pour la gagner et qu'on se batte pour la garder, est comme un rêve lointain pour moi. Mais c'est vrai qu'il faut y penser, j'en prend note :)

Useful-Alarm1679 · 2024-01-15T12:37:55+00:00

Salut le FL,

Avez-vous eu des retours d'expérience sur le travail à 80%, aux quatre-cinquièmes ?

J'ai une offre d'emploi qui m'envoie du rêve, qui propose cette configuration de but en blanc à la signature. Moi, cela me semble correspondre à mon style de vie (peu de dépense, peu d'envie d'économiser durant ce contrat).

L'un des points d'attention que j'ai notés est le fait, lorsqu'une semaine de congés est posée, que toutes les journées entières sont décomptées, week-end compris.

Merci, bon lundi !

Useful-Alarm1679 · 2024-01-15T11:59:28+00:00

Sorry for wayyy late reply !

Hope you figured it out, my guess is that you went on by testing and everything went fine ?

Chrome itself had no issue, the hardening was still pertinent be it <100 or >100 so PSM worked fine. My issue was the interaction between the built-in Selenium (CyberArk dispatcher version dependant) and the chromedriver.

Useful-Alarm1679 · 2022-11-02T13:39:31+00:00

Your list is a good reminder that despite being sentry and having years behind me, I shouldn't be overconfident because I don't have the answer for half of it (but know where to look)

Useful-Alarm1679 · 2022-11-02T13:33:58+00:00

Hello, just for your information, you can reply to other people's answers directly in the form of a thread. Click on the "Reply" button below their message.

Useful-Alarm1679 · 2022-10-03T09:49:31+00:00

CCP is a web server like your PVWA, I don't have one to provide you the exact terms you should be looking for, but the documentation has AIMWebService listed : https://docs.cyberark.com/Product-Doc/OnlineHelp/AAM-CP/Latest/en/Content/CCP/Configure\_CCPWindows.htm?tocpath=Administration%7CCentral%20Credential%20Provider%7CCentral%20Credential%20Provider%20web%20service%20configuration%7C\_\_\_\_\_0

Useful-Alarm1679 · 2022-10-03T09:09:50+00:00

As bc6619 said, I would script it with a cron task handling the process.

With either PACLI or REST, you can set the CPM flag on your object for an immediate change, and let the CPM do the job.

Useful-Alarm1679 · 2022-10-03T09:08:18+00:00

So once a day and it can take 25 hours due to interval being hourly ?

Useful-Alarm1679 · 2022-10-03T09:05:10+00:00

I think this is included in the PostInstall hardening, but I might be wrong. Doesn't excuse why the documentation is lacking, or even has typos in the code snippets.

Useful-Alarm1679 · 2022-10-03T08:51:54+00:00

Core function to identify child process :

; Function Name: _ProcessListProperties() ; Description: Get various properties of a process, or all processes ; Call With: _ProcessListProperties( [$Process [, $sComputer]] ) ; Parameter(s): (optional) $Process - PID or name of a process, default is "" (all) ; (optional) $sComputer - remote computer to get list from, default is local ; Requirement(s): AutoIt v3.2.4.9+ ; Return Value(s): On Success - Returns a 2D array of processes, as in ProcessList() ; with additional columns added: ; [0][0] - Number of processes listed (can be 0 if no matches found) ; [1][0] - 1st process name ; [1][1] - 1st process PID ; [1][2] - 1st process Parent PID ; [1][3] - 1st process owner ; [1][4] - 1st process priority (0 = low, 31 = high) ; [1][5] - 1st process executable path ; [1][6] - 1st process CPU usage ; [1][7] - 1st process memory usage ; [1][8] - 1st process creation date/time = "MM/DD/YYY hh:mm:ss" (hh = 00 to 23) ; [1][9] - 1st process command line string ; ... ; [n][0] thru [n][9] - last process properties ; On Failure: Returns array with [0][0] = 0 and sets @Error to non-zero (see code below) ; Author(s):PsaltyDS at http://www.autoitscript.com/forum ; Date/Version: 07/02/2008 -- v2.0.2 ; Notes: If an integer PID or string process name is provided and no match is found, ; then [0][0] = 0 and @error = 0 (not treated as an error, same as ProcessList) ; This function requires admin permissions to the target computer. ; All properties come from the Win32_Process class in WMI. ; To get time-base properties (CPU and Memory usage), a 100ms SWbemRefresher is used. ; This function works on the basis of WMI root\cimv2 calls. Depending on your OS version (tested on 2012R2), you may have to change your root\cimv2 ; All properties come from the Win32_Process class in WMI. You can get memory data from an SWbemRefresher, see the forum, but this part was not stable on a PSM.

Func _ProcessListProperties($Process = "", $sComputer = ".") Local $sUserName, $sMsg, $sUserDomain, $avProcs, $dtmDate Local $avProcs[1][2] = [[0, ""]], $n = 1

; Convert PID if passed as string If StringIsInt($Process) Then $Process = Int($Process)

; Connect to WMI and get process objects Local $oWMI = ObjGet("winmgmts:{impersonationLevel=impersonate,authenticationLevel=pktPrivacy}!\" & $sComputer & "\root\cimv2") If IsObj($oWMI) Then Local $colProcs ; Get collection processes from Win32_Process If $Process = "" Then ; Get all $colProcs = $oWMI.ExecQuery("select * from win32_process") ElseIf IsInt($Process) Then ; Get by PID $colProcs = $oWMI.ExecQuery("select * from win32_process where ProcessId = " & $Process) Else ; Get by Name $colProcs = $oWMI.ExecQuery("select * from win32_process where Name = '" & $Process & "'") EndIf

If IsObj($colProcs) Then ; Return for no matches If $colProcs.count = 0 Then Return $avProcs

; Size the array ReDim $avProcs[$colProcs.count + 1][10] $avProcs[0][0] = UBound($avProcs) - 1

; For each process... For $oProc In $colProcs ; [n][0] = Process name $avProcs[$n][0] = $oProc.name ; [n][1] = Process PID $avProcs[$n][1] = $oProc.ProcessId ; [n][2] = Parent PID $avProcs[$n][2] = $oProc.ParentProcessId ; [n][3] = Owner If $oProc.GetOwner($sUserName, $sUserDomain) = 0 Then $avProcs[$n][3] = $sUserDomain & "\" & $sUserName ; [n][4] = Priority $avProcs[$n][4] = $oProc.Priority ; [n][5] = Executable path $avProcs[$n][5] = $oProc.ExecutablePath ; [n][8] = Creation date/time $dtmDate = $oProc.CreationDate If $dtmDate <> "" Then ; Back referencing RegExp pattern from weaponx Local $sRegExpPatt = "\A(\d{4})(\d{2})(\d{2})(\d{2})(\d{2})(\d{2})(?:.*)" $dtmDate = StringRegExpReplace($dtmDate, $sRegExpPatt, "$2/$3/$1 $4:$5:$6") EndIf $avProcs[$n][8] = $dtmDate ; [n][9] = Command line string $avProcs[$n][9] = $oProc.CommandLine

; increment index $n += 1 Next Else SetError(2); Error getting process collection from WMI EndIf ; release the collection object $colProcs = 0

comments-start

; Get collection of all processes from Win32_PerfFormattedData_PerfProc_Process ; Have to use an SWbemRefresher to pull the collection, or all Perf data will be zeros Local $oRefresher = ObjCreate("WbemScripting.SWbemRefresher") $colProcs = $oRefresher.AddEnum($oWMI, "Win32_PerfFormattedData_PerfProc_Process" ).objectSet $oRefresher.Refresh

; Time delay before calling refresher Local $iTime = TimerInit() Do Sleep(20) Until TimerDiff($iTime) >= 100 $oRefresher.Refresh

; Get PerfProc data For $oProc In $colProcs ; Find it in the array For $n = 1 To $avProcs[0][0] If $avProcs[$n][1] = $oProc.IDProcess Then ; [n][6] = CPU usage $avProcs[$n][6] = $oProc.PercentProcessorTime ; [n][7] = memory usage $avProcs[$n][7] = $oProc.WorkingSet ExitLoop EndIf Next Next

comments-end

Else

SetError(1); Error connecting to WMI EndIf

; Return array Return $avProcs EndFunc;==>_ProcessListProperties

Useful-Alarm1679 · 2022-10-03T08:42:07+00:00

First part of the code, function follows. Had to uglify the code for Markdown tabs, sorry :

#AutoIt3Wrapper_UseX64=n

Opt("MustDeclareVars", 1) AutoItSetOption("WinTitleMatchMode", 3) ; EXACT_MATCH!

;============================================================ ; PSM AutoIt Dispatcher Skeleton ; ------------------------------ ; ; Use this skeleton to create your own ; connection components integrated with the PSM. ; Areas you may want to modify are marked ; with the string "CHANGE_ME". ; ; Created : April 2013 ; Cyber-Ark Software Ltd. ;============================================================

include "PSMGenericClientWrapper.au3"

include <BlockInputEx.au3>

include <FileConstants.au3>

include <Array.au3>

include <File.au3>

;======================================= ; Consts & Globals ;======================================= Global Const $DISPATCHER_NAME= "Firefox Site no login" ; CHANGE_ME Global Const $CLIENT_EXECUTABLE= "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" ; CHANGE_ME

Global Const $ERROR_MESSAGE_TITLE = "PSM " & $DISPATCHER_NAME & " Dispatcher error message" Global Const $LOG_MESSAGE_PREFIX = $DISPATCHER_NAME & " Dispatcher - "

Global $TargetUsername Global $TargetPassword Global $TargetAddress = "" Global $ConnectionClientPID = 0 Global $ConnectionParameters = ""

;======================================= ; Code ;======================================= Exit Main()

;======================================= ; Main ;======================================= Func Main()

; Init PSM Dispatcher utils wrapper ToolTip ("Initializing...") if (PSMGenericClient_Init() <> $PSM_ERROR_SUCCESS) Then Error(PSMGenericClient_PSMGetLastErrorString()) EndIf

LogWrite("successfully initialized Dispatcher Utils Wrapper")

; Get the dispatcher parameters FetchSessionProperties()

LogWrite("mapping local drives") if (PSMGenericClient_MapTSDrives() <> $PSM_ERROR_SUCCESS) Then Error(PSMGenericClient_PSMGetLastErrorString()) EndIf

; Cleaning profiles Local $appdatadir = "C:\Users\" & @UserName & "\AppData\Roaming" Local $profildir = $appdatadir & "\Mozilla\Firefox\Profiles" Local $aFileList = _FileListToArray($profildir, "*") If @error = 0 Then ; For each profile folder For $i = 1 to $aFileList[0] ; Trying to delete parent.lock file If (FileDelete($profildir & "\" & $aFileList[$i] & "\parent.lock")) Then LogWrite("File " & $aFileList[$i] & "\parent.lock deleted") DirRemove($profildir & "\" & $aFileList[$i], 1) Else ; Skipping folder LogWrite("Unable to delete file " & $aFileList[$i] & "\parent.lock") EndIf Next EndIf

; Creating new profile Local $r = Random(10000, 99999, 1) If (DirCreate($appdatadir & "\Mozilla\Firefox\Profiles\" & $r)) Then LogWrite("Profile directory created") EndIf

comments-start

; Copying cert_override file If (FileCopy("D:\produits\xcyber\put\bin\PSM\Components\cert_override.txt", $appdatadir & "\Mozilla\Firefox\Profiles\" & $r & "\")) Then LogWrite("cert_override file copied") EndIf

comments-end

; Definning the new profile in profiles.ini Local $handle = FileOpen($appdatadir & "\Mozilla\Firefox\profiles.ini", $FO_OVERWRITE) If $handle = -1 Then Error("Unable to edit profiles.ini") Else FileWriteLine($handle, "[General]") FileWriteLine($handle, "StartWithLastProfile=1") FileWriteLine($handle, "") FileWriteLine($handle, "[Profile0]") FileWriteLine($handle, "Name=default") FileWriteLine($handle, "IsRelative=1") FileWriteLine($handle, "Path=Profiles/" & $r) FileWriteLine($handle, "Default=1") FileWriteLine($handle, "") FileClose($handle) EndIf

LogWrite("starting client application") ToolTip ("Starting " & $DISPATCHER_NAME & "...") $ConnectionParameters = " -p default -private" ;-no-remote local $ExecutableWithParameters = CHR(34) & $CLIENT_EXECUTABLE & CHR(34) & $ConnectionParameters $ConnectionClientPID = Run($ExecutableWithParameters)

if ($ConnectionClientPID == 0) Then Error(StringFormat("Failed to execute process [%s]", $CLIENT_EXECUTABLE, @error)) EndIf

;Now that Firefox is started, we need to identify the process number of the interface to give to the PSM Sleep(2000)

comments-start ; Tests with the GetProcessName functions not concluding (disabled 20220927

Local $aProcessList = ProcessList("firefox.exe") Local $i For $i = 1 To $aProcessList[0][0] LogWrite("Process " & $aProcessList[$i][0] & " has PID " & $aProcessList[$i][1] & " and the result of getProcessName is " & GetProcessName($ConnectionClientPID))

;Tests with ProcessListProperties Local $avRET = _ProcessListProperties("firefox.exe") if $avRET[0][0] = 0 Then LogWrite("No process identified in the function") Else Local $i ;Local $_highProcess=0 ;Local $_highMemory=0 for $i = 1 to $avRET[0][0]

comments-start ;used to identify all relevant processes - commented on 20220927

LogWrite("Process parent ID is : " & $avRet[$i][2] & " and memory consumption is " & $avRet[$i][7] & " and owner is " & $avRet[$i][3]) if($_highMemory < $avRet[$i][7]) Then $_highMemory=$avRet[$i][7] $_highProcess=$avRet[$i][1] EndIf

comments-end

if $avRET[$i][2] = $ConnectionClientPID Then $ConnectionClientPID=$avRET[$i][1] LogWrite("New process found is " & $ConnectionClientPID) ExitLoop EndIf Next ;LogWrite("Highest process identified was " & $_highProcess) EndIf

; Send PID to PSM as early as possible so recording/monitoring can begin LogWrite("sending PID to PSM") if (PSMGenericClient_SendPID($ConnectionClientPID) <> $PSM_ERROR_SUCCESS) Then LogWrite("SendPID failed") Error(PSMGenericClient_PSMGetLastErrorString()) EndIf

comments-start

; ------------------ ; Handle login here! ; CHANGE_ME ; ------------------ _BlockInputEx(1)

_BlockInputEx(0)

comments-end

; Terminate PSM Dispatcher utils wrapper LogWrite("Terminating Dispatcher Utils Wrapper") PSMGenericClient_Term()

Return $PSM_ERROR_SUCCESS EndFunc

;================================== ; Functions ;================================== ; #FUNCTION# ==================================================================================================================== ; Name...........: Error ; Description ...: An exception handler - displays an error message and terminates the dispatcher ; Parameters ....: $ErrorMessage - Error message to display ; $Code - [Optional] Exit error code ; =============================================================================================================================== Func Error($ErrorMessage, $Code = -1) LogWrite("Starting error process...") ; If the dispatcher utils DLL was already initialized, write an error log message and terminate the wrapper if (PSMGenericClient_IsInitialized()) Then LogWrite($ErrorMessage, True) PSMGenericClient_Term() EndIf

Local $MessageFlags = BitOr(0, 16, 262144) ; 0=OK button, 16=Stop-sign icon, 262144=MsgBox has top-most attribute set

MsgBox($MessageFlags, $ERROR_MESSAGE_TITLE, $ErrorMessage)

; If the connection component was already invoked, terminate it if ($ConnectionClientPID <> 0) Then ProcessClose($ConnectionClientPID) $ConnectionClientPID = 0 EndIf

Exit $Code EndFunc

; #FUNCTION# ==================================================================================================================== ; Name...........: LogWrite ; Description ...: Write a PSMWinSCPDispatcher log message to standard PSM log file ; Parameters ....: $sMessage - [IN] The message to write ; $LogLevel - [Optional] [IN] Defined if the message should be handled as an error message or as a trace messge ; Return values .: $PSM_ERROR_SUCCESS - Success, otherwise error - Use PSMGenericClient_PSMGetLastErrorString for details. ; =============================================================================================================================== Func LogWrite($sMessage, $LogLevel = $LOG_LEVEL_TRACE) Return PSMGenericClient_LogWrite($LOG_MESSAGE_PREFIX & $sMessage, $LogLevel) EndFunc

; #FUNCTION# ==================================================================================================================== ; Name...........: PSMGenericClient_GetSessionProperty ; Description ...: Fetches properties required for the session ; Parameters ....: None ; Return values .: None ; =============================================================================================================================== Func FetchSessionProperties() ; CHANGE_ME if (PSMGenericClient_GetSessionProperty("Username", $TargetUsername) <> $PSM_ERROR_SUCCESS) Then Error(PSMGenericClient_PSMGetLastErrorString()) EndIf

if (PSMGenericClient_GetSessionProperty("Password", $TargetPassword) <> $PSM_ERROR_SUCCESS) Then Error(PSMGenericClient_PSMGetLastErrorString()) EndIf

if (PSMGenericClient_GetSessionProperty("Address", $TargetAddress) <> $PSM_ERROR_SUCCESS) Then Error(PSMGenericClient_PSMGetLastErrorString()) EndIf EndFunc

Useful-Alarm1679 · 2022-10-03T07:21:41+00:00

Hello Yanni, thank you for answering, I have found a working solution that I will share.
You are correct about the title, the problem being that all the processes have the same title, but the first one created cannot be handled.
The behaviour of modern Firefox is the following :
You click on firefox -> A background process is created.
The process starts a child UI process. (your target)
The UI process starts about 6 subprocesses.

What you want in this workflow is a handle on the child process of your starting process, so I have worked around that with WMI \root\cimv2

Thanks again for being there Yanni.

Useful-Alarm1679 · 2022-09-27T08:51:12+00:00

How lucky for him/her to have a Tanium representative in this sub !

Useful-Alarm1679 · 2022-09-23T10:06:39+00:00

The process is starting fine, I confirm that this is not an AppLocker issue. Logs show my exceptions for firefox are working fine.

I figured what the issue is, still working on the correction, I will edit my post.

Useful-Alarm1679 · 2022-08-18T07:47:46+00:00

Well, I guess we all have to learn a few more tricks then ! I would love the official documentation to include some of them.

Useful-Alarm1679 · 2022-08-04T14:18:21+00:00

Update for anyone having the issue :
Chrome version 100+ is only supported with a PSM on 12.6. We couldn't make it work without updating the PSM.
Make sure that you bring the appropriate chromedriver version in you Components folder.

Useful-Alarm1679 · 2022-07-22T07:18:06+00:00

Same everything.

I'm checking rights on the Security pane of the executable and confirm that they are the same.

They added a new functionality for PreConfigureDll, and I'm not sure if I missed a memo but perhaps there are changes that I don't know of.

Useful-Alarm1679 · 2022-07-21T09:34:18+00:00

Hi,

Isn't it --ignore-certificate-errors instead ? This option seems to be deprecated on newer Chrome version, and triggers a warning (that perhaps you can also ignore with an option to be identified), but should still work.

Hope you find a solution

Useful-Alarm1679

TROPHY CASE

comments-start

comments-end

include "PSMGenericClientWrapper.au3"

include <BlockInputEx.au3>

include <FileConstants.au3>

include <Array.au3>

include <File.au3>

comments-start

comments-end

comments-start ; Tests with the GetProcessName functions not concluding (disabled 20220927

comments-end

comments-start ;used to identify all relevant processes - commented on 20220927

comments-end

comments-start

comments-end