The Run As option lets you run AnyIdentity provider scripts within different contexts and runs the scheduler to do so. This can be done on a local or a remote machine, making it useful to find out what the script is trying to accomplish, whether it is completing certain actions or accessing certain files.
Devolutions Server already includes Azure Key Vault and Windows Accounts custom scripts templates.
Run As PowerShell script in various contexts
-
In Devolutions Server, go to Administration – Privileged Access – Providers.
-
Click on Add.
Add button -
Click on the AnyIdentity tab.
AnyIdentity tab -
Select a PAM provider and click Continue.
-
Click on the Run As tab.
Run As tab -
In the Credential dropdown select either;
- Default: Runs the script with the current scheduler configuration.
- Custom: Runs the script within a specified Username, Password and Host Name.
It is advised to pick or create a user with less permissions to test a script.
-
Click Save to close this window and save the changes.
Check for trusted hosts
If Run As is not pointing to a trusted host, the configuration will not work.
Here is the command line to fetch trusted hosts: Get-Item "WSMan:localhost\Client\TrustedHosts"
Here is the command line to update the local machine's trusted hosts with a certain value: Set-Item 'WSMan:localhost\Client\TrustedHosts' -Value '*' -Force
Make certain to replace the * in the command above. If left as is the * acts as a wildcard, which would make every remote host become trusted.
Read the topic on trusted hosts for more information.