Rotate the Credential of a Windows Scheduled Task
Overview
This example will allow you to rotate the credential on a Windows Scheduled Task running as a Service Account that has its password rotated via Keeper PAM.
Using PowerShell Scripts
Prerequisites
To use these scripts, PowerShell 7 must be available on the target machine and should be set up and configured to enable remoting using PowerShell 7 using Enable-PSRemoting.
Pulling Parameters from the Record
The data in the record being rotated is made available to your script via a BASE64-encoded JSON string. This is passed into your script for consumption. When your script has finished execution, Clear-History is executed to ensure that the record data is not available for future PowerShell sessions.
Using Batch Files
Prerequisites
The Remote Procedure Call (RPC) and Windows Management Instrumentation services should be enabled and running on the target server to run the scripts in the examples below.
To rotate the credential of a service account, the user (which in this case is the Gateway's user account) will need to be part of the Administrator's group on the target machine. This means the Gateway must run as a Service account that is assigned the appropriate level of privilege to achieve this and not run as the default SYSTEM user.
This example uses the commonly used tool jq, for parsing the JSON data passed to the script containing the records data. This example assumes you have it installed and the jq command is in PATH.
Pulling Parameters from the Record
The data in the record being rotated is made available to your script via a BASE64-encoded JSON string. This is passed into your script for consumption.
Last updated