Protecting against unapproved changes to Adaptable Bulk Provisioning scripts
Venafi's Adaptable drivers—
Because other people might have access to the server that is running Trust Protection Platform, they could modify your PowerShell scripts without your knowledge, either accidentally or intentionally. However, with signed scripts, any modifications made to the script will result in a failed signature validation, and the script will not be executed.
To protect against unapproved changes to your scripts, Trust Protection Platform monitors PowerShell script files that are being used by existing Adaptable objects. If a new script is used or a PowerShell script is modified on the file system, Trust Protection Platform displays a warning and you'll need to re-validate the script.
This security feature helps to prevent potentially harmful modifications to your scripts from being run.
IMPORTANT Because of this security feature, following an upgrade to Trust Protection Platform, you must take specific steps on all existing Adaptable objects in order for them to be re-enabled. Refer to the documentation for each Adaptable driver for details.
When you encounter a PowerShell script error, you'll need to open the associated Adaptable Bulk Provisioning job in Aperture where you assigned the script and re-save the installation settings. When you do, the driver is re-enabled and you can run the job again.
To re-enable an Adaptable Bulk Provisioning driver following a change to its associated PowerShell script
- Open and review the associated scripts to verify that they contain only approved changes.
- In TLS Protect, select the associated Adaptable Bulk Provisioning job from the Jobs list, and then click Details and Targets.
- At the bottom of the Details and Targets page, under Installation Settings, click Edit Installation Settings.
- On the Application Specific Settings page, just click Save.
- On the Details and Targets page, click Run Now to run the job again.
Related Topics