We are transitioning from another server management product to ZCM and in some of our tasks we run a PowerShell script and pass in a user name and password. In ZCM, if we put the password in the launch action's command line as plain text, anyone who can view the bundle can see the password. We would have to put these bundles in another folder outside of our existing folder structure to control the rights which is possible but not necessarily ideal.
In that other management tool we could enter a variable as an encrypted string. This would be stored with the job but not readable by others who looked at the job. In ZCM there is the credential vault but that doesn’t appear to be able to be used as a variable source but rather just authentication for certain actions.
I would like the option to create a bundle system variable as an encrypted string rather than plain text. I could then use that system variable to pass in a password securely to a script in a launch action without needing to put the bundle outside of our normal bundle folder structure.
by: Patrick T. | over a year ago | ZENworks Control Center
Comments
As a security precaution, the ZCM agent should not log the encrypted text in any bundle action data such as the command line string for Launch Executable. Rather, it should log substitute text such as "<Redacted>", "<Hidden>" or "<Secure String>".