# Dot Source the CredMan script Set-Location 'C:\Program Files\Login VSI\Login PI Launcher\Connectors' . .\CredMan.ps1 # Defining credman vars $hostCredman = $Args[0] $usernameCredman = $Args[1] $passwordCredman = $Args[2] # Defining connector path $connectorPath = $Args[3] # Defining ccl vars $connectorArgs = @( $serverHostnameCCLParam = $Args[4] $serverHostnameCCLValue = $Args[5] $usernameCCLParam = $Args[6] $usernameCCLValue = $Args[7] $passwordCCLParam = $Args[8] $passwordCCLValue = $Args[9] $rdgatewayCCLAndCredmanParam = $Args[10] $rdgatewayCCLAndCredmanValue = $Args[11] $rdgatewayuserloginCCLAndCredmanParam = $Args[12] $rdgatewayuserloginCCLAndCredmanValue = $Args[13] $rdgatewayuserpasswordCCLAndCredmanParam = $Args[14] $rdgatewayuserpasswordCCLAndCredmanValue = $Args[15] $noWarningCCLParam = $Args[16] $rdusercredentialsCCLParam = $Args[17] $rdusercredentialsCCLValue = $Args[18] $rdbypasslocalCCLParam = $Args[19] $rdbypasslocalCCLValue = $Args[20] $rdlogonCCLParam = $Args[21] $rdlogonCCLValue = $Args[22] $rdgatewaymodeCCLParam = $Args[23] $rdgatewaymodeCCLValue = $Args[24] $loadbalanceinfoCCLParam = $Args[25] $loadbalanceinfoCCLValue = $Args[26] ) ######################################################################### # Checking admin rights before continuing Write-Host "Checking admin rights..." -Fore Magenta $currentUser = [Security.Principal.WindowsIdentity]::GetCurrent() $adminRights = ([Security.Principal.WindowsPrincipal] $currentUser ).IsInRole([Security.Principal.WindowsBuiltInRole] "Administrator") if ($adminRights -eq 'True') { Write-Host "`t You have Administrator rights. Continuing." -Fore Green } elseif ($adminRights -ne 'True') { Write-Host "`t You do not have Administrator rights. Please re-run as admin. Exiting." -Fore Yellow Start-Sleep -Seconds 5 Break } else { Write-Host "`t Failed to get security context. Exiting." -Fore Red Start-Sleep -Seconds 5 Break } ######################################################################### # If the 'Allow delegating saved credentials with NTLM-only server authentication' policy is not enabled; enabled it and reset values at the end of the script. Write-Host "Checking credential delegation policies on local server..." -Fore Magenta $regPath = 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\CredentialsDelegation' $regName = 'AllowSavedCredentialsWhenNTLMOnly' $actualValue = ((Get-ItemProperty -Path $regPath -Name $regName -ErrorAction SilentlyContinue)).$regName $desiredValue = '1' if ( $actualValue -eq $desiredValue ) { Write-Host "`t Local Policy: Credentials Delegation for NTLM is already enabled." -Fore Cyan } else { if ( !(Test-Path $regPath) ) { New-Item -Path $regPath -Verbose New-ItemProperty -Path $regPath -Name $regName -Value $regValue Write-Host "`t Local Policy: Credentials Delegation for NTLM was enabled." -Fore Green } else { Set-ItemProperty -Path $regPath -Name $regName -Value $regValue Write-Host "`t Local Policy: Credentials Delegation for NTLM was enabled." -Fore Green } } $regPath = 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\CredentialsDelegation\AllowSavedCredentialsWhenNTLMOnly' $regName = '1' $actualValue = ((Get-ItemProperty -Path $regPath -Name $regName -ErrorAction SilentlyContinue)).$regName $desiredValue = '*' if ( $actualValue -eq $desiredValue ) { Write-Host "`t Local Policy: Allow Saved Credentials for NTLM is already enabled." -Fore Cyan } else { if ( !(Test-Path $regPath) ) { New-Item -Path $regPath -Verbose New-ItemProperty -Path $regPath -Name $regName -Value $regValue Write-Host "`t Local Policy: Allow Saved Credentials for NTLM was enabled." -Fore Green } else { Set-ItemProperty -Path $regPath -Name $regName -Value $regValue Write-Host "`t Local Policy: Allow Saved Credentials for NTLM was enabled." -Fore Green } } ######################################################################### # Adding creds to local Windows Credentials store using CredMan.ps1 Write-Host "Checking stored credentials on local server..." -Fore Magenta # Check if Host credentials are in the Credential Store. If not import them. if ($null -eq (Enum-Creds -Filter $hostCredman) ) { Try { $null = Write-Creds -Target $hostCredman ` -UserName $usernameCredman ` -Password $passwordCredman ` -CredPersist LOCAL_MACHINE ` -CredType DOMAIN_PASSWORD $cleanupHostCreds = 'True' Write-Host "`t Imported Host credentials." -Fore Green } Catch { Write-Host "MESSAGE: $($Error[0].Exception.Message)" -Fore Red } } else { $cleanupHostCreds = 'False' Write-Host "`t Host credentials are already in the store." -Fore Cyan } # Check if Gateway credentials are in the Credential Store. If not import them. if ($null -eq (Enum-Creds -Filter $rdgatewayCCLAndCredmanValue) ) { Try { $null = Write-Creds -Target $rdgatewayCCLAndCredmanValue ` -UserName $rdgatewayuserloginCCLAndCredmanValue ` -Password $rdgatewayuserpasswordCCLAndCredmanValue ` -CredPersist LOCAL_MACHINE ` -CredType DOMAIN_PASSWORD $cleanupGwyCreds = 'True' Write-Host "`t Imported Gateway credentials." -Fore Green } Catch { Write-Host "MESSAGE: $($Error[0].Exception.Message)" -Fore Red } } else { Write-Host "`t Gateway credentials are already in the store." -Fore Cyan $cleanupGwyCreds = 'False' } # Get the Public DNS HostName $publicDnsHostName = ( [System.Net.Dns]::GetHostEntry($rdgatewayCCLAndCredmanValue) ).HostName # If the Public DNS HostName for the Gateway is different. Import that also. if ($publicDnsHostName -ne $rdgatewayCCLAndCredmanValue) { # Check if it is in the Credential Store. If not import it. if ($null -eq (Enum-Creds -Filter $publicDnsHostName) ) { Try { $null = Write-Creds -Target $publicDnsHostName ` -UserName $rdgatewayuserloginCCLAndCredmanValue ` -Password $rdgatewayuserpasswordCCLAndCredmanValue ` -CredPersist LOCAL_MACHINE ` -CredType DOMAIN_PASSWORD $cleanupAltGwyCreds = 'True' Write-Host "`t Imported alternate Gateway credentials." -Fore Green } Catch { Write-Host "MESSAGE: $($Error[0].Exception.Message)" -Fore Red } } else { Write-Host "`t Alternate Gateway credentials are already in the store." -Fore Cyan $cleanupAltGwyCreds = 'False' } ######################################################################### # Executing the connector and waiting for it to complete foreach($arg in $args[4 .. ($args.length-1)]) { $connectorArgs += '"'+$arg+'"' } Start-Process -FilePath $connectorPath -ArgumentList $connectorArgs -Wait ######################################################################### # Removing the cached Windows Credentials Write-Host "Cleaning up any added credentials..." -Fore Magenta if ($cleanupHostCreds = 'True') { $null = Del-Creds -Target $hostCredman -CredType DOMAIN_PASSWORD -ErrorAction SilentlyContinue Write-Host "`t Removed Host credentials." -ForegroundColor Green } if ($cleanupGwyCreds = 'True') { $null = Del-Creds -Target $rdgatewayCCLAndCredmanValue -CredType DOMAIN_PASSWORD -ErrorAction SilentlyContinue Write-Host "`t Removed Gateway credentials." -ForegroundColor Green } if ($cleanupAltGwyCreds = 'True') { $null = Del-Creds -Target $publicDnsHostName -CredType DOMAIN_PASSWORD -ErrorAction SilentlyContinue Write-Host "`t Removed alternate Gateway credentials." -ForegroundColor Green } Write-Host "Finished!" -Fore Magenta Start-Sleep -Seconds 5 EXIT