262-299-4600 • Email us

A step-by-step guide on how use Windows PowerShell to test functionality and get data from Admin By Request.



By Steve Dodson


Steve provides research, analysis, insight and commentary on topical issues and events. He lives in New Zealand and has been working at FastTrack Software for 10 years as a cyber security analyst and technical writer.


How-to: Use PowerShell to Query Admin By Request

Introduction

The Admin By Request API allows you to get the necessary data into your preferred SIEM system. This blog covers how to test functionality and get data from Admin By Request using Windows PowerShell.

There are five tasks involved:
1. Task A: Enable and Copy API Key
2. Task B: Copy Required URLs from Resources
Task B.1: Copy Inventory URL
Task B.2: Copy Auditlog URL
3. Task C: Start PowerShell and Declare API Key
4. Task D: Define General Variables
5. Task E: Get Data
Task E.1: Get Inventory Data
Task E.2: Get Auditlog Data

IMPORTANT: In order to use Invoke-RestMethods cmdlets used during this task, you will need to be running Windows PowerShell version 3.0 or higher.

Task A: Enable and Copy API Key

1. In the Admin By Request user portal, navigate to menu Settings > Windows Settings:


2. From the left-hand side menu, select option Privacy (not the PRIVACY tab at the top):


3. Click the API ACCESS tab at the top:


4. Set API access to ON and copy the API Key to the clipboard using the copy to clipboard button to the right of the API Key:


NOTE: The API Key is an inactive key in these examples; used for demonstration purposes only.

5. Paste the API Key into notepad (or similar) to be retrieved later, so that it is not overwritten in Task B.1.

Task B: Copy Required URLs from Resources

In this task we will locate and copy two URLs to be used to make queries in subsequent tasks.

Task B.1: Copy Inventory URL

1. Follow this link.
2. From the list of resources, copy the URL you want to work with using the copy to clipboard button to the right of the URL:


NOTE: For this example, we want to return our current inventory.
IMPORTANT: The URL depends on your datacentre. In this example we are using data centre 1, so see dc1api in the URL. You may see dc2api, etc.

3. Paste the inventory URL into notepad (or similar) to be retrieved later, so that it is not overwritten in Task B.2.

Task B.2: Copy Auditlog URL

1. Follow this link.
2. From the list of resources, copy the URL you want to work with using the copy to clipboard button to the right of the URL:


NOTE: For this example, we want to return an array of auditlog entries.
IMPORTANT: The URL depends on your datacentre. In this example we are using data centre 1, so see dc1api in the URL. You may see dc2api, etc.

3. Paste the Auditlog URL into notepad (or similar) to be retrieved later, so that it is not overwritten in Task C.

Task C: Start PowerShell and Declare API Key

NOTE: If you want to run the code within this blog as a script you will need to change the default execution policy to bypass or unrestricted using the following line of code in PowerShell. However, the full process will not be covered in the scope of this blog.

set-executionpolicy bypass -scope process

1. Launch Windows PowerShell and declare the API Key by copying and pasting the following line of code into the window:

$apikey = '74521893577544cdac9b927df962f8a0'

2. Replace the API Key in this line of code with the API Key you copied in Task A.
3. Press Enter on your keypad:


NOTE: In Tasks C and D, pressing Enter will not return anything, but will take you to a new line in PowerShell. The username has been blurred out in these examples.

Task D: Define General Variables

In this task we will define several variables to make the code easier to work with.

1. Define a header variable by copying and pasting the following line of code into the window:

$header = @{"apikey"=$apikey}

2. Press Enter on your keypad:


3. Define an inventory variable by copying and pasting the following line of code into the window:

$inventory = 'https://dc1api.adminbyrequest.com/inventory'

4. Replace the URL in this line of code with the inventory URL you copied in Task B.1.
5. Press Enter on your keypad.
6. Define an auditlog variable by copying and pasting the following line of code into the window:

$auditlog = 'https://dc1api.adminbyrequest.com/auditlog'

7. Replace the URL in this line of code with the auditlog URL you copied in Task B.2.
8. Press Enter on your keypad:



Task E: Get Data

In this task we will run the GET method to return the data we want.

Task E.1: Get Inventory Data

1. Copy and paste the following line of code into the window:

Invoke-Restmethod -uri $inventory -header $header -Method GET

2. Press Enter on your Keypad:


NOTE: In Tasks E.1 and E.2, pressing Enter will execute the method and return data. There will be a brief pause before the data is returned in this task (E.1) and in task E.2. Key information is blurred out in these examples.
IMPORTANT: Without any parameters specified, a maximum of 50 entries are returned.

Task E.2: Get Auditlog Data

1. Copy and paste the following line of code into the window:

Invoke-Restmethod -uri $auditlog -header $header -Method GET

2. Press Enter on your Keypad:


NOTE: From here we may want to output the data to a CSV file for further aggregation, however this step requires formatting and will not be covered in the scope of this blog.

Voila! We have now successfully used Windows PowerShell to get inventory and auditlog data written to screen.

This procedure was created with the assistance of Mads Christian Mozart Johansen.

Interested in Admin By Request?

Feel free to reach out to us for a discussion on how we can help you.

Book a demo Download Quote

OTHER CYBERSECURITY BLOGS

The 10 Biggest Ransomware Payouts of the 21st Century

Step into the high-stakes world of 21st-century cyber warfare, where ransomware attacks have evolved into a digital menace haunting organizations across the spectrum. Picture this: your valuable data held hostage, encrypted into a digital puzzle, and the only way out is a hefty ransom.

Webinar: Introduction to Remote Access

Join Jeff Jones as he takes you on a guided tour of our latest cybersecurity feature: Secure Remote Access, available with Admin By Request Server Edition.

Healthcare Under Siege: 100 Hospitals Hit Amid Rising Attacks

Recent ransomware attacks on hospitals in Romania highlight the urgent need for healthcare organizations worldwide to strengthen their cybersecurity posture. With patient data at risk, proactive defense strategies are vital to safeguarding critical healthcare services.

Feature Focus: The Windows Client Interface

Dive into the core of the Admin By Request user interface with our latest Feature Focus blog, covering the Windows endpoint client. This series is aimed to equip IT Admins with the knowledge to train users and minimize support queries.

PAM for Dummies: What is Privileged Access Management?

Dive into the acronym-filled world of cybersecurity, where PAM (Privileged Access Management) takes center stage. In this blog, we demystify PAM – what it is, how it works, and why it's crucial in the ever-evolving landscape of cybersecurity.

VPN Vulnerabilities Exposed: Rethinking Remote Access

Explore the vulnerabilities exposed by the Ivanti VPN incident and discover why Admin By Request's Remote Access offers a superior alternative in the era of remote work.

Remote Access is Here

Remote Access is a feature-rich addition to Admin By Request Server Edition which eliminates the need to rely on traditional VPNs and jump servers while maintaining a secure and segregated setup. Here's what to expect.

Local Admin Rights: The Nitro Boost of IT

In IT, 'Nitro Boost' equates to local admin rights, offering a swift digital pace. Yet, like motorsports, it poses risks. EPAM emerges as a solution, ensuring security without compromising efficiency.

Decoding Admin Rights: An Everyday Comparison

Think of local admin rights as like having keys to your house, or a keycard to a restricted area in your establishment – just like a regular set of keys, local admin rights provide access and control.

Best Value and Ease of Use Awards 2023

Admin By Request has received the 2023 Best Ease of Use and Best Value badges from Gartner via verified reviewers on Capterra.

How do we use ChatGPT?

With our latest integration, the web-scraping capabilities of ChatGPT are available to administrators from within the Admin Portal.

Shields Up Cisas Cybersecurity Strengthening Campaign

As the USA’s cyber defense agency, CISA stands ready to help organizations prepare for, respond to, and mitigate the impact of cyber attacks.

Privileged Access Management Just Got Personal

The terms ‘use case’ or ‘usage scenario’ are cold and soulless words and not a good representation of the type of work we do here. Introducing ‘Usage Persona’: a more human approach to use case scenarios.

Venus Ransomware Hits Healthcare

Initial infection via RDP, killing 39 processes, deleting event logs, then encryption - but all stages of the Venus ransomware attack can be prevented with the right tools.

Looking to get ISO Certified? We Can Help.

ISO certification is a mammoth process, but adopting an effective Privileged Access Management solution is a cost-effect and sure-fire way to tick off a number of controls and help get you over the line – while also providing comprehensive security for your entire enterprise.

ISO 27001: Certified

You've seen it before, but what does it actually entail? In a nutshell: security, sustainability, and continually improved products and services. Admin By Request is now ISO certified, and this is how it benefits your enterprise.

Data & Compliance: Ticking All Boxes

In today’s landscape of ever-increasing threats to privacy, cybersecurity tools need to be effective at solving the problem they’re designed for. But there is a second key question to be answered when considering a new cybersecurity product for your organization – is it compliant?

Finding the Balance Between Productivity and Security

The balance between productivity and security is unique to each organization – but at no point should either one compromise the other. Here's how Admin By Request can help.

The Problem with Privileged Access

If you're not managing privileged access in your enterprise, you have a problem. We have the solution.

Secure By Design Series - Part 2

In this blog, PowerON’s Steve Beaumont continues his delve into Admin By Request's Privileged Access Management (PAM) solution, this time focusing on sub-settings, application elevation tools, and auditing capabilities.

Dear Hacker, Better Luck Next Time.

There's no denying that hackers are good. We see this reflected in the frequent cyberattack stories that populate the news channels almost daily - most recently, the Lapsus$ attack on Okta. What we don't hear so much about? That Privileged Access Management software is better.

Revoke: No Big Deal, No Big Squeal

Adopting a less ‘pig-headed’ approach to removing Local Admin rights from staff will always return happier project outcomes.

LAPS for Autopilot device

This blog by Simon Hartmann Eriksen shares his experience with the LAPS-replacement feature, which is soon coming to macOS and Linux too.

Ransomware Comes a March-ing

March is almost upon us, and at the rate we’re going, so is another year of ransomware prevailing. Here’s an update on the ransomware scene so far in 2022 – and some predictions for where it’s headed in the future.

LAPS vs. Break Glass. You be the judge.

MS LAPS is a necessity and, like most necessities, only covers the bare minimum. That’s why we decided to take the necessary parts of LAPS and turn them into something much cooler. But hey - we’ll let you be the judge.

Adapting to the Threat-Landscape in 2022

The whole world has been left vulnerable amid the global Coronavirus pandemic, but at the same time there’s been a cybersecurity pandemic raging, with ransomware payouts repeatedly surpassing the $2 million mark. Safe to say, the two very different things are likely related.

Secure By Design Series - Part 1

In this blog, PowerON CTO Steve Beaumont weighs up the options available when it comes to managing local admin rights: the pros and cons of manually addressing the issue internally vs. implementing a Privileged Access Management (PAM) solution to do it for you.

New Year, New Plan; Secure your Endpoints

The disrupted past few years have made it very difficult to plan ahead. But valuable lessons learnt throughout 2020 and 2021 can be applied to help us plan for 2022 – not least, lessons on cybersecurity.

Time Flies when you're Getting Hacked

In 2021 it took organizations an average of 212 days to discover a data breach - that’s a long time compared to the 24-48 hours it takes a hacker to compromise domain admin once they’ve gained initial access to your system. Here’s how to disrupt the attack timeline so they can’t escalate up the ranks of privilege undetected.

Catching up with CoolUnite

The CoolUnite Foundation improves the lives of terminally ill and vulnerable children by collaborating with a range of organizations that provide support for them and their families. Here’s what they’re getting up to at the moment – and how you can get involved.

It's Time To Take MacOS Security Seriously

Despite contrary belief, security is a big problem for the modern Mac operating system. Admin By Request’s cross-platform solution can help you address this problem and get your Apples under control.

Auto Approval, In Case of Emergency

How to have your (ICE Cream) cake and eat it.

RDP: Exposed (…Literally)

Despite RDP being the number one attack vector used by cyber criminals, the protocol is being adopted increasingly across the globe as teleworking solidifies its place in working culture. If your organization can’t do without it, here’s a few tips on what you can do to keep your systems safe while using RDP.

Awake from your PrintNightmare!

Six options to deal with Microsoft’s PrintNightmare KB5005652

What's new in Admin By Request 7.1

Learn from the development team what is new in version 7.1 and what the thinking behind it is

Combating Common Ransomware Tactics

In the unrelenting battle of the good guys versus cybercriminals, ransomware perpetrators have come out swinging in 2021. This blog investigates the common behaviors of the latest attackers on the scene; what are their tried and tested tactics, and how can you combat them?

What's in the Box?

Unpack Admin By Request’s Privileged Access Management free plan and discover exactly what you can get your hands on – no strings attached.

Don’t Cut Corners while Running LAPS

Microsoft LAPS was released in 2015 with the main purpose of making it more difficult for hackers to spread across IT networks. This Infosecurity Magazine blog explains how Microsoft LAPS works and how it compares to Admin By Request.

Supporting Critically Ill Children's Charity: Team Rynkeby

Admin By Request is backing the "Team Rynkeby" cycling team, who raise money for organisations that support children with critical illnesses. Learn how your company can help too.

UAC: The Feature You Love to Hate

Although necessary, the user experience with Window’s User Account Control has never been smooth. Admin By Request adds flexibility to the UAC experience to provide a solution that achieves everything the Microsoft security tool aims for in a comprehensive, user-friendly solution straight out of the box.

What's new in Admin By Request 7

Learn from the development team what is new in version 7 and what the thinking behind it is

Support Assist Feature

Joymalya Basu Roy from Atos shows you everything you need to know about Support Assist

Version 7 Feature Review

Joymalya Basu Roy from Atos gives you his take on the new features in version 7 of Admin By Request

How Much Could You Lose Over a Data Breach?

The 2020 IBM Cost of a Data Breach Report reveals some alarming figures about data breaches. Take the right steps now to avoid your organization suffering a breach and becoming part of the statistics.

Are You Responsible for Losing the Mothership?

It doesn't matter how many high-tech defenses and security systems you have protecting your network – they can all be thwarted if you let hackers slip onto the Mothership via an administrator account.

Azure AD & MEM/Intune

How-to: Integrate Admin By Request with Azure AD & MEM/Intune. A walk-through by Atos Technical Architect Hubert Maslowski

REvil Ransomware Aims Below the Belt at Jack Daniel’s Maker, Brown-Forman

The latest victim of REvil ransomware is the alcohol parent company of Jack Daniel’s. Learn how Privileged Access Management could counter such attacks and give you the upper hand.

Post-Covid-19 and Remote Working Cyber Attacks: You’re Not as Worried as You Should Be

Remote Working Cyber Attacks are a big risk the world will be facing post-Covid-19 pandemic. This blog discusses why you should be concerned and how you can ensure your remote workforce is protected.

Forming a Double Line of Defense Against a RAT: Remote Access Trojan ‘Taidoor’

A 12-year old Remote Access Trojan (RAT) that first emerged from the depths in 2008 has now scurried out of its hiding place to spread a new strain of virus in 2020

Admin By Request Review

Using Admin By Request to manage Local Admin rights on Microsoft Azure AD Joined Windows 10 devices was a joy, writes Joymalya Basu Roy (MS Intune Architect, ATOS)

Easy Peasy Lemon Squeezy: Privileged Access Management Made Simple

Admin By Request takes the burden out of implementing a PAM solution and makes the task a quick and easy one. Here's how.

Snake Ransomware Sinks Teeth into Honda and Enel

Industrial companies Honda and Enel were recently attacked by Snake ransomware. Get a breakdown on the malware and see how Admin By Request prevents these attacks out of the box.

Pack the Essentials: The Minimum Cyber Security Requirements

Many countries have set out minimum cyber security requirements that government and other agencies should meet to ensure a common, high level of security. Learn how Admin By Request supports these requirements.

The Light at the End of the Funnel

Admin By Request tackles almost 100% of vulnerabilities within your network by managing local administrator rights and scanning files with 30+ anti-malware engines.

RobbinHood and His Not-So-Merry Malware

Learn about kernel-based malware and how managing privileged accounts and preventing privilege escalation combats this threat.

MetaDefender Cloud

This external blog from www.opswat.com talks about the integration between Admin By Request and OPSWAT's MetaDefender

Deadline Approaching? Stay Cool

Stay on task with a privileged access management solution that puts ease of use at the forefront of its system.

Deploying hi-rise security compliance to the home

8 reasons why Admin By Request is the ideal solution to deploy privilege management for the (work from home) masses

One MetaDefender to Rule Them All

Learn about how anti-virus software works and why a single solution is not effective enough to provide adequate cybersecurity.

Admin By Request makes TeamViewer A Team Do-er!

How sealing the Apple Mac compliance 'air gap' also prevents Team-viewer remote support sessions from going pear shaped

Local Admin Rights Elevation, Served Three Ways!

A privilege management taster explaining our three main elevation modes, and the scenarios to use them

Local Admin: How To Revoke Without The Revolt!

The unique killer feature that ensures your rights revocation project runs without rebellion - only with Admin By Request

Sub Settings And Portal User Scopes Put To Work

Zero in on how using sub-settings and departmental delegation helps torpedo time wasting rights elevation help-desk support tickets

Tick Tock, Tick Tock! Cyber Privilege Access Management In No Time!

How Admin By Request enables you to comply with UK Cyber Essentials privilege management requirements