Jump to content


  • Content Count

  • Joined

  • Last visited

  • Days Won


LabTechRob last won the day on June 19 2019

LabTechRob had the most liked content!

Community Reputation

6 Neutral

My Information

  • Agent Count
    Less than 100


Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Hello All, We've just released the latest version of Third Wall. You can get it from this link: https://license.third-wall.com/dl/ThirdWall Installer.exe Lots of improvements; here's a partial list of what's changed: Support for the new report engine. The Crystal Reports are still included. Checkbox option for Enable User Logon Reporting which will 'Include Type 3 Logon Failures'. This means the Logon Reporter can now record network authentication failures. Alert on Excessive Logon Failures added Type 7 (screen unlock) and Type 11 (cached credentials) logon failures. Logon message now supports the apostrophe Logon Monitoring now describes the specific reason for logon failures (e.g. User name does not exist, Password expired, etc..) Lots more! If you're already running Third Wall then the easiest way to update is to open any Third Wall location screen and press the 'Update Available' button. Let me know if you have any questions on this, otherwise happy updating!
  2. You can do this in three lines: Here's the shell line so you can cut'n'paste it: wmic process where "name='fpvxplus.exe'" get ExecutablePath Why doesn't your executable show in Automate? You really want to use an EXE monitor on this rather then this script. I would try this: On remote computer, run the .exe Use the tray icon to issue an Update Inventory command Make sure the Update Inventory command is completed, then: Open the computer screen for the remote computer you were just on Check the Process tile. It has to be there... If it is, then ditch the script. Right click the process and 'Create Process Monitor' </jobDone>
  3. I can't show you how to use the server (big topic, there!) but I can better explain how to stage a file for installation. In this example, I'm going to install WinRar. Step 1: Get the software. Goto their website and download the build file (winrar-x64-56b5.exe). Because my environment also has 32 bit computers, I also get the 32 bit installer (wrar56b5.exe.) Step 2: Stage the software. On the LabTech server, I open c:\Transfer\Software. I create a WinRAR folder and copy the two files (above) into that folder. My build files are now ready for distribution to my users. Step 3: Create the installation script. Here is an installation template that holds the minimum actions you'll need to get the job done - file download and the install command: The only thing left here is to alter the initial IF statement so you're not installing RAR on machines that already have WinRAR. For this, I suggest using the IF 'Registry Check' comparison.
  4. Keegan is right - don't image with the agent installed. Instead, make sure the agent installer is on the image and use the RunOnce key to install the agent with command line params. Write the installation so that it works fully unattended. Job done!
  5. Released! As promised, we now offer the option to hide the Admin name from logon selection:
  6. Hi Vandeal, Our documentation can be found here with the Ransomware Monitor explained in detail on page 29. To save you the click, here's the overview: This isn't a tool from Foolish IT, it is a policy wholly built and maintained by Third Wall. When you enable the policy, Third Wall will write four ‘A Third Wall…’ files to each user’s ‘My Documents’ folder. We then put a watcher on all four files, watching for any changes to those files. The idea is to catch ransomware encrypting files. If any one of those four files are changed, your assigned ‘Detection Action’ will immediately run and you will receive an alert. ‘Detection Action’ is one or more of these options that will run if the Ransomware Monitor sees a change to one of those files: Disable VSS, Isolate (removes network connectivity to everything, except for your LabTech server and your Screen Connect server), AV-Scan. You can also select 'Shutdown' or 'Ticket Only'. Let me know if you've any other questions here, I'm happy to help.
  7. Made a mistake in my last post. If you add a simple internal monitor to a Third Wall installation, you can be alerted when a user signs into a computer. You have to create it yourself, it doesn’t come with the plugin but if you have any questions on how to do it, I’m happy to show you how.
  8. Suggestion: Don't try to copy the file from a server share, stage the .msi file on your LabTech server at %lltshare%\transfer and download it from there. That will make the File Download work flawlessly and you won't get hung up with credentials. Once it is on the target computer, use 'Shell' to install it. %windir%\system32\msiexec.exe FTW. https://www.advancedinstaller.com/user-guide/msiexec.html This will install the application as the Local System Account. I like to use the /L switch and 'File Upload' the logs. That way, if there's an issue, you can easily see the installation logs.
  9. Third Wall (plugin) won’t ticket on logon but it will monitor and record all logon/logoff events which are viewable via report or through a dataview.
  10. The trailing $ still hides it from dos lookups but I was wrong to offer this as a solution to the above; it doesn't work against hiding the account from the logon menu. The registry key to do this is: REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList" /v Administrator /t REG_DWORD /d 0 (requires reboot) We're adding this to Third Wall, will be available with our next release.
  11. There are several ways to get this done, here are a few suggestions. If you can avoid it, don't hardcode your path to the uninstaller but get the path from the registry. Not all titles will let you do this but the better software houses will stamp an 'Uninstall Path' to itself in the registry. Lookup that registry key, set the return as a variable, then run that variable in context with your installer. 'Variable Set' will allow you to do this. If that isn't an option then you will want to use LabTech script's line filter. (don't take these command lines literally!) Third option, uninstall by guid. Again, different titles have different rules but you may get away with: %windir%\system32\msiexec.exe /x {A3AEEA68-AC93-4F6F-8D2D-78BBF7E422B8} /silent /noreboot Best advice I can give you here: make sure your uninstall string works thru the CMD Prompt before writing it to your script! If it works in CMD Prompt, it will work in a script, 1:1.
  12. Check the tables on your LabTech server. You should see a table named 'sensorchecks'. Here's an example of the insert we do for the Third Wall plugin to make our custom tables work with native searches. Select DISTINCT Computers.ComputerID, Clients.Name As `Client Name`, Computers.Name As ComputerName, Computers.Domain, Computers.UserName, plugin_tw_locationvalues.twnEnableLogonReports As `plugin_tw_locationvalues_twnEnableLogonReports`, plugin_tw_computervalues.twtDoNotEnableLogonReports As `plugin_tw_computervalues_twtDoNotEnableLogonReports`, Computers.OS FROM Clients INNER JOIN Computers ON Computers.ClientID = Clients.ClientID LEFT JOIN plugin_tw_locationvalues ON plugin_tw_locationvalues.LocationID = Computers.LocationID LEFT JOIN plugin_tw_computervalues ON plugin_tw_computervalues.ComputerID = Computers.ComputerID WHERE (IFNULL(plugin_tw_locationvalues.twnEnableLogonReports, 0) <> '0') AND (IFNULL(plugin_tw_computervalues.twtDoNotEnableLogonReports, 0) <> 1) AND (Computers.OS LIKE 'Microsoft%') AND (Computers.OS NOT LIKE '%XP%') AND (Computers.OS NOT LIKE '%VISTA%')
  13. Perhaps a pure DOS application of the task will work better? I've little experience with powershell I'm afraid but I can tell you this runs just fine by the LSA and for me thru LabTech: schtasks.exe /Create /RU system /NP /RL HIGHEST /SC ONEVENT /MO "*[System[Provider[@Name='Windows-ApplicationModel-Store-SDK'] and EventID=4]]" /EC "Microsoft-Windows-Store/Operational" /TN "TW - Block Windows Store" /TR "powershell.exe -Command Stop-Process -ProcessName WinStore.App -Force" /f That command creates a scheduled task which actives a kill command when the Windows Store is run and I think it can be made to suit your purpose as well.
  • Create New...