• Search

  • Pages

  • Archives

  • Categories

  • Meta

  • AutoCreate Standard Accounts in TPAM

    20/11/13 6:53 PM


    Manually creating Systems and related Accounts within the TPAM Appliance is a very tedious process, so for this post, I will show how to create a set of standard users whenever a System is created.

    Let’s assume the following scenario, CompanyA needs to create Windows systems within TPAM and they have a set of local user Accounts they wish to manage within TPAM.  We will take one system, HOST-A, and the standard set of accounts: Administrator, ServerAdmin, and BackupAccount.

    Thinking about the process of how these are created in TPAM, first you create the system, then you create each account within that system.  On the surface, it doesn’t seem too bad, but then you multiply this by hundreds or thousands, and a serious case of carpal tunnel may be the result.

    An option in TPAM to standardize how systems are created, we can create a System Template that contains all of the standard settings of all systems that are created with the template.

    In order to create a template, all that is needed is to hover the cursor over Systems, Accounts, & Collections, move down to Systems, and then click on Add a System Template.

    Below is the Add a System Template screen




    Fill out at a minimum the required fields.

    1)      Enter the Template Name (This is NOT changeable after saved).

    2)      Network Address:  Although required, this is just a bogus place holder.  When a system is created with this template, the Network Address field will be replaced with the actual Network Address of the system being created utilizing the template.

    3)      Select the appropriate platform.  This is part of the time savings of using a template.  If your environment is thousands of Windows and thousands of Linux, you could create two templates, for each type, and all systems created with these templates will be standardized with the settings saved here.

    4)      Make sure to review all other tabs and settings, as what is saved here, although default, will be set on all systems created with this template.

    5)      A recommendation is to be sure to set the functional account and password under the Connection tab, that way a follow up change/modification will not be needed to allow TPAM to connect to the newly created system.

    From the image below, I have entered all the pertinent information and some additional changes, for instance the email address and description.



    If you review the image below, I have set the functional account to a domain account I have already configured within TPAM.  If you are not using a domain account, you need to enter the account name and password for this template.



    Now, if we navigate to Manage Systems and filter for Templates Only, we see the newly created template.



    Now, that was just the creation of the System Template.  For this template to create user, what we do is create user templates within the system template.

    1)      Click on the template that you created, and once it is selected, the click the Accounts button that activates at the bottom of the page.



    2)      The Account Management page loads and if this is a new template, there should be no accounts listed here.  Click Add Account at the bottom of the page.

    3)      The Account Management page changes and shows a filter page with the template name listed in the System Name field. Click on the System button.



    4)      In the System page, only the template should be listed since that is what the filter was defined for.  Click on the template and click the Details button that activates (next to the System button).

    5)      Within the new account page, just as with the system template, enter all pertinent information about this account, but this will be the real account information about the re-used account names.

    6)      As you can see from the image below, I have entered all of the information for the Administrator user and changed the maximum duration for password release.



    7)      If you wish to define PSM for this account, do so now, that way it will be configured each time you create a system with this template.

    8)      Click Save Changes

    9)      Repeat steps 2 through 8 for each additional account desired for this template.

    I have created the other two accounts for our test template already and if we click Listing now, you should see all account templates created in this template.



    Now we just need to test creating a system with the new template.  There are several ways to add a new system using the template, I will list out one below.

    1)      Hover the mouse over Systems, Accounts, & Collections, move down to Systems, and Click on Add a System.

    2)      At the bottom of the Systems Management page, click on Use Template.

    3)      Now, select the template you want to use, in our scenario this is the Windows_Template.

    4)      Click the Details button and notice System settings are present from the template.

    5)      Enter the System Name and change the Network Address.


    6)      Click Save Changes at the bottom of the page.  Since we are using a template with account templates included, saving the systems should trigger creating the accounts for the system as well as the system itself.


    7)      Click on the Accounts button to verify the Accounts were created for this new system.



    There you have it, with a little front end work, now these three accounts will be created for every system when using the template.  This same process can be used for any system type within TPAM.

    Even with templates, it is still laborious to enter systems one at a time, but what we can do is utilize the template with an import file.  Using this method, many systems can be provisioned with their accounts in an automated fashion.

    TPAM import files are Comma-Separated Value (CSV) files and an example of the formatting is below.


    Host-B,host-b.target.local,Windows_Template,Windows,Windows Host-B

    Host-C,host-c.target.local,Windows_Template,Windows,Windows Host-C

    Host-D,host-d.target.local,Windows_Template,Windows,Windows Host-D


    The only required fields are SystemName, NetworkAddress, Template and Type. Within the CSV, you can create multiple system types as long as the Template and Type are changed to reference the appropriate template. The Description field was included so an appropriate description can be created for each system in TPAM instead of the generic description that is included in the template.

    Once your import CSV file is created, just navigate to Batch Processing -> Import Systems, select your CSV, and click Process.  TPAM will read each line of the CSV, create all systems (barring invalid data), utilize the template specified, and this is a huge time saver in working with TPAM.


    Author: Russ Burden, Technical Architect, LeadThem Security






    Posted by bc-admin | in TPAM | Comments Off on AutoCreate Standard Accounts in TPAM

    Comments are closed.