# The example shows how to set a password for account records that match specified tag pattern. # If you want to use PowerShell commands to work with SecureAnyBox, first # install SecureAnyBoxPowerShellModule.msi # First, enter a tag search pattern in the dialogue box. If you click the OK button, # the example will continue to run. When you click the Cancel button or enter # a blank search pattern, the example will stop. #To all records with a tag that matches entered tag pattern will set a new password (which is specified below) $tagPattern = Read-Host "Enter tag pattern" # Next, enter a new password in the dialogue box. If you click the OK button, # the example will continue to run. When you click the Cancel button or enter # a blank search pattern, the example will stop. $newPassword = Read-Host "Enter new password" -AsSecureString # At start, we need to authenticate the user. Connect-SAB command connects to SecureAnyBox and # opens the login dialogue. # Due to security reasons, we strongly recommend not using an admin user account. # Create (or use) a user account with minimum permissions (READ) only for Safe Boxes # into which records were imported instead. $sabUrl = "http://127.0.0.1/sab" ## enter Url of SecureAnyBox $loginStatus = Connect-SAB $sabUrl try { # If the second-factor authentication is required, the Set-2FA function # opens a dialogue for entering the code if ( $loginStatus.SecondFactorRequired ) { Set-2FA } # Powershell function Set-AccessCode prompts the user to enter the Access Code # and store it on the SecureAnyBox server for a specified amount of seconds. # A stored Access Code allows changing passwords of the record. Set-AccessCode -Timeout 60 ## == value of timeout in seconds $recCount = 0 # PowerShell commands Get-SafeBoxes (imported from SABPowerShellModule.msi) # and Where-Object (standard command) are used to retrieve an array of Safe Box # objects according to a specified condition (get Safe Box Groups only) $groups = Get-SafeBoxes | Where-Object { $_.Type -eq "SAFEBOX_GROUP" } foreach ( $groupItem in $groups ) { # From each Safe Box Group, PowerShell Get-Safeboxes command retrieves nested Safe Boxes $boxes = $groupItem | Get-SafeBoxes foreach ( $boxItem in $boxes ) { # From each Safe Box, PowerShell Get-Records and Get-Record commands retrieve nested records. # The record is scanned using the Where-Object command to see if any of the record tags match # the specified tag pattern and if the record is an account. $records = $boxItem | Get-Records | Get-Record | Where-Object { $_.Tags -match $tagPattern -and $_.Template -match 'account' } foreach ( $recItem in $records ) { Set-Password -Id $recItem.Id $newPassword Write-Host "New password saved to" $groupItem.Name '\' $boxItem.Name '\' $recItem.Name $recCount += 1 } } } # Now the script retrieves all Safe Boxes from the Root level. # PowerShell commands Get-Safeboxes (imported from SABPowerShellModule.msi) # and Where-Object (standard command) are used to retrieve an array of Safe Box # objects according to a specified condition (get Safe Boxes only) $boxes = Get-SafeBoxes | Where-Object { $_.Type -eq "SAFEBOX" } foreach ( $boxItem in $boxes ) { # From each Safe Box, PowerShell Get-Records and Get-Record commands retrieve nested records. # The record is scanned using the Where-Object command to see if any of the record tags match # the specified tag pattern and if the record is an account. $records = $boxItem | Get-Records | Get-Record | Where-Object { $_.Tags -match $tagPattern -and $_.Template -match 'account' } foreach ( $recItem in $records ) { Set-Password -Id $recItem.Id $newPassword Write-Host "New password saved to" $boxItem.Name '\' $recItem.Name $recCount += 1 } } Write-Host `n'Updated records:' $recCount } finally { # When the connection is not needed anymore, disconnect from the SecureAnyBox server. # The client can no longer be used to work with the SecureAnyBox server. Disconnect-SAB }