Ivanti Automation Integration With Ivanti Environment Manager

How Ivanti Environment Manager Can Trigger an Ivanti Automation Task to Make a Change in AD Using an Automation Connector

INTRODUCTION

For former RES customers, it has always been possible from within Ivanti Workspace Control (formerly RES ONE Workspace), to launch Ivanti Automation tasks based on specific triggers occurring, for example, adding a user to a specific AD Group:

These automation tasks can be used to remove unnecessary burden on the IT department by automating common tasks that users require – thus saving IT time and money.

Below we discuss how Ivanti Environment Manager (formerly AppSense Environment Manager) can also be used to trigger Ivanti Automation Tasks.

With Ivanti Automation, it is possible to use Automation Connectors to configure automation tasks to achieve different outcomes.  These automation tasks can now be triggered using the forthcoming version of Ivanti Environment Manager’s new Automation Action which communicates with an existing Automation Dispatcher to initiate configured tasks on-demand, as required.

USE CASE

We will use the same example as above – to add a user to an AD Group when a specific trigger occurs – this will be when a user launches WordPad.exe. This change in AD Group Membership could perhaps then be utilized to provide access to a certain file share or printer for a user.

In this example, a WordPad Users group exists in Active Directory (AD) but currently contains no users:

CONFIGURING IVANTI AUTOMATION

The Ivanti Automation Console is used to create an Automation Module that manages a specific Active Directory Group.

This is achieved by providing details of the relevant domain, including the WordPad Users group for which we want to manage membership:

From the Members tab, we specify the user we wish to add to the AD Group when the automation task is instigated:

That’s it from an Automation perspective!

CONFIGURING IVANTI ENVIRONMENT MANAGER

We will now utilize Ivanti Environment Manager to trigger the task via an Automation Agent installed on a Windows 10 desktop.

In this instance we will use a Process Started trigger - other triggers are available including, but not limited to, Computer Startup/Shutdown, User Logon/Logoff, Session Connect/Disconnect or Session Lock/Unlock - to configure when the Automation Task applies.

This is achieved by first specifying where the Automation Dispatcher resides and under which context we want to run the automation task:

Next, a Process Started node is created and Wordpad.exe is specified as the starting application:

Once added, an Automation Action needs to be configured beneath the User Process Name Condition:

From here, we can select the automation action Manage Wordpad Users Group created earlier in Ivanti Automation:

Once selected, this will appear beneath the User Process Name Condition on the Process Started Trigger:

The Environment Manager Configuration can now be saved and deployed to the Windows 10 endpoint.

TESTING THE CONFIGURATION

A user logs on to the Windows 10 desktop and launches WordPad.exe.

WordPad.exe runs and the Automation Task configured is executed immediately.

On the Administrative endpoint, within Active Directory Users and Computers, User1 will now be visible within theWordPad Users AD Group:

To see a short video of this in action, please follow this link.