v7.0.242

psPAS v7.0.242

v7.0.232

psPAS v7.0.232

[7.0.232]

Added

• N/A

Updated

• Tests updated for latest module commands
• Applies a general code format update across module functions ensuring consistency.

Fixed

• Add-PASSafeMember & Set-PASSafeMember
  • Resolves issue introduced in previous release where, when adding or setting safe permissions in a loop, the loop could break preventing completion fo the task.
  • Thanks Slasky86!!
• Get-PASDependentAccount
  • Fixes result pagination to ensure all results are returned on command execution.
  • Fixes incorrect filter string being used for request in certain circumstances.
• Set-PASPTASMTP
  • Fixes validation logic when specifying parameter values from the pipeline
• Get-PASAccount
  • Ensures dynamic parameters are only presented for Self-Hosted users.
  • Thanks JP-Consulting!!!
• Get-PASAccountSearchProperty
  • Enforces command to only be able to be run against self-hosted solutions.
• Get-PASPTASecurityConfigurationCategory
  • Fixes issue where URI for request may not be set on command execution.

v7.0.209

psPAS v7.0.209

7.0

Special shout out to JP-Consulting for the help on this release

Update includes almost all updates for the 14.2, 14.4 & 14.6 CyberArk Self-Hosted Releases

Added

• Enable-PASTheme
  • New 14.6 command to activate a custom UI theme
  • Thanks JP-Consulting!!!
• Remove-PASTheme
  • New 14.6 command to delete a custom UI theme
  • Thanks JP-Consulting!!!
• Import-PASThemeImage
  • New 14.6 command to import an image to use in a custom UI theme
• Export-PASThemeImage
  • New 14.6 command to export an image used in a custom UI theme
• Reset-PASTheme
  • New 14.6 command to reset the UI theme to default
• Publish-PASTheme
  • New 14.6 command to change the draft status of a custom UI theme
• Get-PASTheme
  • New 14.6 command to return details of custom UI themes
• New-PASTheme
  • New 14.6 command to create a new custom UI theme
• Set-PASTheme
  • New 14.6 command to update a custom UI theme
• Get-PASStoredPlatform
  • New 14.6 command to get details of platforms stored in memory for import
• Remove-PASStoredPlatform
  • New 14.6 command to delete a stored platform from memory
• Get-PASUserLicenseReport
  • Returns information about usage of Privilege Cloud user licenses
• Get-PASReport
  • New 14.6 command to list reports available to your user
• Get-PASReportSchedule
  • New 14.6 command to list report schedules
• New-PASReportSchedule
  • New 14.6 command to create a scheduled report
• Export-PASReport
  • New 14.6 command to export an available report
• Remove-PASUserAllowedAuthenticationMethod
  • New 14.4 command to remove allowed authentication methods from multiple users in a single request
• Add-PASUserAllowedAuthenticationMethod
  • New 14.4 command to add allowed authentication methods to multiple users in a single request
• Remove-PASFIDO2Device
  • New 14.6 command to remove a configured FIDO2 device from a user
  • Thanks JP-Consulting!!!
• Get-PASMasterPolicy
  • New 14.6 command to list Master Policy settings
• Set-PASMasterPolicy
  • New 14.6 command to update Master Policy settings
• Remove-PASDependentAccount
  • New 14.6 command to delete dependent accounts
• Resume-PASDependentAccount
  • New 14.6 command to resume password management of dependent accounts
  • Thanks JP-Consulting!!!
• Get-PASDependentAccount
  • New 14.6 command to list details of dependent accounts
• Sync-PASDependentAccount
  • New 14.6 command to synchronise the password of a dependent account with its master account
  • Thanks JP-Consulting!!!
• Set-PASDependentAccount
  • New 14.6 command to update a dependent account
• Add-PASDependentAccount
  • New 14.6 command to add a new dependent account
• Remove-PASPTASecurityConfigurationProperty
  • New 14.6 command to delete PTA security configuration properties
  • Thanks JP-Consulting!!!
• Reset-PASPTASecurityConfigurationProperty
  • New 14.6 command to reset PTA security configuration properties
  • Thanks JP-Consulting!!!
• Reset-PASPTASecurityConfigurationCategory
  • New 14.6 command to reset PTA security configuration categories
  • Thanks JP-Consulting!!!
• Get-PASPTASecurityConfigurationCategory
  • New 14.6 command to return PTA security configuration categories
  • Thanks JP-Consulting!!!
• Add-PASPTASyslog
  • New 14.6 command to add a new syslog configuration to PTA
  • Thanks JP-Consulting!!!
• Remove-PASPTASyslog
  • New 14.6 command to remove a syslog configuration from PTA
  • Thanks JP-Consulting!!!
• Set-PASPTASMTP
  • New 14.4 command to add a new SMTP configuration to PTA
  • Thanks JP-Consulting!!!
• Get-PASAccountSearchProperty
  • New 14.6 command to list configured search properties

Updated

• Add-PASSafeMember
  • Updated to include permission pre-sets to match functionality available via PVWA
  • Thanks Slasky86!!
• Set-PASSafeMember
  • Updated to include permission pre-sets to match functionality available via PVWA
  • Thanks Slasky86!!
• Get-PASAccount
  • Updated to handle new quoting model for filter operations in version 14.6
  • Adds dynamic search properties to the filter parameters list
  • Thanks JP-Consulting!!!
• Add-PASAccount
  • Added AllowAccountDuplications parameter, which works in conjunction with the 14.6 AccountDuplicationEnforcementLevel setting
• Import-PASPlatform
  • New parameter sets added to support updating existing platforms and side-by-side imports
• New-PASDirectoryMapping, Set-PASDirectoryMapping
  • Added the allowedAuthenticationMethods parameter
  • Thanks JP-Consulting!!!
• New-PASUser, Set-PASUser
  • Added the allowedAuthenticationMethods parameter
  • Thanks JP-Consulting!!!
• Get-PASComponentSummary
  • Now includes vault replication data in command output
  • Thanks JP-Consulting!!!
• Approve-PASRequest
  • Adds support for bulk approvals using a single request
• Deny-PASRequest
  • Adds support for bulk rejections using a single request
• New-PASAccountPassword
  • Updated to include additional error checking
• New-PASAccountObject
  • Updated to create formatted objects for Dependent Account operations
• Get-PASSafe
  • Fixed issue with incorrectly defined sort parameter
  • Adds sortDirection parameter to enable ascending or descending sort of safes by SafeName or Managing CPM
• Script Methods
  • ToCredential()
    • Available on password objects
    • Allows password values returned from the API to be converted to Credential objects
  • GetPermissions()
    • Available on Safe Member objects
    • Enables conversion of safe ACL to hashtable which can be used to splat against Add-PASSafeMember & Set-PASSafeMember
  • ToHashtable()
    • Available on Account objects.
    • Converts an Account object to a hashtable so that it can be splatted against Add-PASAccount
• Various corrections to help file contents

Fixed

• Get-PASSAMLResponse
  • Fixes a responsibly disclosed security vulnerability where TLS 1.2 was not enforced when a value for the SAMLResponse parameter was not provided to the New-PASSession command when using the Gen2SAML ParameterSet.
  • Much Respect to Cristian Gaber for highlighting this to us.
• Get-PASAccountPassword
  • Fixes a parsing issue that could affect password values returned from the command.
  • Thanks ChristopherRanney!!
• Add-PASPublicSSHKey, Get-PASPublicSSHKey, Remove-PASPublicSSHKey
  • Corrects the URLs used by the commands
  • Thanks JP-Consulting!!!

v6.4.85

psPAS v6.4.85

[6.4.85]

Added

• N/A

Updated

• N/A

Fixed

• Set-PASUser
  • Adds logic to not attempt conversion to unix time if expiry date is not a valid datetime object, this resolves an issue where an error was raised when updating an account with an existing value for the expirydate property
  • Adds logic to not apply time zone offset when specifying Unix epoch time to remove an expiry date from an account which could previously result in an invalid time value in non-GMT time zones.

v6.4.80

psPAS v6.4.80

6.4.80

Includes a general update across multiple module commands to ensure commands which are specific to self-hosted implementations are not able to be run against Privilege Cloud, and any commands which are specific to Privilege Cloud are not able to be run against a Self-Hosted solution.

Added

• Get-PASIPAllowList
  • Privilege Cloud only command to show IP Allow List
• Set-PASIPAllowList
  • Privilege Cloud only command to set IP Allow List
• Get-PASBYOKConfig
  • Privilege Cloud only command to show BYOK Config
• Publish-PASDiscoveredLocalAccount
  • Privilege Cloud only command to publish discovered local account
• Get-PASDiscoveredLocalAccountActivity
  • Privilege Cloud only command to show discovered local account activity
• Get-PASDiscoveredLocalAccount
  • Privilege Cloud only command to show local discovered account details
• Clear-PASDiscoveredLocalAccount
  • Privilege Cloud only command to delete all discovered local accounts from the Pending Accounts list.
• Add-PASDiscoveredLocalAccount
  • Privilege Cloud only command to add a specific local account to the Discovered Accounts list
• Remove-PASDiscoveredLocalAccount
  • Privilege Cloud only command to remove a local account from the Discovered Accounts list

Updated

• Invoke-PASRestMethod
  • Improvements to error handling

Fixed

• Get-PASPSMRecording
  • Fixes result paging issue
• Get-PASPSMSession
  • Fixes result paging issue

v6.3.78

psPAS v6.3.78

Added

• N/A

Updated

• Get-PASPSMRecording
  • In-line with PVWA default operation:
    • Changed the default limit for each page of results to 100, in-line with PVWA default values
    • Updated to return recordings from the last 48 hours by default when FromTime & ToTime parameters are not specified.
  • When specifying ToTime without FromTime, recordings from the 48 hours before ToTime are returned.
    • This avoids potential for unintentionally long running queries which return details of many recording from the vault.
• Set-PASUser
  • Updated to query for, and send, any existing user properties, which are not being specifically updated, with the request.
    • Previously, due to the PUT operation used by the API, any properties not specified in a request would be cleared on the user object.
    • This update allows single properties to be updated without having to specify all properties.
  • Allows Empty argument for unAuthorizedInterfaces & vaultAuthorization parameters to enable set values to be cleared.
  • Corrects ValidateSet for unAuthorizedInterfaces parameter.
• Set-PASSafe
  • Updated to query for, and send, any existing properties, which are not being specifically updated, with the request.
    • Previously, due to the PUT operation used by the API, any properties not specified in a request would be cleared on the object.
    • This update allows single properties to be updated without having to specify all properties.
• Set-PASOpenIDConnectProvider
  • Updated to query for, and send, any existing properties, which are not being specifically updated, with the request.
    • Previously, due to the PUT operation used by the API, any properties not specified in a request would be cleared on the object.
    • This update allows single properties to be updated without having to specify all properties.
    • Number of mandatory parameters required to be specified has been reduced
• Set-PASPTARule
  • Updated to query for, and send, any existing properties, which are not being specifically updated, with the request.
    • Previously, due to the PUT operation used by the API, any properties not specified in a request would be cleared on the object.
    • This update allows single properties to be updated without having to specify all properties.
    • Number of mandatory parameters required to be specified has been reduced
• Set-PASDirectoryMapping
  • Updated to query for, and send, any existing properties, which are not being specifically updated, with the request.
    • Previously, due to the PUT operation used by the API, any properties not specified in a request would be cleared on the object.
    • This update allows single properties to be updated without having to specify all properties.
    • Number of mandatory parameters required to be specified has been reduced
• New-PASOnboardingRule
  • Reordered parameters to simplify tab completion options
• Set-PASOnboardingRule
  • Updated to query for, and send, any existing properties, which are not being specifically updated, with the request.
    • Previously, due to the PUT operation used by the API, any properties not specified in a request would be cleared on the object.
    • This update allows single properties to be updated without having to specify all properties.
    • Number of mandatory parameters required to be specified has been reduced
• Set-PASPlatformPSMConfig
  • Updated to query for, and send, any existing properties, which are not being specifically updated, with the request.
    • Previously, due to the PUT operation used by the API, any properties not specified in a request would be cleared on the object.
    • This update allows single properties to be updated without having to specify all properties.
    • Number of mandatory parameters required to be specified has been reduced
• Set-PASSafeMember
  • Updated to query for, and send, any existing properties, which are not being specifically updated, with the request.
    • Previously, due to the PUT operation used by the API, any properties not specified in a request would be cleared on the object.
    • This update allows single properties to be updated without having to specify all properties.
• New-PASUser
  • In-line with update to Set-PASUser
    • Allows Empty argument for unAuthorizedInterfaces & vaultAuthorization parameters.
    • Corrects ValidateSet for unAuthorizedInterfaces parameter.
• Get-PASComponentDetail
  • Adds assertion that command specifying PTA component must be executed against a self hosted implementation as invocation against privilege cloud is not supported.
• Add-PASAccountACL
  • Adds assertion that command must be executed against a self hosted implementation as invocation against privilege cloud is not supported.
• Get-PASAccountACL
  • Adds assertion that command must be executed against a self hosted implementation as invocation against privilege cloud is not supported.
• Remove-PASAccountACL
  • Adds assertion that command must be executed against a self hosted implementation as invocation against privilege cloud is not supported.
• Invoke-PASCPMOperation
  • Adds assertion that Gen1 verify task must be executed against a self hosted implementation as invocation against privilege cloud is not supported.
• Set-PASAccount
  • Adds assertion that Gen1 task must be executed against a self hosted implementation as invocation against privilege cloud is not supported.
• Close-PASSession
  • Adds assertion that Shared Authentication logoff request is executed against a self hosted implementation as invocation against privilege cloud is not supported.
• New-PASSession
  • Adds assertion that Shared Authentication logon request is executed against a self hosted implementation as invocation against privilege cloud is not supported.
• Add-PASPolicyACL
  • Adds assertion that command must be executed against a self hosted implementation as invocation against privilege cloud is not supported.
• Get-PASPolicyACL
  • Adds assertion that command must be executed against a self hosted implementation as invocation against privilege cloud is not supported.
• Remove-PASPolicyACL
  • Adds assertion that command must be executed against a self hosted implementation as invocation against privilege cloud is not supported.
• Remove-PASSafeMember
  • Adds assertion that command using Gen1 parameters must be executed against a self hosted implementation as invocation against privilege cloud is not supported.
• Assert-VersionRequirement
  • Updates helper function to provide ability to assert if command is being run against self-hosted or privilege cloud implementation.

Fixed

• N/A

v6.2.68

psPAS v6.2.68

6.2.68

Introducing enhancements to psPAS session related data.

Using the Get-PASSession command, users of the module can now get data on session start time, elapsed time since authentication as well as details of the last command run, the raw results returned from the api, as well as any detail of the last error which may have been received during the session.

This update makes troubleshooting API commands and expected results much easier from both an end user and module support perspective.

PS> Get-PASSession

Name                           Value
----                           -----
BaseURI                        https://sometenant.privilegecloud.cyberark.cloud/PasswordVault
User                           someuser@cyberark.cloud.1312
ExternalVersion                14.0.0
WebSession                     Microsoft.PowerShell.Commands.WebRequestSession
StartTime                      20/02/2024 18:14:01
ElapsedTime                    00:04:03
LastCommand                    System.Management.Automation.InvocationInfo
LastCommandTime                20/02/2024 18:18:03
LastCommandResults             {"Users":[{"id":26,"username":"[email protected]","source":"CyberArk","userType":"SomeType",...
LastError                      {"ErrorCode":"PASWS041E","ErrorMessage":"You are not authorized to perform this action."}
LastErrorTime                  20/02/2024 18:13:12

To realise this update, lots of module wide changes to all module commands have been required; while no change to the general operation of the psPAS module should be noticed - do raise an issue if something does not appear correct.

Added

• N/A

Updated

• Get-PASSession
  • makes additional information available to users running the command
    • authentication time
    • session length
    • last command and result data
    • last error details
• New-PASPSMSession
  • RDP and PSMGW connections will be automatically opened when issuing connection request.
• New-PASSession
  • Adds logic around getting the logged on user name for either self-hosted or privilege cloud deployments
• PSM Session Data Formats
  • Adds Start & End to standard table view output
  • Formats Start & End as standard datetime instead of unixtime.

Fixed

• Add-PASGroupMember,Remove-PASGroup,Set-PASGroup
  • Standardises name of ID parameter.
  • Adds GroupID alias to ID parameter.

v6.1.62

psPAS v6.1.62

6.1.62

Added

• N/A

Updated

• Get-PASPSMRecording
  • Removes Offset Parameter
  • Updates FromTime & ToTime parameters to [datetime] types
  • Returns all pages of results instead of only the first page of results
• Get-PASPSMSession
  • Removes Offset Parameter
  • Updates FromTime & ToTime parameters to [datetime] types
  • Returns all pages of results instead of only the first page of results
• Get-PASAccount
  • Removes Offset Parameter
• Get-PASDiscoveredAccount
  • Removes Offset Parameter

Fixed

• Get-PASSession
  • Removes UserName from command output, avoiding error condition on expired session.
• Get-PASPlatform
  • Adds search parameter to the default targets parameterset
• ISPSS Error Handling
  • Fixes issue where error returned from ISPSS solution may not be handled properly

v6.1.50

psPAS v6.1.50

Module update to cover all CyberArk 14.0 API features

Added

• New commands supported from 14.0:
  • Add-PASPTAExcludedTarget
  • Add-PASPTAIncludedTarget
  • Add-PASPTAPrivilegedGroup
  • Add-PASPTAPrivilegedUser
  • Get-PASPTAExcludedTarget
  • Get-PASPTAIncludedTarget
  • Get-PASPTAPrivilegedGroup
  • Get-PASPTAPrivilegedUser
  • Remove-PASPTAExcludedTarget
  • Remove-PASPTAIncludedTarget
  • Remove-PASPTAPrivilegedGroup
  • Remove-PASPTAPrivilegedUser
• Get-PASLinkedGroup
  • New experimental command based on undocumented API.

Updated

• Get-PASAccountActivity
  • Adds Gen2 replacement for deprecated Gen1 API.
  • Updates default operation to target Gen2 API.
• Get-PASPTARiskEvent
  • New filter parameters FromTime & ToTime
  • Fixes output and result paging
• Set-PASPTARiskEvent
  • New parameters closeReason & reasonText
  • General Fixes
• New-PASDirectoryMapping
  • New parameters UsedQuota, AuthorizedInterfaces & EnableENEWhenDisconnected
• Set-PASDirectoryMapping
  • New parameters UsedQuota, AuthorizedInterfaces & EnableENEWhenDisconnected

Fixed

• Invoke-PASRestMethod
  • Avoids potential error condition when handling errors in ISPSS environments

v6.0.30

psPAS v6.0.30

Added

• N/A

Updated

• Add-PASPTARule & Set-PASPTARule
  • Adds scope parameters vaultUsersMode, vaultUsersList, machinesMode & machinesList
  • Includes scope property in output by default

Fixed

• Add-PASApplication
  • Updates date format of ExpirationDate to MM/dd/yyyy. Resolves issue observed when sending date format of MM-dd-yyyy
• Set-PASPTAEvent & Set-PASPTARiskEvent
  • Fixes issue where websession object and auth header were not being sent with the request