CyberArk Free Tool Usage - PAS Reporter - NETSEC

Latest

Learning, Sharing, Creating

Cybersecurity Memo

Tuesday, June 16, 2020

CyberArk Free Tool Usage - PAS Reporter

The PAS Reporter allows you to conveniently generate reports about your CyberArk PAS implementation. The tool can provide helpful insights and information by analyzing Export Vault Data (EVD) exports, configuration files, and Vault trace files. PAS Reporter Implementation Guide is not clear how to use it step by step. Just to make my life easier in the future, here are steps I used to run this reporter. 


Download and Extract it


Put downloaded file to one of your CyberArk machines which is allowed to connect to Vault



Enable Auditor user and change password






Create User.ini cred file



C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>createcredfile user.ini
Vault Username [administrator] ==> auditor
Vault Password (will be encrypted in credential file) ==> *********
Disable wait for DR synchronization before allowing password change (yes/no) [No
] ==>
External Authentication Facility (LDAP/Radius/No) [No] ==>
Restrict to Application Type [optional] ==>
Restrict to Executable Path [optional] ==>
Restrict to current machine IP (yes/no) [No] ==>
Restrict to current machine hostname (yes/no) [No] ==>
Restrict to OS User name [optional] ==>
Display Restrictions in output file (yes/no) [No] ==>
Use Operating System Protected Storage for credentials file secret (Machine/User
/No) [No] ==>
Command ended successfully


Run "01 Retrieve EVD exports.cmd"




C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>exportVaultDat
a.exe \VaultFile="Vault.ini" \CredFile="User.ini" \Target=FILE \FilesList="EVD e
xports\FilesList.csv" \OwnersList="EVD exports\OwnersList.csv" \SafesList="EVD e
xports\SafesList.csv" \GroupsList="EVD exports\GroupsList.csv" \GroupMembersList
="EVD exports\GroupMembersList.csv" \UsersList="EVD exports\UsersList.csv" \Obje
ctProperties="EVD exports\ObjectProperties.csv" \MasterPolicySettings="EVD expor
ts\MasterPolicySettings.csv" \LogList="EVD exports\LogList.csv" \LogNumOfDays=90


C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>PAUSE
Press any key to continue . . .

C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>






Run "02 Retrieve configuration files.cmd"

Using auditor account will not be able to get you retrieve all those configuration files. You will need to use administrator account also added it to Auditors group.



C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>createcredfile
 user.ini
Vault Username [administrator] ==>
Vault Password (will be encrypted in credential file) ==> *********
Disable wait for DR synchronization before allowing password change (yes/no) [No
] ==>
External Authentication Facility (LDAP/Radius/No) [No] ==>
Restrict to Application Type [optional] ==>
Restrict to Executable Path [optional] ==>
Restrict to current machine IP (yes/no) [No] ==>
Restrict to current machine hostname (yes/no) [No] ==>
Restrict to OS User name [optional] ==>
Display Restrictions in output file (yes/no) [No] ==>
Use Operating System Protected Storage for credentials file secret (Machine/User
/No) [No] ==>
Command ended successfully




C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>REM ### Create folder for configuration files 

C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>IF NOT EXIST "Configuration files" MKDIR "Configuration files" 

C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>REM If PACLI is crashing, it can help to reboot the machine. Crashes can happen sometimes particularly on virtual machines if they were suspended, paused, or restored from snapshots for instance. 

C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>REM Please make sure that the user has permissions on the PasswordManagerShared safe, PVWAConfig safe, System safe, and the PasswordManager_Pending safe 

C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>REM The Vault name must match the Vault name that is set in the Vault.ini file 

C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>REM ### Export platform policy files, the Policies.xml file, files the System safe, and then pending accounts list 

C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>SET VAULT="VAULT" 

C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>SETLOCAL ENABLEDELAYEDEXPANSION 

C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>SETLOCAL

C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>SET /a RANDOM=(30161*1000/32768)+1 

C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>PACLI INIT SESSIONID=921 

C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>PACLI DEFINEFROMFILE VAULT="VAULT" PARMFILE="Vault.ini" SESSIONID=921 

C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>PACLI LOGON VAULT="VAULT" User="" LOGONFILE="User.ini" SESSIONID=921 


C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>PACLI OPENSAFE VAULT="VAULT" User="" SAFE="PasswordManagerShared" SESSIONID=921 


C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>PACLI FINDFILES FILEPATTERN="*.ini" INCLUDEVERSIONS=No INCLUDESUBFOLDERS=No DELETEDOPTION=WITHOUT_DELETED VAULT="VAULT" User="" SAFE="PasswordManagerShared" FOLDER="Root\Policies" Output(Name) SESSIONID=921 1>TMP 

C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>FOR /F "delims=" %a in (TMP) do (PACLI RETRIEVEFILE VAULT="VAULT" User="" SAFE="PasswordManagerShared" FOLDER="Root\Policies" FILE=%a LOCALFOLDER="Configuration files" LOCKFILE=NO EVENIFLOCKED=YES LOCALFILE=%a SESSIONID=921 ) 

C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>(PACLI RETRIEVEFILE VAULT="VAULT" User="" SAFE="PasswordManagerShared" FOLDER="Root\Policies" FILE=Policy-51Sec-CyberArkVault.ini LOCALFOLDER="Configuration files" LOCKFILE=NO EVENIFLOCKED=YES LOCALFILE=Policy-51Sec-CyberArkVault.ini SESSIONID=921 ) 

C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>(PACLI RETRIEVEFILE VAULT="VAULT" User="" SAFE="PasswordManagerShared" FOLDER="Root\Policies" FILE=Policy-51Sec-GenericWebSites.ini LOCALFOLDER="Configuration files" LOCKFILE=NO EVENIFLOCKED=YES LOCALFILE=Policy-51Sec-GenericWebSites.ini SESSIONID=921 ) 

C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>(PACLI RETRIEVEFILE VAULT="VAULT" User="" SAFE="PasswordManagerShared" FOLDER="Root\Policies" FILE=Policy-51Sec-UnixviaSSH.ini LOCALFOLDER="Configuration files" LOCKFILE=NO EVENIFLOCKED=YES LOCALFILE=Policy-51Sec-UnixviaSSH.ini SESSIONID=921 ) 

C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>(PACLI RETRIEVEFILE VAULT="VAULT" User="" SAFE="PasswordManagerShared" FOLDER="Root\Policies" FILE=Policy-51secWindowsDomainAccounts.ini LOCALFOLDER="Configuration files" LOCKFILE=NO EVENIFLOCKED=YES LOCALFILE=Policy-51secWindowsDomainAccounts.ini SESSIONID=921 ) 

C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>(PACLI RETRIEVEFILE VAULT="VAULT" User="" SAFE="PasswordManagerShared" FOLDER="Root\Policies" FILE=Policy-AS400.ini LOCALFOLDER="Configuration files" LOCKFILE=NO EVENIFLOCKED=YES LOCALFILE=Policy-AS400.ini SESSIONID=921 ) 

C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>(PACLI RETRIEVEFILE VAULT="VAULT" User="" SAFE="PasswordManagerShared" FOLDER="Root\Policies" FILE=Policy-AWS.ini LOCALFOLDER="Configuration files" LOCKFILE=NO EVENIFLOCKED=YES LOCALFILE=Policy-AWS.ini SESSIONID=921 ) 

C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>(PACLI RETRIEVEFILE VAULT="VAULT" User="" SAFE="PasswordManagerShared" FOLDER="Root\Policies" FILE=Policy-AWSAccessKeys.ini LOCALFOLDER="Configuration files" LOCKFILE=NO EVENIFLOCKED=YES LOCALFILE=Policy-AWSAccessKeys.ini SESSIONID=921 ) 

C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>(PACLI RETRIEVEFILE VAULT="VAULT" User="" SAFE="PasswordManagerShared" FOLDER="Root\Policies" FILE=Policy-AzureApplicationKeys.ini LOCALFOLDER="Configuration files" LOCKFILE=NO EVENIFLOCKED=YES LOCALFILE=Policy-AzureApplicationKeys.ini SESSIONID=921 ) 

C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>(PACLI RETRIEVEFILE VAULT="VAULT" User="" SAFE="PasswordManagerShared" FOLDER="Root\Policies" FILE=Policy-AzurePasswordManagement.ini LOCALFOLDER="Configuration files" LOCKFILE=NO EVENIFLOCKED=YES LOCALFILE=Policy-AzurePasswordManagement.ini SESSIONID=921 ) 

C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>(PACLI RETRIEVEFILE VAULT="VAULT" User="" SAFE="PasswordManagerShared" FOLDER="Root\Policies" FILE=Policy-BusinessWebsite.ini LOCALFOLDER="Configuration files" LOCKFILE=NO EVENIFLOCKED=YES LOCALFILE=Policy-BusinessWebsite.ini SESSIONID=921 ) 

C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>(PACLI RETRIEVEFILE VAULT="VAULT" User="" SAFE="PasswordManagerShared" FOLDER="Root\Policies" FILE=Policy-CiscoSSH.ini LOCALFOLDER="Configuration files" LOCKFILE=NO EVENIFLOCKED=YES LOCALFILE=Policy-CiscoSSH.ini SESSIONID=921 ) 

C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>(PACLI RETRIEVEFILE VAULT="VAULT" User="" SAFE="PasswordManagerShared" FOLDER="Root\Policies" FILE=Policy-ComPlus.ini LOCALFOLDER="Configuration files" LOCKFILE=NO EVENIFLOCKED=YES LOCALFILE=Policy-ComPlus.ini SESSIONID=921 ) 

C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>(PACLI RETRIEVEFILE VAULT="VAULT" User="" SAFE="PasswordManagerShared" FOLDER="Root\Policies" FILE=Policy-ConjurHost.ini LOCALFOLDER="Configuration files" LOCKFILE=NO EVENIFLOCKED=YES LOCALFILE=Policy-ConjurHost.ini SESSIONID=921 ) 

C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>(PACLI RETRIEVEFILE VAULT="VAULT" User="" SAFE="PasswordManagerShared" FOLDER="Root\Policies" FILE=Policy-CyberArk.ini LOCALFOLDER="Configuration files" LOCKFILE=NO EVENIFLOCKED=YES LOCALFILE=Policy-CyberArk.ini SESSIONID=921 ) 

C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>(PACLI RETRIEVEFILE VAULT="VAULT" User="" SAFE="PasswordManagerShared" FOLDER="Root\Policies" FILE=Policy-CyberArkPTA.ini LOCALFOLDER="Configuration files" LOCKFILE=NO EVENIFLOCKED=YES LOCALFILE=Policy-CyberArkPTA.ini SESSIONID=921 ) 

C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>(PACLI RETRIEVEFILE VAULT="VAULT" User="" SAFE="PasswordManagerShared" FOLDER="Root\Policies" FILE=Policy-DB2UnixSSH.ini LOCALFOLDER="Configuration files" LOCKFILE=NO EVENIFLOCKED=YES LOCALFILE=Policy-DB2UnixSSH.ini SESSIONID=921 ) 

C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>(PACLI RETRIEVEFILE VAULT="VAULT" User="" SAFE="PasswordManagerShared" FOLDER="Root\Policies" FILE=Policy-DBString.ini LOCALFOLDER="Configuration files" LOCKFILE=NO EVENIFLOCKED=YES LOCALFILE=Policy-DBString.ini SESSIONID=921 ) 

C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>(PACLI RETRIEVEFILE VAULT="VAULT" User="" SAFE="PasswordManagerShared" FOLDER="Root\Policies" FILE=Policy-Firewall1.ini LOCALFOLDER="Configuration files" LOCKFILE=NO EVENIFLOCKED=YES LOCALFILE=Policy-Firewall1.ini SESSIONID=921 ) 

C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>(PACLI RETRIEVEFILE VAULT="VAULT" User="" SAFE="PasswordManagerShared" FOLDER="Root\Policies" FILE=Policy-GaiaSSH.ini LOCALFOLDER="Configuration files" LOCKFILE=NO EVENIFLOCKED=YES LOCALFILE=Policy-GaiaSSH.ini SESSIONID=921 ) 

C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>(PACLI RETRIEVEFILE VAULT="VAULT" User="" SAFE="PasswordManagerShared" FOLDER="Root\Policies" FILE=Policy-GCPServiceAccount.ini LOCALFOLDER="Configuration files" LOCKFILE=NO EVENIFLOCKED=YES LOCALFILE=Policy-GCPServiceAccount.ini SESSIONID=921 ) 

C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>(PACLI RETRIEVEFILE VAULT="VAULT" User="" SAFE="PasswordManagerShared" FOLDER="Root\Policies" FILE=Policy-GenericWebApp.ini LOCALFOLDER="Configuration files" LOCKFILE=NO EVENIFLOCKED=YES LOCALFILE=Policy-GenericWebApp.ini SESSIONID=921 ) 

C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>(PACLI RETRIEVEFILE VAULT="VAULT" User="" SAFE="PasswordManagerShared" FOLDER="Root\Policies" FILE=Policy-IISAnonymous.ini LOCALFOLDER="Configuration files" LOCKFILE=NO EVENIFLOCKED=YES LOCALFILE=Policy-IISAnonymous.ini SESSIONID=921 ) 

C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>(PACLI RETRIEVEFILE VAULT="VAULT" User="" SAFE="PasswordManagerShared" FOLDER="Root\Policies" FILE=Policy-IISAppPool.ini LOCALFOLDER="Configuration files" LOCKFILE=NO EVENIFLOCKED=YES LOCALFILE=Policy-IISAppPool.ini SESSIONID=921 ) 

C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>(PACLI RETRIEVEFILE VAULT="VAULT" User="" SAFE="PasswordManagerShared" FOLDER="Root\Policies" FILE=Policy-InformixUnixSSH.ini LOCALFOLDER="Configuration files" LOCKFILE=NO EVENIFLOCKED=YES LOCALFILE=Policy-InformixUnixSSH.ini SESSIONID=921 ) 

C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>(PACLI RETRIEVEFILE VAULT="VAULT" User="" SAFE="PasswordManagerShared" FOLDER="Root\Policies" FILE=Policy-INIFile.ini LOCALFOLDER="Configuration files" LOCKFILE=NO EVENIFLOCKED=YES LOCALFILE=Policy-INIFile.ini SESSIONID=921 ) 

C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>(PACLI RETRIEVEFILE VAULT="VAULT" User="" SAFE="PasswordManagerShared" FOLDER="Root\Policies" FILE=Policy-MSSql.ini LOCALFOLDER="Configuration files" LOCKFILE=NO EVENIFLOCKED=YES LOCALFILE=Policy-MSSql.ini SESSIONID=921 ) 

C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>(PACLI RETRIEVEFILE VAULT="VAULT" User="" SAFE="PasswordManagerShared" FOLDER="Root\Policies" FILE=Policy-MySQL.ini LOCALFOLDER="Configuration files" LOCKFILE=NO EVENIFLOCKED=YES LOCALFILE=Policy-MySQL.ini SESSIONID=921 ) 

C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>(PACLI RETRIEVEFILE VAULT="VAULT" User="" SAFE="PasswordManagerShared" FOLDER="Root\Policies" FILE=Policy-Novell-eDirectory.ini LOCALFOLDER="Configuration files" LOCKFILE=NO EVENIFLOCKED=YES LOCALFILE=Policy-Novell-eDirectory.ini SESSIONID=921 ) 

C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>(PACLI RETRIEVEFILE VAULT="VAULT" User="" SAFE="PasswordManagerShared" FOLDER="Root\Policies" FILE=Policy-Oracle.ini LOCALFOLDER="Configuration files" LOCKFILE=NO EVENIFLOCKED=YES LOCALFILE=Policy-Oracle.ini SESSIONID=921 ) 

C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>(PACLI RETRIEVEFILE VAULT="VAULT" User="" SAFE="PasswordManagerShared" FOLDER="Root\Policies" FILE=Policy-OS390SSH.ini LOCALFOLDER="Configuration files" LOCKFILE=NO EVENIFLOCKED=YES LOCALFILE=Policy-OS390SSH.ini SESSIONID=921 ) 

C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>(PACLI RETRIEVEFILE VAULT="VAULT" User="" SAFE="PasswordManagerShared" FOLDER="Root\Policies" FILE=Policy-PrivateSSHKey.ini LOCALFOLDER="Configuration files" LOCKFILE=NO EVENIFLOCKED=YES LOCALFILE=Policy-PrivateSSHKey.ini SESSIONID=921 ) 

C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>(PACLI RETRIEVEFILE VAULT="VAULT" User="" SAFE="PasswordManagerShared" FOLDER="Root\Policies" FILE=Policy-Registry.ini LOCALFOLDER="Configuration files" LOCKFILE=NO EVENIFLOCKED=YES LOCALFILE=Policy-Registry.ini SESSIONID=921 ) 

C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>(PACLI RETRIEVEFILE VAULT="VAULT" User="" SAFE="PasswordManagerShared" FOLDER="Root\Policies" FILE=Policy-RSAManagement.ini LOCALFOLDER="Configuration files" LOCKFILE=NO EVENIFLOCKED=YES LOCALFILE=Policy-RSAManagement.ini SESSIONID=921 ) 

C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>(PACLI RETRIEVEFILE VAULT="VAULT" User="" SAFE="PasswordManagerShared" FOLDER="Root\Policies" FILE=Policy-SampleGroup.ini LOCALFOLDER="Configuration files" LOCKFILE=NO EVENIFLOCKED=YES LOCALFILE=Policy-SampleGroup.ini SESSIONID=921 ) 

C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>(PACLI RETRIEVEFILE VAULT="VAULT" User="" SAFE="PasswordManagerShared" FOLDER="Root\Policies" FILE=Policy-SampleSSHKeyGroup.ini LOCALFOLDER="Configuration files" LOCKFILE=NO EVENIFLOCKED=YES LOCALFILE=Policy-SampleSSHKeyGroup.ini SESSIONID=921 ) 

C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>(PACLI RETRIEVEFILE VAULT="VAULT" User="" SAFE="PasswordManagerShared" FOLDER="Root\Policies" FILE=Policy-SAP.ini LOCALFOLDER="Configuration files" LOCKFILE=NO EVENIFLOCKED=YES LOCALFILE=Policy-SAP.ini SESSIONID=921 ) 

C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>(PACLI RETRIEVEFILE VAULT="VAULT" User="" SAFE="PasswordManagerShared" FOLDER="Root\Policies" FILE=Policy-SAPHANA.ini LOCALFOLDER="Configuration files" LOCKFILE=NO EVENIFLOCKED=YES LOCALFILE=Policy-SAPHANA.ini SESSIONID=921 ) 

C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>(PACLI RETRIEVEFILE VAULT="VAULT" User="" SAFE="PasswordManagerShared" FOLDER="Root\Policies" FILE=Policy-SchedTask.ini LOCALFOLDER="Configuration files" LOCKFILE=NO EVENIFLOCKED=YES LOCALFILE=Policy-SchedTask.ini SESSIONID=921 ) 

C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>(PACLI RETRIEVEFILE VAULT="VAULT" User="" SAFE="PasswordManagerShared" FOLDER="Root\Policies" FILE=Policy-SunOneDirectorySSL.ini LOCALFOLDER="Configuration files" LOCKFILE=NO EVENIFLOCKED=YES LOCALFILE=Policy-SunOneDirectorySSL.ini SESSIONID=921 ) 

C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>(PACLI RETRIEVEFILE VAULT="VAULT" User="" SAFE="PasswordManagerShared" FOLDER="Root\Policies" FILE=Policy-Sybase.ini LOCALFOLDER="Configuration files" LOCKFILE=NO EVENIFLOCKED=YES LOCALFILE=Policy-Sybase.ini SESSIONID=921 ) 

C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>(PACLI RETRIEVEFILE VAULT="VAULT" User="" SAFE="PasswordManagerShared" FOLDER="Root\Policies" FILE=Policy-TextFile.ini LOCALFOLDER="Configuration files" LOCKFILE=NO EVENIFLOCKED=YES LOCALFILE=Policy-TextFile.ini SESSIONID=921 ) 

C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>(PACLI RETRIEVEFILE VAULT="VAULT" User="" SAFE="PasswordManagerShared" FOLDER="Root\Policies" FILE=Policy-UnixSSH.ini LOCALFOLDER="Configuration files" LOCKFILE=NO EVENIFLOCKED=YES LOCALFILE=Policy-UnixSSH.ini SESSIONID=921 ) 

C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>(PACLI RETRIEVEFILE VAULT="VAULT" User="" SAFE="PasswordManagerShared" FOLDER="Root\Policies" FILE=Policy-UnixSSHKeys.ini LOCALFOLDER="Configuration files" LOCKFILE=NO EVENIFLOCKED=YES LOCALFILE=Policy-UnixSSHKeys.ini SESSIONID=921 ) 

C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>(PACLI RETRIEVEFILE VAULT="VAULT" User="" SAFE="PasswordManagerShared" FOLDER="Root\Policies" FILE=Policy-VMWareESX-API.ini LOCALFOLDER="Configuration files" LOCKFILE=NO EVENIFLOCKED=YES LOCALFILE=Policy-VMWareESX-API.ini SESSIONID=921 ) 

C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>(PACLI RETRIEVEFILE VAULT="VAULT" User="" SAFE="PasswordManagerShared" FOLDER="Root\Policies" FILE=Policy-WebFile.ini LOCALFOLDER="Configuration files" LOCKFILE=NO EVENIFLOCKED=YES LOCALFILE=Policy-WebFile.ini SESSIONID=921 ) 

C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>(PACLI RETRIEVEFILE VAULT="VAULT" User="" SAFE="PasswordManagerShared" FOLDER="Root\Policies" FILE=Policy-WinDesktopLocal.ini LOCALFOLDER="Configuration files" LOCKFILE=NO EVENIFLOCKED=YES LOCALFILE=Policy-WinDesktopLocal.ini SESSIONID=921 ) 

C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>(PACLI RETRIEVEFILE VAULT="VAULT" User="" SAFE="PasswordManagerShared" FOLDER="Root\Policies" FILE=Policy-WinDomain.ini LOCALFOLDER="Configuration files" LOCKFILE=NO EVENIFLOCKED=YES LOCALFILE=Policy-WinDomain.ini SESSIONID=921 ) 

C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>(PACLI RETRIEVEFILE VAULT="VAULT" User="" SAFE="PasswordManagerShared" FOLDER="Root\Policies" FILE=Policy-WinLocalWMI.ini LOCALFOLDER="Configuration files" LOCKFILE=NO EVENIFLOCKED=YES LOCALFILE=Policy-WinLocalWMI.ini SESSIONID=921 ) 

C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>(PACLI RETRIEVEFILE VAULT="VAULT" User="" SAFE="PasswordManagerShared" FOLDER="Root\Policies" FILE=Policy-WinLooselyDevice.ini LOCALFOLDER="Configuration files" LOCKFILE=NO EVENIFLOCKED=YES LOCALFILE=Policy-WinLooselyDevice.ini SESSIONID=921 ) 

C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>(PACLI RETRIEVEFILE VAULT="VAULT" User="" SAFE="PasswordManagerShared" FOLDER="Root\Policies" FILE=Policy-WinServerLocal.ini LOCALFOLDER="Configuration files" LOCKFILE=NO EVENIFLOCKED=YES LOCALFILE=Policy-WinServerLocal.ini SESSIONID=921 ) 

C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>(PACLI RETRIEVEFILE VAULT="VAULT" User="" SAFE="PasswordManagerShared" FOLDER="Root\Policies" FILE=Policy-WinService.ini LOCALFOLDER="Configuration files" LOCKFILE=NO EVENIFLOCKED=YES LOCALFILE=Policy-WinService.ini SESSIONID=921 ) 

C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>(PACLI RETRIEVEFILE VAULT="VAULT" User="" SAFE="PasswordManagerShared" FOLDER="Root\Policies" FILE=Policy-XMLFile.ini LOCALFOLDER="Configuration files" LOCKFILE=NO EVENIFLOCKED=YES LOCALFILE=Policy-XMLFile.ini SESSIONID=921 ) 

C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>DEL TMP 

C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>PACLI CLOSESAFE VAULT="VAULT" User="" SAFE="PasswordManagerShared" SESSIONID=921 

C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>PACLI OPENSAFE VAULT="VAULT" User="" SAFE="PVWAConfig" SESSIONID=921 


C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>PACLI RETRIEVEFILE VAULT="VAULT" User="" SAFE="PVWAConfig" FOLDER="Root" File="Policies.xml" LOCALFOLDER="Configuration files" LOCKFILE=NO EVENIFLOCKED=YES LOCALFILE="Policies.xml" SESSIONID=921 

C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>PACLI CLOSESAFE VAULT="VAULT" User="" SAFE="PVWAConfig" SESSIONID=921 

C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>PACLI OPENSAFE VAULT="VAULT" User="" SAFE="System" SESSIONID=921 


C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>PACLI RETRIEVEFILE VAULT="VAULT" User="" SAFE="System" FOLDER="Root" File="DBParm.ini" LOCALFOLDER="Configuration files" LOCKFILE=NO EVENIFLOCKED=YES LOCALFILE="DBParm.ini" SESSIONID=921 


C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>PACLI RETRIEVEFILE VAULT="VAULT" User="" SAFE="System" FOLDER="Root" File="License.xml" LOCALFOLDER="Configuration files" LOCKFILE=NO EVENIFLOCKED=YES LOCALFILE="License.xml" SESSIONID=921 

C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>PACLI CLOSESAFE VAULT="VAULT" User="" SAFE="SYSTEM" SESSIONID=921 

C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>PACLI OPENSAFE VAULT="VAULT" User="" SAFE="PasswordManager_Pending" SESSIONID=921 


C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>PACLI FILESLIST VAULT="VAULT" User="" SAFE="PasswordManager_Pending" FOLDER="Root" OUTPUT(NAME) SESSIONID=921 1>TMP_Pending 

C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>FOR /F "delims=" %a in (TMP_Pending) do echo %a   | findstr .txt  1>nul  || ECHO "ObjectName","%a"  1>>"Configuration files\Pending accounts.txt"  & PACLI LISTFILECATEGORIES VAULT="VAULT" User="" SAFE="PasswordManager_Pending" FOLDER="Root" FILE="%a" SESSIONID=921 OUTPUT(ALL,ENCLOSE)  1>>"Configuration files\Pending accounts.txt" 

C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>echo CPM-Internal-{1a9afe31-9418-4f44-a440-ebefe416ca91}.txt   | findstr .txt  1>nul  || ECHO "ObjectName","CPM-Internal-{1a9afe31-9418-4f44-a440-ebefe416ca91}.txt"  1>>"Configuration files\Pending accounts.txt"  & PACLI LISTFILECATEGORIES VAULT="VAULT" User="" SAFE="PasswordManager_Pending" FOLDER="Root" FILE="CPM-Internal-{1a9afe31-9418-4f44-a440-ebefe416ca91}.txt" SESSIONID=921 OUTPUT(ALL,ENCLOSE)  1>>"Configuration files\Pending accounts.txt" 

C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>echo CPM-Internal-{1a9afe31-9418-4f44-a440-ebefe416ca92}.txt   | findstr .txt  1>nul  || ECHO "ObjectName","CPM-Internal-{1a9afe31-9418-4f44-a440-ebefe416ca92}.txt"  1>>"Configuration files\Pending accounts.txt"  & PACLI LISTFILECATEGORIES VAULT="VAULT" User="" SAFE="PasswordManager_Pending" FOLDER="Root" FILE="CPM-Internal-{1a9afe31-9418-4f44-a440-ebefe416ca92}.txt" SESSIONID=921 OUTPUT(ALL,ENCLOSE)  1>>"Configuration files\Pending accounts.txt" 

C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>DEL TMP_Pending 

C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>PACLI CLOSESAFE VAULT="VAULT" User="" SAFE="PasswordManager_Pending" SESSIONID=921 

C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>PACLI LOGOFF VAULT="VAULT" User="" SESSIONID=921 

C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>PACLI TERM SESSIONID=921 

C:\Users\admin1\Desktop\PAS Reporter v0.50\PAS Reporter v0.50\evd>PAUSE
Press any key to continue . . . 





Drag those files into PAS Reporter

For "EVD exports" files (9 files), drag them into EVD Exports section.
For "Configuration files" (56 files), drag them into Config files section. The file numbers depends by your safes , platforms ,etc. 



You might want to copy your vault server logs folder's trace files (C:\Program Files (x86)\PrivateArk\Server\Logs, trace.d0, d1, d2, d3, d4) into configuration files folder, then drag them in as well.After that, just click Process Files button. It will take a while to get all done. 

Check out nice pretty reports now








References


https://cyberark-customers.force.com/mplace/s/#a352J000000pg09QAA-a392J000001h4PKQAY







1 comment:

  1. Hi, excellent tutorial. Consider include the configuration for vault.ini file. Is simple, but a still necessary. Thanks.

    ReplyDelete