Install / Update PSM Browser and Configure Azure Portal Connector for Your CyberArk Platform

CyberArk plugins and Connection Components use web drivers to connect to web-based targets.

For the connection to succeed, the driver and browser versions must be the same.
This applies to both Chrome and Edge drivers.

 

Update Chrome Driver in PSM Server

1. Check the current version of Chrome Browser and confirm if it is 32bit. to confirm, 
Open Chrome browser -> three dots in the right top corner for setting menu

image.png
image.png

<optional>  if Chrome browser is needed to reinstall, uninstall current Chrome from control panel first and download 32bit chrome browser from below link to install.

https://chromeenterprise.google/intl/en_US/browser/download/#windows-tab

2. Go to Chrome driver download page using below URL and download matching version of driver.

https://chromedriver.chromium.org/downloads

3. Move the downloaded chromedriver.exe file to Component folder of PSM installation location. By default, it's location is below:

C:/Program Files (x86)/CyberArk/PSM/Components

4. Right click on the chromedriver.exe file -> Select Properties -> Check the "Unblock File" checkbox -> Click Apply/Ok to save.

5 Re-run powershell command  PSMConfigureAppLocker.ps1 under C:/Program Files (x86)/CyberArk/PSM/Hardening to generate a new hash for Chromedriver.exe

 Restart the PSM server and test the connection.

Note: https://cyberark.my.site.com/s/article/How-to-update-Chrome-Driver-in-PSM-server

Step 1) Update Chrome browser, remember chrome should be a 32 bit version installed in the Program Files (x86) path.

Step 2) Download the latest chrome driver for your new version:
https://chromedriver.chromium.org/downloads

Step 3) Copy the chromedriver.exe to .../PSM/Components, overwrite the previous file.

Step 4) Check the marketplace to see if there are any newer versions of the Secure Web Application Connectors Framework. If there are, Download the latest and copy the zip to the PSM(s)

https://cyberark-customers.force.com/mplace/s/#a3550000000EiCMAA0-a3950000000jjUwAAI

Step 5) Take a backup of the PSM's components folder, copy paste it to your desktop (just in case).

Step 6) Copy only the contents of the components folder from the downloaded file from the marketplace (only the components folder, we don't need any other folder contents). Copy these files to .../PSM/Components and overwrite files if prompted.

Step 7) Open the .../PSM/PSMHardening.ps1 script in a text editor, and check the value of $SUPPORT_WEB_APPLICATIONS. make sure it is set to: $true

Step 8) From Administrative Powershell, Run .../PSM/Hardening/PSMHardening.PS1

Step 9) From Administrative Powershell, Run .../PSM/Hardening/PSMConfigureAppLocker.PS1

Step 10) Test your connections from PVWA

Note: If still having issues, restart the PSM, hardening often requires a reboot.

Note: https://cyberark.my.site.com/s/article/PSM-How-to-update-Chrome

Download / Update Browser Driver in PSM

1. Download the WebDriverUpdater tool from CyberArk's marketplace:
https://cyberark.my.site.com/mplace/s/#a35Ht000000rjXlIAI-a39Ht000001kceVIAQ
*This tool operates independently as a standalone and portable application.*

2. Unzip the downloaded file and place it on your PSM server.

3. Update the "PathToPSMDrivers" field value in the "WebDriverUpdater.exe.config" file to point to the PSM Components folder. (Default location: C:/Program Files(x86)/CyberArk/PSM/Components)

4. Execute the WebDriverUpdater.exe as an administrator. Review the logs folder to confirm successful web driver updates.

5. Ensure rules for chromedriver/msedgedriver are added to PSMConfigureAppLocker.xml:

chromedriver: <Application Name="chromedriver" Type="Exe" Path="C:/Program Files (x86)/CyberArk/PSM/Components/chromedriver.exe" Method="Hash" />

msedgedriver:  <Application Name="msedgedriver " Type="Exe" Path="C:/Program Files (x86)/CyberArk/PSM/Components/msedgedriver.exe" Method="Hash" />

*You can c
onfigure the Method to "Publisher" for future compatibility and to prevent AppLocker from blocking future updated versions of the drivers.

6. Execute the PSMConfigureAppLocker.ps1 script as an administrator located in the Hardening folder.


*If you prefer not to utilize the tool, an alternative method is available for downloading the drivers specific to your installed Chrome or Edge browser. You can obtain the drivers by visiting the following links:

Chrome driver: 
https://github.com/GoogleChromeLabs/chrome-for-testing/blob/main/data/known-good-versions-with-downloads.json (Search for the Chrome version that installed on the PSM server and download the relevent chromedriver) 

Edge driver: https://msedgewebdriverstorage.z22.web.core.windows.net/?form=MT00IS (Click on "Next" you find the folder for the Edge version that installed on the PSM server)

Place the downloaded file in
 the PSM Components folder. (Default location: C:/Program Files(x86)/CyberArk/PSM/Components) and follow steps 5-6.

Onboarding Azure AD Accounts for Azure Portal

Note: https://docs.cyberark.com/PAS/10.10/en/Content/PASIMP/PSM-Azure-CloudServicesManagement.htm
To get Azure Portal connector working, we will need to install Google Chrome and ChromeDriver
Step 1:
1. Download ChromeDriver.exe (Matching your chrome version, usualy it is x86)
  • for older version before 115: https://chromedriver.chromium.org/downloads
  • for newer version after 115: https://googlechromelabs.github.io/chrome-for-testing/
2. Put it into C:/Program Files (x86)/Cyberark/PSM/Components
Step 2:
1. Install chrome using script
It is inside your CyberArk Privilege Cloud Tools package: Cyberark PrivilegeCloud Tools-v13.3/Cyberark PrivilegeCloud Tools/Add-PSMApps
2. Unzip Add-PSMApps
3. Run script Add-PSMApps.ps1 from PowerSHell administrator window
It will automatically download Chromex86 version and add it with ChromeDriver into allow-list by AppLocker.

PS C:/Installation/Add-PSMApps> ./Add-PSMApps.ps1 -Application GoogleChromeX86
Downloading and installing Chrome
Enabling web app support in PSMHardening script
Running PSM Configure AppLocker script
---
Evaluating the dlls consumed by c:/program files (x86)/cyberark/psm/components/psmsshclient.exe
Evaluating the dlls consumed by c:/program files (x86)/cyberark/psm/components/psmprivatearkclientdispatcher.exe
Evaluating the dlls consumed by c:/program files (x86)/cyberark/psm/components/psmpvwadispatcher.exe
Evaluating the dlls consumed by c:/program files (x86)/cyberark/psm/components/mssqlmanagementstudiowindowsauthenticationdispatcher.exe
Evaluating the dlls consumed by c:/program files (x86)/cyberark/psm/components/psm3270client.exe
Evaluating the dlls consumed by c:/program files (x86)/cyberark/psm/components/psmwebformdispatcher.exe
Evaluating the dlls consumed by c:/program files (x86)/cyberark/psm/components/psmwinscpdispatcher.exe
Evaluating the dlls consumed by c:/program files (x86)/cyberark/psm/components/winscp.exe
Evaluating the dlls consumed by c:/program files (x86)/cyberark/psm/components/psmrealvncdispatcher.exe
Evaluating the dlls consumed by c:/program files (x86)/cyberark/psm/components/psmxfocus.exe
Evaluating the dlls consumed by c:/program files (x86)/cyberark/psm/components/psmtokenholder.exe
Evaluating the dlls consumed by c:/program files (x86)/cyberark/psm/components/psmsessionalert.exe
Evaluating the dlls consumed by c:/program files (x86)/cyberark/psm/components/psmsuspendsession.exe
Evaluating the dlls consumed by c:/program files (x86)/cyberark/psm/components/psmpreventwindowhide.exe
Evaluating the dlls consumed by c:/program files (x86)/cyberark/psm/components/psmmessagealert.exe
Evaluating the dlls consumed by c:/program files (x86)/cyberark/psm/components/psmwindowseventslogger.exe
Evaluating the dlls consumed by c:/program files (x86)/cyberark/psm/components/cyberark.psm.webappdispatcher.exe        Evaluating the dlls consumed by c:/program files (x86)/cyberark/psm/components/dllinjector.exe                          Evaluating the dlls consumed by c:/program files (x86)/cyberark/psm/components/dllinjector64.exe                        Evaluating the dlls consumed by c:/program files (x86)/cyberark/psm/components/cyberark.progressbar.exe                 Evaluating the dlls consumed by c:/program files (x86)/cyberark/psm/components/psmticketvalidator.exe                   Evaluating the dlls consumed by c:/windows/system32/conhost.exe
Evaluating the dlls consumed by c:/windows/system32/taskhostw.exe
Evaluating the dlls consumed by c:/windows/system32/wermgr.exe
Evaluating the dlls consumed by c:/program files (x86)/vcxsrv/vcxsrv.exe
Evaluating the dlls consumed by c:/program files (x86)/vcxsrv/xkbcomp.exe
Evaluating the dlls consumed by c:/program files (x86)/internet explorer/iexplore.exe
Evaluating the dlls consumed by c:/program files/internet explorer/iexplore.exe
Evaluating the dlls consumed by c:/program files (x86)/google/chrome/application/chrome.exe
CheckSensitivePrivilegesForDirectories: Current Directory: c:/programdata/microsoft/windows defender/platform/4.18.23050.9-0
CheckSensitivePrivilegesForDirectories: Current Directory: c:/windows/assembly/nativeimages_v4.0.30319_64/mscorlib/4bc5e5252873c08797895d5b6fe6ddfd
CheckSensitivePrivilegesForDirectories: Current Directory: c:/windows/assembly/nativeimages_v4.0.30319_64/system/3ac991e343330dfdb660c4b0041bfe5e
Loading new AppLocker configuration...
Configuring Application Identity service...
CyberArk AppLocker's configuration script ended successfully.
True
---
End of PSM Configure AppLocker script output
Running PSM Hardening script
---
Notice: In order to prevent unauthorized access to the PSM server, the local RemoteDesktopUsers group should contain ONLY the following users:
   1) Maintenance users who login remotely to the PSM server through Remote Desktop Services.
   2) Vault LDAP users who wish to connect to target systems through PSM directly from their desktop using an RDP client application such as MSTSC.
These are the current members of the local RemoteDesktopUsers group:
WinNT://IMCOINVEST/Domain Users
WinNT://IMCOINVEST/VM-NETSEC-Test-1/PSMConnect
WinNT://IMCOINVEST/VM-NETSEC-Test-1/PSMAdminConnect
Would you like to remove all members of this group? (yes/no): no
SUCCESS: The file (or folder): "C:/Windows/explorer.exe" now owned by the administrators group.
0
C:/Windows/explorer.exe
C:/Windows/explorer.exe
C:/Windows/explorer.exe
SUCCESS: The file (or folder): "C:/Windows/SysWOW64/explorer.exe" now owned by the administrators group.
1
C:/Windows/SysWOW64/explorer.exe
C:/Windows/SysWOW64/explorer.exe
C:/Windows/SysWOW64/explorer.exe
SUCCESS: The file (or folder): "C:/Windows/system32/taskmgr.exe" now owned by the administrators group.
2
C:/Windows/system32/taskmgr.exe
C:/Windows/system32/taskmgr.exe
C:/Windows/system32/taskmgr.exe
SUCCESS: The file (or folder): "C:/Windows/SysWOW64/taskmgr.exe" now owned by the administrators group.
3
C:/Windows/SysWOW64/taskmgr.exe
C:/Windows/SysWOW64/taskmgr.exe
C:/Windows/SysWOW64/taskmgr.exe
SUCCESS: The file (or folder): "C:/program files/Internet Explorer/iexplore.exe" now owned by the administrators group.
4
C:/program files/Internet Explorer/iexplore.exe
C:/program files/Internet Explorer/iexplore.exe
C:/program files/Internet Explorer/iexplore.exe
processed file: C:/program files/Internet Explorer/iexplore.exe
SUCCESS: The file (or folder): "C:/program files (x86)/Internet Explorer/iexplore.exe" now owned by the administrators group.
5
C:/program files (x86)/Internet Explorer/iexplore.exe
C:/program files (x86)/Internet Explorer/iexplore.exe
C:/program files (x86)/Internet Explorer/iexplore.exe
processed file: C:/program files (x86)/Internet Explorer/iexplore.exe
Chrome hardening completed successfully
IE hardening completed successfully
Edge hardening completed successfully
C:/Program Files (x86)/Cyberark/PSM
SUCCESS: The file (or folder): "C:/Program Files (x86)/Cyberark/PSM" now owned by the administrators group.
6
SUCCESS: The file (or folder): "C:/Program Files (x86)/Cyberark/PSM" now owned by the administrators group.
C:/Program Files (x86)/Cyberark/PSM
C:/Program Files (x86)/Cyberark/PSM
C:/Program Files (x86)/Cyberark/PSM
C:/Program Files (x86)/Cyberark/PSM/Vault
SUCCESS: The file (or folder): "C:/Program Files (x86)/Cyberark/PSM/Vault" now owned by the administrators group.
7
SUCCESS: The file (or folder): "C:/Program Files (x86)/Cyberark/PSM/Vault" now owned by the administrators group.
C:/Program Files (x86)/Cyberark/PSM/Vault
C:/Program Files (x86)/Cyberark/PSM/Vault
C:/Program Files (x86)/Cyberark/PSM/Vault
C:/Program Files (x86)/Cyberark/PSM/Recordings
SUCCESS: The file (or folder): "C:/Program Files (x86)/Cyberark/PSM/Recordings" now owned by the administrators group.
8
C:/Program Files (x86)/Cyberark/PSM/Recordings
C:/Program Files (x86)/Cyberark/PSM/Logs
SUCCESS: The file (or folder): "C:/Program Files (x86)/Cyberark/PSM/Logs" now owned by the administrators group.
9
C:/Program Files (x86)/Cyberark/PSM/Logs/Components
SUCCESS: The file (or folder): "C:/Program Files (x86)/Cyberark/PSM/Logs/Components" now owned by the administrators group.
10
C:/Program Files (x86)/Cyberark/PSM/Components
SUCCESS: The file (or folder): "C:/Program Files (x86)/Cyberark/PSM/Components" now owned by the administrators group.
11
processed file: C:/Program Files (x86)/Cyberark/PSM/Components
Successfully processed 1 files; Failed processing 0 files
C:/oracle
processed dir: C:/oracle
C:/oracle
True
C:
processed dir: C:/
processed file: C:/
Successfully processed 1 files; Failed processing 0 files
D:
processed dir: D:/
processed file: D:/
Successfully processed 1 files; Failed processing 0 files
SUCCESS: The file (or folder): "C:/Program Files (x86)/CyberArk/Password Manager" now owned by the administrators group.
12
C:/Program Files (x86)/CyberArk/Password Manager
C:/Program Files (x86)/CyberArk/Password Manager
C:/Program Files (x86)/CyberArk/Password Manager
SUCCESS: The file (or folder): "C:/WindowsAzure" now owned by the administrators group.
13
C:/WindowsAzure
C:/WindowsAzure
C:/WindowsAzure
SUCCESS: The file (or folder): "C:/Packages" now owned by the administrators group.
14
C:/Packages
C:/Packages
C:/Packages
Executing (//VM-NETSEC-Test-1/root/CIMV2/TerminalServices:Win32_TSPermissionsSetting.TerminalName="RDP-Tcp")->AddAccount()
Method execution successful.
Out Parameters:
instance of __PARAMETERS
{
        ReturnValue = 0;
};
Executing (//VM-NETSEC-Test-1/root/cimv2/TerminalServices:Win32_TSAccount.AccountName="VM-NETSEC-Test-1//PSMConnect",TerminalName="RDP-Tcp")->ModifyPermissions()
Method execution successful.
Out Parameters:
instance of __PARAMETERS
{
        ReturnValue = 0;
};
Executing (//VM-NETSEC-Test-1/root/cimv2/TerminalServices:Win32_TSAccount.AccountName="VM-NETSEC-Test-1//PSMConnect",TerminalName="RDP-Tcp")->ModifyPermissions()
Method execution successful.
Out Parameters:
instance of __PARAMETERS
{
        ReturnValue = 0;
};
Executing (//VM-NETSEC-Test-1/root/cimv2/TerminalServices:Win32_TSAccount.AccountName="VM-NETSEC-Test-1//PSMConnect",TerminalName="RDP-Tcp")->ModifyPermissions()
Method execution successful.
Out Parameters:
instance of __PARAMETERS
{
        ReturnValue = 0;
};
Executing (//VM-NETSEC-Test-1/root/cimv2/TerminalServices:Win32_TSAccount.AccountName="VM-NETSEC-Test-1//PSMConnect",TerminalName="RDP-Tcp")->ModifyPermissions()
Method execution successful.
Out Parameters:
instance of __PARAMETERS
{
        ReturnValue = 0;
};
Executing (//VM-NETSEC-Test-1/root/cimv2/TerminalServices:Win32_TSAccount.AccountName="VM-NETSEC-Test-1//PSMConnect",TerminalName="RDP-Tcp")->ModifyPermissions()
Method execution successful.
Out Parameters:
instance of __PARAMETERS
{
        ReturnValue = 0;
};
Executing (//VM-NETSEC-Test-1/root/cimv2/TerminalServices:Win32_TSAccount.AccountName="VM-NETSEC-Test-1//PSMConnect",TerminalName="RDP-Tcp")->ModifyPermissions()
Method execution successful.
Out Parameters:
instance of __PARAMETERS
{
        ReturnValue = 0;
};
Executing (//VM-NETSEC-Test-1/root/cimv2/TerminalServices:Win32_TSAccount.AccountName="VM-NETSEC-Test-1//PSMConnect",TerminalName="RDP-Tcp")->ModifyPermissions()
Method execution successful.
Out Parameters:
instance of __PARAMETERS
{
        ReturnValue = 0;
};
Executing (//VM-NETSEC-Test-1/root/cimv2/TerminalServices:Win32_TSAccount.AccountName="VM-NETSEC-Test-1//PSMConnect",TerminalName="RDP-Tcp")->ModifyPermissions()
Method execution successful.
Out Parameters:
instance of __PARAMETERS
{
        ReturnValue = 0;
};
Executing (//VM-NETSEC-Test-1/root/cimv2/TerminalServices:Win32_TSAccount.AccountName="VM-NETSEC-Test-1//PSMConnect",TerminalName="RDP-Tcp")->ModifyPermissions()
Method execution successful.
Out Parameters:
instance of __PARAMETERS
{
        ReturnValue = 0;
};
Executing (//VM-NETSEC-Test-1/root/cimv2/TerminalServices:Win32_TSAccount.AccountName="VM-NETSEC-Test-1//PSMConnect",TerminalName="RDP-Tcp")->ModifyPermissions()
Method execution successful.
Out Parameters:
instance of __PARAMETERS
{
        ReturnValue = 0;
};
Executing (//VM-NETSEC-Test-1/root/cimv2/TerminalServices:Win32_TSAccount.AccountName="VM-NETSEC-Test-1//PSMConnect",TerminalName="RDP-Tcp")->ModifyPermissions()
Method execution successful.
Out Parameters:
instance of __PARAMETERS
{
        ReturnValue = 0;
};
Executing (//VM-NETSEC-Test-1/root/cimv2/TerminalServices:Win32_TSAccount.AccountName="VM-NETSEC-Test-1//PSMConnect",TerminalName="RDP-Tcp")->ModifyPermissions()
Method execution successful.
Out Parameters:
instance of __PARAMETERS
{
        ReturnValue = 0;
};
Executing (//VM-NETSEC-Test-1/root/cimv2/TerminalServices:Win32_TSAccount.AccountName="VM-NETSEC-Test-1//PSMConnect",TerminalName="RDP-Tcp")->ModifyPermissions()
Method execution successful.
Out Parameters:
instance of __PARAMETERS
{
        ReturnValue = 0;
};
Executing (//VM-NETSEC-Test-1/root/cimv2/TerminalServices:Win32_TSAccount.AccountName="VM-NETSEC-Test-1//PSMConnect",TerminalName="RDP-Tcp")->ModifyPermissions()
Method execution successful.
Out Parameters:
instance of __PARAMETERS
{
        ReturnValue = 0;
};
Executing (//VM-NETSEC-Test-1/root/cimv2/TerminalServices:Win32_TSAccount.AccountName="VM-NETSEC-Test-1//PSMConnect",TerminalName="RDP-Tcp")->ModifyPermissions()
Method execution successful.
Out Parameters:
instance of __PARAMETERS
{
        ReturnValue = 0;
};
Executing (//VM-NETSEC-Test-1/root/cimv2/TerminalServices:Win32_TSAccount.AccountName="VM-NETSEC-Test-1//PSMConnect",TerminalName="RDP-Tcp")->ModifyPermissions()
Method execution successful.
Out Parameters:
instance of __PARAMETERS
{
        ReturnValue = 0;
};
Executing (//VM-NETSEC-Test-1/root/cimv2/TerminalServices:Win32_TSAccount.AccountName="VM-NETSEC-Test-1//PSMConnect",TerminalName="RDP-Tcp")->ModifyPermissions()
Method execution successful.
Out Parameters:
instance of __PARAMETERS
{
        ReturnValue = 0;
};
Executing (//VM-NETSEC-Test-1/root/cimv2/TerminalServices:Win32_TSAccount.AccountName="VM-NETSEC-Test-1//PSMConnect",TerminalName="RDP-Tcp")->ModifyPermissions()
Method execution successful.
Out Parameters:
instance of __PARAMETERS
{
        ReturnValue = 0;
};
Executing (//VM-NETSEC-Test-1/root/CIMV2/TerminalServices:Win32_TSPermissionsSetting.TerminalName="RDP-Tcp")->AddAccount()
Method execution successful.
Out Parameters:
instance of __PARAMETERS
{
        ReturnValue = 0;
};
Executing (//VM-NETSEC-Test-1/root/cimv2/TerminalServices:Win32_TSAccount.AccountName="VM-NETSEC-Test-1//PSMAdminConnect",TerminalName="RDP-Tcp")->ModifyPermissions()
Method execution successful.
Out Parameters:
instance of __PARAMETERS
{
        ReturnValue = 0;
};
Executing (//VM-NETSEC-Test-1/root/cimv2/TerminalServices:Win32_TSAccount.AccountName="VM-NETSEC-Test-1//PSMAdminConnect",TerminalName="RDP-Tcp")->ModifyPermissions()
Method execution successful.
Out Parameters:
instance of __PARAMETERS
{
        ReturnValue = 0;
};
Executing (//VM-NETSEC-Test-1/root/cimv2/TerminalServices:Win32_TSAccount.AccountName="VM-NETSEC-Test-1//PSMAdminConnect",TerminalName="RDP-Tcp")->ModifyPermissions()
Method execution successful.
Out Parameters:
instance of __PARAMETERS
{
        ReturnValue = 0;
};
Executing (//VM-NETSEC-Test-1/root/cimv2/TerminalServices:Win32_TSAccount.AccountName="VM-NETSEC-Test-1//PSMAdminConnect",TerminalName="RDP-Tcp")->ModifyPermissions()
Method execution successful.
Out Parameters:
instance of __PARAMETERS
{
        ReturnValue = 0;
};
Executing (//VM-NETSEC-Test-1/root/cimv2/TerminalServices:Win32_TSAccount.AccountName="VM-NETSEC-Test-1//PSMAdminConnect",TerminalName="RDP-Tcp")->ModifyPermissions()
Method execution successful.
Out Parameters:
instance of __PARAMETERS
{
        ReturnValue = 0;
};
Executing (//VM-NETSEC-Test-1/root/cimv2/TerminalServices:Win32_TSAccount.AccountName="VM-NETSEC-Test-1//PSMAdminConnect",TerminalName="RDP-Tcp")->ModifyPermissions()
Method execution successful.
Out Parameters:
instance of __PARAMETERS
{
        ReturnValue = 0;
};
Executing (//VM-NETSEC-Test-1/root/cimv2/TerminalServices:Win32_TSAccount.AccountName="VM-NETSEC-Test-1//PSMAdminConnect",TerminalName="RDP-Tcp")->ModifyPermissions()
Method execution successful.
Out Parameters:
instance of __PARAMETERS
{
        ReturnValue = 0;
};
Executing (//VM-NETSEC-Test-1/root/cimv2/TerminalServices:Win32_TSAccount.AccountName="VM-NETSEC-Test-1//PSMAdminConnect",TerminalName="RDP-Tcp")->ModifyPermissions()
Method execution successful.
Out Parameters:
instance of __PARAMETERS
{
        ReturnValue = 0;
};
Executing (//VM-NETSEC-Test-1/root/cimv2/TerminalServices:Win32_TSAccount.AccountName="VM-NETSEC-Test-1//PSMAdminConnect",TerminalName="RDP-Tcp")->ModifyPermissions()
Method execution successful.
Out Parameters:
instance of __PARAMETERS
{
        ReturnValue = 0;
};
Executing (//VM-NETSEC-Test-1/root/cimv2/TerminalServices:Win32_TSAccount.AccountName="VM-NETSEC-Test-1//PSMAdminConnect",TerminalName="RDP-Tcp")->ModifyPermissions()
Method execution successful.
Out Parameters:
instance of __PARAMETERS
{
        ReturnValue = 0;
};
Executing (//VM-NETSEC-Test-1/root/cimv2/TerminalServices:Win32_TSAccount.AccountName="VM-NETSEC-Test-1//PSMAdminConnect",TerminalName="RDP-Tcp")->ModifyPermissions()
Method execution successful.
Out Parameters:
instance of __PARAMETERS
{
        ReturnValue = 0;
};
Executing (//VM-NETSEC-Test-1/root/cimv2/TerminalServices:Win32_TSAccount.AccountName="VM-NETSEC-Test-1//PSMAdminConnect",TerminalName="RDP-Tcp")->ModifyPermissions()
Method execution successful.
Out Parameters:
instance of __PARAMETERS
{
        ReturnValue = 0;
};
Executing (//VM-NETSEC-Test-1/root/cimv2/TerminalServices:Win32_TSAccount.AccountName="VM-NETSEC-Test-1//PSMAdminConnect",TerminalName="RDP-Tcp")->ModifyPermissions()
Method execution successful.
Out Parameters:
instance of __PARAMETERS
{
        ReturnValue = 0;
};
Executing (//VM-NETSEC-Test-1/root/cimv2/TerminalServices:Win32_TSAccount.AccountName="VM-NETSEC-Test-1//PSMAdminConnect",TerminalName="RDP-Tcp")->ModifyPermissions()
Method execution successful.
Out Parameters:
instance of __PARAMETERS
{
        ReturnValue = 0;
};
Executing (//VM-NETSEC-Test-1/root/cimv2/TerminalServices:Win32_TSAccount.AccountName="VM-NETSEC-Test-1//PSMAdminConnect",TerminalName="RDP-Tcp")->ModifyPermissions()
Method execution successful.
Out Parameters:
instance of __PARAMETERS
{
        ReturnValue = 0;
};
Executing (//VM-NETSEC-Test-1/root/cimv2/TerminalServices:Win32_TSAccount.AccountName="VM-NETSEC-Test-1//PSMAdminConnect",TerminalName="RDP-Tcp")->ModifyPermissions()
Method execution successful.
Out Parameters:
instance of __PARAMETERS
{
        ReturnValue = 0;
};
Executing (//VM-NETSEC-Test-1/root/cimv2/TerminalServices:Win32_TSAccount.AccountName="VM-NETSEC-Test-1//PSMAdminConnect",TerminalName="RDP-Tcp")->ModifyPermissions()
Method execution successful.
Out Parameters:
instance of __PARAMETERS
{
        ReturnValue = 0;
};
Executing (//VM-NETSEC-Test-1/root/cimv2/TerminalServices:Win32_TSAccount.AccountName="VM-NETSEC-Test-1//PSMAdminConnect",TerminalName="RDP-Tcp")->ModifyPermissions()
Method execution successful.
Out Parameters:
instance of __PARAMETERS
{
        ReturnValue = 0;
};
[SC] ChangeServiceConfig SUCCESS
[SC] OpenService FAILED 1060:
The specified service does not exist as an installed service.
WinSCP password storing has been disabled
CyberArk Hardening script ended successfully.
---
End of PSM Hardening script output
All tasks completed.


Now we can switch PSM server for testing Connect to Azure Portal

Onboarding Azure AD Accounts with MFA

Since Azure Portal login will need MFA, there are a couple of changes will need to make on Connector:

Remove validation in web form:
Disable Validation

Enable Trace:

From platform, disable default PSM-MS-AzurePortal and add new PSM-51SEC-AzurePortal

You will need to wait 0-3 minutes to get those connector configuration re-loaded into PSM server.

Troubleshooting

PSM WebApp unable to locate webform fields

Issue / Details

Describe in the requestor's words - what are they trying to do, what is not working, or what are they are looking for?

PSM - After updating Google Chrome on the PSM, Chrome-based connection components fail to connect

Issue / Details

Describe in the requestor's words - what are they trying to do, what is not working, or what are they are looking for?

Product
Component
Environment

What product(s), category, or business process does the requestor have? Has anything been changed recently, such as upgrades, additions, deletions?

Cause

The underlying cause of the issue. Cause is an optional field as it is not appropriate or necessary for some types of articles.

Resolution

The answer or the steps taken to resolve the issue.

Troubleshooting - Parameter BrowsePath is invalid

https://cyberark.my.site.com/s/article/Failed-to-initialize-web-browser-The-selected-browser-was-not-found

When tried to launch Azure Portal Connection, it failed with this message. 

By default it is using x86 32b chrome path. If you installed 64b chrome, you will need to make browser path change:

Each change, you might need to wait 5-10 minutes to take the changes into effect. 

Failed to initialize web browser, the selected browser was not found. Validate that the browser is installed, excluded for the hardening and the parameter "BrowserPath" is configured correctly.

References

版权声明:
作者:Alex
链接:https://www.techfm.club/p/96186.html
来源:TechFM
文章版权归作者所有,未经允许请勿转载。

THE END
分享
二维码
< <上一篇
下一篇>>