CPS - bulk import of local account for all systems?
08-25-2017 09:43 AM
We want to use CPS to manage the local administrator account password for all of our Windows endpoints. After running discovery and importing the endpoints into CPS, is there a way to add the local administrator account to each system in bulk, rather than drilling into each system one at a time and manually adding the account? Given the number of endpoints we have, it would be infeasible to do it manually. Thanks in advance for any guidance.
08-25-2017 03:42 PM
Welcome back to the community.
You can import Users and Systems in bulk with our import option. This uses an excel csv document to upload your user information into Infrastructure Service (Formerly known as Privilege Service).
Download the csv template to get started.
In here you may add the Administrator account for each System followed by the password and various other settings.
If you would like to get a list of all the Windows Systems in your environment feel free to create a simple SQL query in the Reports section under Core Services.
For example here is a query to retrieve all Systems in CPS that are of a Windows OS:
SELECT FQDN FROM Server WHERE (OperatingSystem LIKE 'Windows%')
After completing the query you will have the option to export the information and easily add it to your server import sheet.
Please refer to the following documentation for details on each column and format:
08-28-2017 10:24 PM
Thank you for pointing me in the right direction! I'm able to import multiple systems and their local administrator accounts in bulk using the CSV file template, which is exactly what I was looking for.
When I run the import process, the report email I receive indicates that all rows of the CSV file failed the import due to "invalid account credentials." But all computers and accounts do show up in Infrastructure | Systems, and from the portal I'm able to log in to each system with its local administrator account. However, I cannot rotate or update the password for those accounts -- I get the same "invalid account credentials" error. Any thoughts on what may be causing this?
And BTW, I did set all accounts to be managed, so I should be able to rotate/update the passwords through the portal.
08-30-2017 04:50 PM
The error message, "Invalid account credentials" indicates we were unable to verify the password with the password that is currently registered to the System.
The "Update Password" option is intended to be used if the password was changed on the system or domain and is now out of sync with the password stored in Centrify. In this scenario, one could login and update the password so it matches that of the system or domain. This feature is available for both managed and un-managed accounts. With that being said, I would expect this option to fail as the password in not out of sync.
To get a better idea of what is causing the issue can you try adding an account using the GUI in the portal for one of the systems. Does this account also expeirence issues with rotating?
Rather than speculate, I would like you to engage our knowledgeable support staff and open a Support Ticket (email@example.com) so we can look into this more deeply.