Jump to content

All Activity

This stream auto-updates     

  1. Today
  2. Yesterday
  3. Bailey

    Monitoring a single drive

    Thank You
  4. LabTechRob

    Monitoring a single drive

    AND drives.Letter='C'
  5. No need, it'll ride for the next person with the same question.
  6. LabTechRob

    New Third Wall released

    Hello All, We've just released the latest version of Third Wall. You can get it from this link: https://license.third-wall.com/dl/ThirdWall Installer.exe Lots of improvements; here's a partial list of what's changed: Support for the new report engine. The Crystal Reports are still included. Checkbox option for Enable User Logon Reporting which will 'Include Type 3 Logon Failures'. This means the Logon Reporter can now record network authentication failures. Alert on Excessive Logon Failures added Type 7 (screen unlock) and Type 11 (cached credentials) logon failures. Logon message now supports the apostrophe Logon Monitoring now describes the specific reason for logon failures (e.g. User name does not exist, Password expired, etc..) Lots more! If you're already running Third Wall then the easiest way to update is to open any Third Wall location screen and press the 'Update Available' button. Let me know if you have any questions on this, otherwise happy updating!
  7. Hi, Thank you so much for this information! I got it to work. How do I close this discussion?
  8. Reddime

    Extra Data Field Null Check

    Thanks, I'll give that a shot this afternoon.
  9. Joe Lusk

    Script to remove Symantec Cloud

    @HickBoy I would love an export. I managed to get something working using AutoIT, but it is less than perfect and requires a user to be logged on. This looks much better. Thanks in advance. I am actually most curious about the pre-removal operations. Are you doing more than you identified there?
  10. Just to expand on what Darren's talking about, you'll need to use the Field Mapping tab of the CWM plugin to bring Configuration Questions/API results into EDFs. I like this route because I prefer to keep my techs out of the Passwords tab of LT..
  11. clutch70

    RMM Security Best Practices

    @exosource That's awesome kudos for deep diving into the IIS stuff! Also for being the sacrificial scream test 😃 How'd you make out after shutting down everything but '/LabTech' ?
  12. If the jobs aren't being launched from LT, monitoring the associated Event Logs are your best bet. https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc734488(v=ws.10)
  13. Last week
  14. Can we collect the data in a variable, keep appending things to it, and log it at the end? (Somewhat answered my own ? by collecting a bunch of variables and logging it later, didn't answer append capability).
  15. HickBoy

    Script to remove Symantec Cloud

    I've hacked one together that works fairly well (albeit not an officially supported uninstall method from Symantec). We use this as a last resort when the official ways to remove does not work... This uses CEDAR from Symantec to clean the agent from the system. I do some other stuff such as pre-removing the registry values that usually stop Symantec from uninstalling when it complains about pending actions. I do this via an embeded batch file called from the LabTech Script: :: 04/02/2019 :: Clears PendingFileRenameOperations Registry Key to allow Symantec AntiVirus to Uninstall :: Delete Key REG Delete "HKEY_LOCAL_MACHINE\System\currentcontrolset\control\session manager" /v PendingFileRenameOperations /f 2> nul Here's the two important parts of the script (NOTE: The -silent is case sensitive and undocumented). Let me know if you want the full thing and I will clean it up and export it.
  16. DarrenWhite99

    Check if Agent is Online

    If a script is marked online, it will be queued, but will not start until the computer checks in. If the computer is offline, obviously the script just sits waiting. If the script is an online script and the machine goes offline after the script starts, the script will hang on the next remote command until it comes online, OR until the script engine cleans house and kills the script (within an hour I think). If the script is offline, it will run without waiting. If there is a remote command in the script, the script will hang until the computer checks in, or the script engine kills it (after 2 days?) To test the computer status, check out my Scriptlets pack in the downloads area. One of them is to verify that the agent is online.
  17. DarrenWhite99

    Extra Data Field Null Check

    1: Set the EDF to have a default value. Click in it, hit space and backspace, then save. 2: In your script, retrieve the EDF. Check if the value = or Not = (blank, just leave the second part empty) If you haven’t set a default, the unassigned value is undefined. If you set it to be blank as default, it WILL be blank if it hasn’t been set.
  18. To query Manage, you would need to use the Manage API. There’s not really a simple way to do this in an Automate script. Putting information into Automate EDF’s, or retrieving a credential stored as an Automate password is very doable. You would just need to populate the information.
  19. I feel like this should be FAQ but I've wasted a lot of time finding nothing. I have connectwise manage and automate. I don't know the details but they are linked, we can get alert tickets, etc. I want to write a script on automate that looks into the client configurations on manage to get certain variables. How do I do this? Specific example: I have a working automate script to add a vpn connection. How do I expand the logic so it knows which customer the agent is under? Then query the vpn configuration for said customer and gather the host and secret key?
  20. Hey Guys, I new to automate and enabled Failed Login monitor out the box. The tickets we are getting are not really helpful. We trying to edit the monitor to only create a ticket if more than 5 failed login attempts are found in the security logs over the past 24 hours. Below is the out the box monitor. I can't believe its this complicated I tried looking in the Eventlog sql table and it seems it might be possible by editing the additional conditions but haven't been able to figure it out as yet. Also looked into doing remote monitors on the groups. My question is it better to just to a remote monitor for this check? Real what I looking to catch is brute forcing one of the accounts at reside in AD and not necessarily someone entering their passwords incorrectly. Any help would be greatly appreciated. Thanks Guys
  21. DeeLee

    Help - Script that starts service when stopped.

    Automate already have a monitor that restart service call "svc - auto services stopped". This monitor have many other condition so check to see if your service met the condition. Or you can build your own monitor for your specific service and then create a script to be trigger and restart the service.
  22. Reddime

    Extra Data Field Null Check

    Hey guys, I'm sure this is probably a common issue, but I haven't been able to find much on it. I'm writing a script to check an EDF for a value. If it is Null, then I Generate a Random Password and store it in the EDF. The problem is that I haven't found a way to check for a Null value. I'm currently using a "Variable Check" against the variable that I stored my EDF in, with a blank compare field, but the test passes and the script continues as if it matched. My script debugger does show the variable as empty.
  23. I have a client with about 100 endpoints wanting to have Google Chrome Ad Blocker pushed to all endpoints. Does anyone have a script for this? I was pointed here by someone on the Automate Slack chat: https://developer.chrome.com/extensions/external_extensions#registry but I'm not great at modifying scripts/regedit. Any help is appreciated? Thanks in advance
  24. Thanks Joe, that's what I needed.
  25. Message LIKE '%Group Name:Administrators%' AND Message NOT LIKE '%Account Name:%$%' You will need wildcards to match on something inside the string. Testing against my db, the log entries I have are all computer accounts, so the NOT LIKE filters those out.
  26. The idea is to get a ticket when someone is added to an administrators group so we can figure out if it's good/bad/infection etc... Right now I just have an event log monitor that right now just looks for security event 4728 or 4732, User added to a global/local group and that works fine, I'm just trying to narrow it down a little to administrators/domain admins groups. Any thoughts on how to extract that info from the message so it only shows the administrators group? That info is in there. I tried adding additional conditions like "and eventlogs.message like ' Name:AdministratorsGroup'" but that wasn't it. So, this monitor: Gets this result: And in the message comes back with all the data from the event entry: A member was added to a security-enabled local group.Subject:Security ID:S-1-5-21-1111111-1111111-1111111-500Account Name:AdministratorAccount Domain:XXXXXXXXXLogon ID:0x3335FMember:Security ID:S-1-5-21-111111111-111111111-1111111111-1007Account Name:-Group:Security ID:S-1-5-32-544Group Name:AdministratorsGroup Domain:BuiltinAdditional Information:Privileges:- I just don't know enough SQL to ask it "after you narrow it down to these event IDs look to see if it also contains "Group Name:AdministratorsGroup" then continue on to fire the alert template. It's not the end of the world if it can't be narrowed down further, there isn't that many group changes once users are added, I was just trying to just get the important groups. Thanks -Joel
  27. Looking for the best way to set this up as well. Any help would be much appreciated!
  1. Load more activity