RCT Builder is a powerful automation tool, and for today’s demonstration we’re creating a tool designed to assist in automating how we deal with disabled accounts.
In this example, the organization has three main scenarios for disabling an account:
1. The termination of a member of the organization
2. A required legal hold on the account
3. The account is known to be potentially or is certainly compromised
The tool we will create will allow a ConfigMgr user to right click on an account (or multi-select accounts), disable the credentials, and give the option select what user group to place the account in. It is assumed that each user group would then have mitigation policies/procedures in place appropriate for each scenario.
Step 1: Action Properties
When creating any RCT Builder tool, the first step is to set up actions and properties for the tool as a whole. This is completed in the “Action Properties” tab.
For this tool, tabbed results are appropriate so we can see each step’s success or failure. For the name, choose something appropriate like “Disable Account” or “Disable Protocol.” The prompt is likely unnecessary in this case, but if you like it feel free to leave it in.
The Display field is used to determine how the objects you right click on are displayed in the Recast results window. In this case, the SMSID property will identify the user objects we selected in a human readable way:
The Graph Inputs field chooses which properties from the selected object(s) are used by the action. In this case, we need to use the Domain and SMSID fields:
Next, we will set up the custom input parameters we desire—in this case, a list of the different user groups we want to choose from to drop the disabled account into. We accomplish this by first adding a list parameter:
Then selecting and editing the properties of our list:
The display name is what the interface prompt will be titled when we run the tool, with the variable name being the name of the variable that is passed to other actions. I’ve set the width of the menu to 500, and made a selection required for this tool.
We want to choose from constant values for this tool (the group names aren’t dependent on other factors in this case), and then we name the different groups we want to be able to select from. No need for a default selection in this case, but it is an option at the bottom of this window.
Step 2: Building the tool
Designing the layout of tools with RCT Builder is easy—simply drag and drop the actions, Powershell scripts, WMI calls, RegEdits, or scheduled tasks to the screen:
In this case, we want to use the “Disable Account” action and the “Add Account to Group” action.
Click and drag from the circle on the right hand edge of each action to direct the flow of your tool—in this case we want to proceed from the item in ConfigMgr we click on (the user account), to the “Disable Account” action, to the “Add Account to Group” action.
The end result should look like this:
Step 3: Parameter Mapping
For your custom tools to work properly, we need to map how we want to tool to deal with input parameters. For this tool, we will be concerned with the Domain, Sam Account Name, and the custom parameter “Group” we set up earlier. Select an edge (the arrows between actions) between the Start Node and the Disable Account action and click the “Selected Item Properties” tab at the bottom:
Select the Domain from the “Target Input Parameters” box on the left, and in the drop down menu, select “Parameter Mapping.”
Then add a node, selecting the Start Node (in this case, the user account we click on), and mapping Domain to the Parameter: Domain.
Next, select the Sam Account Name from the Target Input Parameters, following the same steps to map it from the Start Node to the Parameter: SMSID.
Now we will map the parameters for the next action—“Add Account to Group.” Select the edge (arrow between actions) between “Disable Account” and “Add Account to Group” and look at the “Selected Item Properties” tab.
For what we’re doing, we want to map the parameters the same way. Map the Domain from the Start Node to the Parameter: Domain as we did before—
Sam Account Name will also be mapped the same way as before, from the Start Node to the Parameter: SMSID—
Finally, we will map the Target Input Parameter “Group” from the Start Node to the list of choices we created earlier—the Parameter: “Choose a Group.”
And that’s it! We can now save and share our tool to run it against users. Simply right click on a user account, hover over Recast RCT, and select RCT Runner.
Then we select the tool we just built:
Choose what group we want to drop the disabled account into:
Choose whether to run immediately or schedule for the future:
And run our tool.
Don’t forget, if you don’t have RCT Enterprise, you can request a free trial anytime at www.nowmicro.com/software/recast. If you have an idea for another tool you would like to see in RCT Builder, tweet them to @RightClickTools or email us at email@example.com.