Jump to content
[[Template core/front/profile/profileHeader is throwing an error. This theme may be out of date. Run the support tool in the AdminCP to restore the default theme.]]

Community Reputation

0 Neutral

My Information

  • Agent Count
    100+

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Folks, If you were interested in this, might want to hold off on this version. There's a bug or three in this version relating to the table creation and verification. I'll get these fixed early in the week, and there's also some collaboration that might turn it into a more useful tool. thanks
  2. The attached script was intended to solve the problem of knowing when members of a workstations local administrators group changed. I schedule this against groups to run first thing each morning. There are actually two scripts, the second inserts records into a custom table in the database, one record for each member of the local administrators group. My thought here was that I could more easily determine the new group member, but perhaps it's overkill to add a record for each member. Script logic is rather simple, just get the group membership via powershell and massage the data so we can work with it and insert records in a table to so we can report on it if needed. I also wanted to know if the group member was a local user or domain user, so there's logic in the script to detect that and record it in the table. If the group membership changed on this invocation of the script from the previous execution, I've chosen to create a ticket. But that can be changed in favor of a monitor that does what you want instead. I haven't written Report Center reports for this, but they shouldn't be difficult to create if necessary. I've found this useful in detecting instances when techs have modified the group membership, obviously, but also when a trust relationship between computer and domain has been broken. Audit Localadmin groupmem - master.xml
  3. Oh, I never thought to just create a new binding for LE. Thanks @MGreen!
  4. Sorry for replying to an older post but I thought this might be useful. I had configured letsencrypt on windows 2008 to support Automate, and had to subsequently remove the binding in IIS manager because it broke Automate. When it came to renewal time, letsencrypt couldn't automatically renew because there was no binding for the cert. I found this article, https://brianflove.com/2015/01/21/iis-and-https-binding-with-host-header/, specifically the 3rd option, to allow the renewal via let's encrypt. it's just prepending an asterisk in front of the cert name, then in IIS manager you can edit the hostname in the binding. I think in my case, the https binding hostname property self-disappeared with the renewal, but now I forget. I may have re-edited the binding to remove the hostname so Automate would work. Too bad Automate requires the blank hostname, would be nice not to have to do this hack for a letsencrypt cert.
  5. I did a version of what you're after. The script command I used was: shell enhanced with @Powershell -NoProfile -ExecutionPolicy unrestricted -file %windir%\ltsvc\localadmin.ps1 as the command, and saved that to a variable. The file that it''s running was created in the previous script step with a file write text command For me, the output of that command was in my variable, assuming that works for you you should be able to do what you like with that, like create a ticket? I wanted recurring information about the local admin group, so I took the output and saved it to a new table in the database, and also saved a hash of the output. Then compare the previous hash with the hash from the current run, if they are not the same then the group has changed.
  6. Maybe insert a line in the script that does a sql select hour(now()) and decide if the hour is outside of business hours? This query will return a 0 if the current time is between 20:00 and 09:00, select count(*) from computers where time(now()) >= '20:00:00' or time(now()) < '09:00:00'; non-zero for anything else. Could be easier to do a compare to 0 in your reboot script
  7. I have a scheduled script on a group that gets a list of members of the workstations localadmin group via powershell. invoke-command { $members = net localgroup administrators | where {$_ -AND $_ -notmatch "command completed successfully"} | select -skip 4 #write-host $members $text = $members -Join "," $text = $text -replace "`r", "" $text = $text -replace "`n", "" $text.ToUpper() } putting that in a file and then running that file in an enhanced shell with @Powershell -NoProfile -ExecutionPolicy unrestricted -file %windir%\ltsvc\localadmin.ps1 has worked well for me. At this point, the output of the powershell is in a variable and you can do what you want with it. I wanted this in a table in the labtech database so I could detect changes on each run, so I take the output of the powershell, get a sha hash on that and compare it to a sha hash in the table. If the hashes don't match, a ticket is created. I like the whole database thing because I run it daily to detect changes on machines, and I have a history to reference.
  8. I did that very thing with vbs instead. I think I ran into inconsistencies in my clients with regard to the active probing registry setting, so I deliberately set it to 1. I did this for the same reason that you mentioned. OpenDNS Windows no internet workaround.xml
  9. you could set a variable via a sql query with something like select count(*) from computerroledefinitions where roledefinitionid=57 and computerid=%computerid%; if that comes back as 1, your script is running against an 'AD Domain Controller', 57 is an ad domain controller as indicated in the roledefinition table. if 1, goto exit.
  10. In my use case, i was running the script and the foreach sql script on the same machine. Like you said. Had you considered storing results from the primary script in a custom table and then having your target computers run a scheduled script that checks the values in that table to determine whether they should act? You could schedule the script on the target computers to run frequently i'd think, it would only take a couple steps in the script to determine if they need to act.
  11. I do that against a bunch of network devices. But I feel like I'm missing something in your question because it was intuitive to me when I implemented it. Have you tried it and was there a problem?
  12. Hi everyone, I found a problem with Report Center's stock Antivirus Report and I was hoping for advice on how to fix it. The scenario is that I have a client with SEP endpoint 14, of the 30 clients, 16 of them are self identifying as not having the scanner running, though it does identify as having Symantec Endpoint 14 64bit installed. (I had a problem with my definition for SEP 14, the AV Process apparently needs a * at the end to not do a WMI check for the process and just use the existing process list, thanks to Mike from Automate support for that) 1 of the 16, also has an old pattern file from like 4 weeks ago. This computer does not appear on the report. I tracked it down to the calculated field, ComputerAVGroup, in the report. The Expression is Iif(IsNull([ComputerAVScannerName]), 'Scanner Missing', Iif([ComputerAVAPSetting] == 0, 'Scanner Disabled', Iif(DateDiffDay([ComputerAVVirusDefs], Now()) > [ComputerAVAgeLimit], 'Scanner Out of Date', 'Scanner Healthy'))) I think this means that it'll report the first, and only the first, failure indication. Scanner Missing, then Scanner Disabled, then out of date. I'd like for the report to actually show all AV problems that exist on a computer and have it retain the same format of the report, where it iterates over all computers that have any of these problems. Does someone way smarter than me have a pointer on where I might start looking for it to report each problem? Thanks Mark
  13. Perhaps your .bat script could echo the name of the latest file to a hardcoded filename, something like uploadFileName.txt and have your LT script do a Variable Set using File Contents of uploadFileName.txt?
  14. Have you tried moving the setup.exe and config.xml to the local machine so you're not accessing a UNC?
  15. Isn't it getting the data from the networkdrives table? pretty sure that's a native automate table. Report center magic? Sounds useful.
×
×
  • Create New...