Author: Brian

Returned Peace Corps Volunteer, Computer Engineer, father, and eccentric individual.

AirWatch REST API Script : change Self-Service Portal role for users

Here’s several scripts that may be very helpful for anyone that needs to change the self-service portal role for their users in AirWatch. AirWatch is becoming more robust and mature with every new release, but they still have a long way to go towards overall usability for administrators.


 

#******************************************
### AirWatch API Connection
###
### Template from https://support.air-watch.com/posts/94020718-REST-API-Authentication-in-PowerShell
###
### 2015-11-15 Brian Deyo www.briandeyo.us
#*******************************************

write-output ” __ ___ __ ”
write-output ” /\ | |__) | | /\ | / “ |__| ”
write-output ” /~~\ | | \ |/\| /~~\ | \__, | | ”
write-output ” ”

###############################
###
### BEGIN CONFIGURATION SECTION
###
###############################

###Insert AirWatch API Key here
###Consider it best practice to create an API Key for every account that needs API access. Easier to manage access that way.
###
$APIKEY = “blahblahblahAPIKey”

###Insert AirWatch Application Server URL
###The Server is the “Application Server” component of the AirWatch environment.
###
$AWHost = “xxyyy.awmdm.com/API/v1”

###Pop up to get username and password, and then encodes U & P to string
###
$Credential = Get-Credential
$EncodedUsernamePassword = [System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes($(‘{0}:{1}’ -f $Credential.UserName,$Credential.GetNetworkCredential().Password)))

###Define Headers to send with each API access
###Switch Basic to Directory if using AD integrated account
###
$Headers = @{‘Authorization’ = “Basic $($EncodedUsernamePassword)”;’aw-tenant-code’ = “$APIKey”;’Content-type’ = ‘application/json’}

###Define output folder for Rest Logs when the out-file cmdlet is used
###
$RestLogPath = “\\fileshare\log\location”

###############################
###
### END CONFIGURATION SECTION
###
###############################

#***********************************
# List devices for a specific user
#***********************************
#
#write-output “Type User’s email address”
#$UserEmail = Read-Host
#Invoke-RestMethod -Method Get -Uri https://$AWHost/mdm/devices/search?user=$UserEmail -Headers $Headers

#***********************************
# Set Enrollment User’s SSP Access
#***********************************
#
# Define the JSON in the $body variable. Then the Invoke-RestMethod converts to JSON on the fly
#
#$Role = “SSP ROLE NAME”
#$user = “userID”
#$body = @{
# Role = $Role
# }
#Invoke-RestMethod -Method Post -Uri https://$AWHost/system/users/$user/update -Body (ConvertTo-Json $body) -Headers $Headers

#***********************************
# Get Enrollment User Details
#***********************************
#$user = Read-Host
#$Filename = “UserDetails.txt”
#Invoke-RestMethod -Method Get -Uri https://$AWHost/system/users/$user -Headers $Headers | Out-File -Append $RestLogPath$Filename

#***********************************
# Change a single Users SSP Role
#***********************************

#$User = Read-Host
#$NewRole = “SSP ROLE NAME”
#$body = @{
# Role = $NewRole
# }
#Invoke-RestMethod -Method Post -Uri https://$AWHost/system/users/$User/update -Body (ConvertTo-Json $body) -Headers $Headers

#*************************************************************
# Search for All Users that have specific role and change it
#*************************************************************
#$CurrentRole = “SSP ROLE NAME”
#$Filename = “SSP ROLE NAME.txt”
#$UserList = Invoke-RestMethod -Method Get -Uri https://$AWHost/system/users/search?role=$CurrentRole -Headers $Headers
#$list = $UserList.Users.Id
###Save output of every UserID getting changed
#$list.value | Out-File $RestLogPath$Filename
#
### Loop to change all the roles from the dumped list
#
#$NewRole = “SSP ROLE NAME”
#foreach ($User in $list)
#{
# $UserToUpdate = $User.value
#
# $body = @
# {
# Role = $NewRole
# }
# Invoke-RestMethod -Method Post -Uri https://$AWHost/system/users/$UserToUpdate/update -Body (ConvertTo-Json $body) -Headers $Headers
#}

#************************************
# List Number of Users in Each Role
#************************************
#$RolesToCheck = @(“Basic Access”,”External Access”,”Full Access”)
#Foreach ($Role in $RolesToCheck)
#{
# $Filename = “$Role – TOTALS.txt”
# $UserList = Invoke-RestMethod -Method Get -Uri https://$AWHost/system/users/search?role=$Role -Headers $Headers
# $list = $UserList.Users.Id
# ###Save output of every UserID getting changed
# $UserList | Tee-Object $RestLogPath$Filename
#}

 

Reading: Blackwater : The Rise of the World’s Most Powerful Mercenary Army

Blackwater
Jeremy Scahill; Blackstone Audio, Inc. 2007

 

There is a significant amount of detail that I don’t know regarding nearly everything in the known universe. As Silent Bob once said:

“Bitch, what you don’t know about me I can just about squeeze in the Grand fucking Canyon. Did you know I always wanted to be a dancer in Vegas?”

That’s how I feel about Blackwater. How little I knew about them before this book.

My #1 takeaway from this book:

Military contractor is the media-embraced term for a mercenary. Mercenaries are real, they are not a fantasy or only found as guards for villains in a James Bond film. Whenever I hear the terms civilian contractor or military contractor when referring to a position in a hostile space, I will replace the term in my head with the term mercenary.

 

The Wikipedia definition:

A mercenary[1] is a person who takes part in an armed conflict who is not a national or a party to the conflict and is “motivated to take part in the hostilities by the desire for private gain”.[2][3] In other words, a mercenary is a person who fights for personal gains of money or other recompense instead of fighting for the ideological interests of a country, whether they be for or against the existing government. In the last century, and as reflected in the Geneva Convention, mercenaries have increasingly come to be seen as less entitled to protections by rules of war than non-mercenaries. However, whether or not a person is a mercenary may be a matter of degree, as financial and national interests may overlap.

https://en.wikipedia.org/wiki/Mercenary