• State Suggested Answer
  • Locked Locked
  • Replies 5 replies
  • Answers 2 answers
  • Subscribers 61 subscribers
  • Views 12251 views
  • Users 0 members are here
Options
Related
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Launching ActiveRoles Console from the command line with other credentials

david.standish
over 7 years ago

I tried looking and could not tell if it's possible to launch the ActiveRoles Console from the command line and specify the credentials to be used. It's an .msc and I see that mmc.exe allows for alternate credentials. We're deploying a privileged access solution and want to inject the administrative credentials when ARS is launched. Didn't know if anyone has already worked through this.

- David

  • 0 over 7 years ago
    Hello David,

    Interesting question!

    The trick to this is to launch the mmc executable with alternate credentials, and also with a switch to load in the Active Roles snapin automatically.

    You can pass the path of an msc snapin like so:

    mmc "c:\Program Files\Dell\Active Roles\7.0\Console\ActiveRoles.msc"
  • 0 over 7 years ago
    Have you talked to your privileged access tool vendor about this? Surely this is not the first time one of their customers has tried to launch an MMC with creds stored in the tool?
  • 0 over 7 years ago

    Thanks Terrance and John. The vendor is Thycotic Secret Server and they do have instructions are setting up MMC/Custom Launchers. In the instructions, it basically has launching MMC and provided process arguements. I've done that but when it launches it errors out. There is also a way to run as the credentials of the privileged account, but that doesn't get it to launch either. In the end, I need to figure out how to launch the console with a series of parameters, then I can mimic that launch in the privileged access tool - for example, if the person has never launched the ARS console before, the MSC needs to be launched and specify 4 parameters - the service to connect to, to use Connect As instead of the Current User and then username and password to use for the connection. The tool allows me to specify the parameters when the launch happens, but I'm not seeing that the ARS Console supports that kind of launch.

  • 0 over 7 years ago
    My understanding:
    1) launch cmd> with AD\user credentials and
    2) cmd>mmc "c:\Program Files\Dell\Active Roles\7.0\Console\ActiveRoles.msc" (inside cmd> launch mmc/snap-in)
    (probably) ARS.mmc should pick up (interactive logon?) credentials.
  • 0 over 7 years ago
    I believe that when you launch the ARS MMC, that it makes some changes to the Registry (HKLU I would guess) - you might be able to leverage a GPO to send the requisite settings to your authorized ARS users to get their copy of the MMC "primed".