Jump to content


  • Content Count

  • Joined

  • Last visited

  • Days Won


johnsalle last won the day on July 1 2019

johnsalle had the most liked content!

Community Reputation

6 Neutral

My Information

  • Location
    Portland, Oregon
  • Agent Count


Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Yep! Just verified it still works on 2020.3.
  2. I found that Duong's script worked great when it was updating Dell SupportAssist 3.x, but when the computers had Dell SupportAssist 1.x or 2.x installed it would simply install the new version side by side. I updated it to include some uninstallation logic - first running through all the known uninstallers and then if that fails doing a manual removal of the old software. Then it goes into Duong's installation script to push the new version. This has fixed 99% of the problem computers I had automatically. Dell - May 2019 - Dell Support Assist Vulnerability - Updated.xml (Script called "Dell - May 2019 - Dell Support Assist Vulnerability" found in the "Share" folder if you leave it default)
  3. Nope, not yet. I ripped out all my probes so I could remove the old network mapping plugin in preparation of moving to the new network probe pilot. Once they get added back in I’ll give it another shot.
  4. Has anyone played with the APC SmartConnect plugin yet? I'm having trouble getting it to work, and was wondering if anyone else had success with it yet. We have a new APC Smart-UPS 2200 that has the SmartConnect functionality in it. I have the APC account created and the UPS is added into that portal successfully. I have a Network Probe scanning on the right network and it's picked up the APC as a network device. Yet, when I go into the APC SmartConnect and try to "Add UPS" it doesn't find anything to add. I've already associated/registered the plugin with my APC account and that seems to be working. Not sure what else to look at, and was wondering if anyone else had solved this already before going to LT/APC support.
  5. Here's a better version that might actually work. I don't have any production servers that have BitLocker enabled or any workstations with multiple drives, so it's hard for me to test fully, but it works in all my test environments. Returns 'BitLocker Enabled On All Drives' if it doesn't detect any errors. $status = @(); $disks = Get-Volume | Where { ($_.DriveType -eq 'Fixed') -and ($_.DriveLetter -ne $null) -and ($_.DriveLetter -ne 0x00)}; If(!$(Get-WMIObject -Namespace root\CIMv2\Security\MicrosoftVolumeEncryption -Class Win32_EncryptableVolume)){ Return 'WMI Namespace Does Not Exist'; }; ForEach ($disk in $disks){ $drive = $disk.DriveLetter $query = 'Select ProtectionStatus from Win32_EncryptableVolume WHERE DriveLetter = ''$($drive):'''; $query = $ExecutionContext.InvokeCommand.ExpandString($query); $status += (Get-WmiObject -Namespace root\CIMv2\Security\MicrosoftVolumeEncryption -Query $query).ProtectionStatus; }; for($i=0;$i -eq @($disks).Count-1;$i++){ if($status[$i] -ne 1) { Return 'BitLocker Not Enabled On All Drives';}; }; Return 'BitLocker Enabled On All Drives'; And here's a version you can use as a remote EXE monitor "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe " -ExecutionPolicy bypass -Command "& {$status = @(); $disks = Get-Volume | Where { ($_.DriveType -eq 'Fixed') -and ($_.DriveLetter -ne $null) -and ($_.DriveLetter -ne 0x00)}; If(!$(Get-WMIObject -Namespace root\CIMv2\Security\MicrosoftVolumeEncryption -Class Win32_EncryptableVolume)){ Return 'WMI Namespace Does Not Exist'; }; ForEach ($disk in $disks){ $drive = $disk.DriveLetter; $query = 'Select ProtectionStatus from Win32_EncryptableVolume WHERE DriveLetter = ''$($drive):'''; $query = $ExecutionContext.InvokeCommand.ExpandString($query); $status += (Get-WmiObject -Namespace root\CIMv2\Security\MicrosoftVolumeEncryption -Query $query).ProtectionStatus; }; for($i=0;$i -eq @($disks).Count-1;$i++){ if($status[$i] -ne 1) { Return 'BitLocker Not Enabled On All Drives';}; }; Return 'BitLocker Enabled On All Drives'; }" 2>null
  6. As soon as I posted this I saw the problem with it. We're not dealing with physical disks but encrypted volumes. This almost works but the DriveLetter -ne $null isn't detecting properly on 2012 R2 for some reason. When I add in the -ne `0 it does work, but I have to use double quotes for that so it will immediately break in the one-line PoSh command. $disks = Get-Volume | Where { ($_.DriveType -eq 'Fixed') -and ($_.DriveLetter -ne $null) -and ($_.DriveLetter -ne "`0")} ForEach ($disk in $disks){ $query = 'Select ProtectionStatus from Win32_EncryptableVolume WHERE DriveLetter = ''$($disk.driveLetter):''' $query = $ExecutionContext.InvokeCommand.ExpandString($query) (Get-WmiObject -Namespace root\CIMv2\Security\MicrosoftVolumeEncryption -Query $query).ProtectionStatus }
  7. @skyscan I would probably change it up a little bit to accomplish what you're saying. Make use of EDFs and write a script that will get a list of all local drives (ignoring USB/external, Bootcam, etc) and then check the BDE status of each one individually. I think the hardest part would be coming up with the EDF structure since you'll never know what drive letter the data drives on the server are coming from. You could also rewrite the PowerShell check so it parses through each local drive and only returns 1 if ALL local drives are BDE enabled. Just off the top of my head you could do something like this: $disks = Get-PhysicalDisk | where { $_.MediaType -eq 'SSD' -or $_.MediaType -eq 'HDD'} ForEach ($disk in $disks){ #Run status check on specific drive letter and dump to a variable/array } #Check all variables and if they're all 1 then return good, otherwise return error. Just a rough idea of the code, then build that all back into the single line powershell.exe command use that as your remote monitor instead. That would make it so it checked all physical disks on a system for status. Not sure how Servers present MediaType right now but you might need to add another check to that to account for RAID virtual disks. Trying to exclude out any USB/external stuff though.
  8. Here is a quick and easy way to monitor BitLocker disk encryption status. Disclaimer this is not a fully baked solution, just a quick monitor to check if BDE is enabled or not. This doesn't take into account TPM status or anything like that. Feel free to build on this and update it as needed. Search First thing you need to do is create a search. I'm using a simple Location based EDF to enable BitLocker across my entire site. You could easily change this to be all managed computers, or include a computer specific EDF for exclusions or something like that. The OS checks are only including versions that are compatible with BitLocker. Windows 7 Pro isn't compatible with BitLocker so no need to alert on that. Monitor I use a simple remote EXE monitor on my BitLocker group (using that Search above) that checks the encryption status of the C: drive. (Returns 1 is encrypted, anything else is not) "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe " -ExecutionPolicy bypass -Command "& {(Get-WmiObject -Namespace root\CIMv2\Security\MicrosoftVolumeEncryption -Query 'Select ProtectionStatus from Win32_EncryptableVolume WHERE DriveLetter = ''C:''').ProtectionStatus}" 2>null Script Also running on that group I have a daily status check script. I'm not going to export the XML because the script is a MESS (I was trying to build in auto remediation on TPM status originally and failed at it) so here is the key component of the script. Essentially all I'm looking for is the recovery key to be stored in Automate, so I run this PowerShell command and dump it into a Computer level EDF. I run this script on a weekly basis against all enabled BitLocker systems to make sure I have the most up to date code in the event I need it. manage-bde -protectors c: -get | Select-String -Pattern "([0-9]{6}-){7}[0-9]{6}" I also grab the date using a Select NOW() and dump that into another EDF so I can see the last time the code was updated. Ideas/Improvements This is built specifically so I can enable BitLocker on a specific client and alert on computers that BDE is not enabled. It would be easy to update this to instead be a monitor that finds all computers with BitLocker enabled and pulls the key. All you would have to do is remove the EDF from the Search so it is searching all BDE compatible systems, and for the monitor instead of creating a ticket have it run a script that sets an EDF "BitLocker Enabled" on the computer level. Then you could limit the script running daily to only systems that have already been detected as BitLocker Enabled. Hope this helps someone! Let me know if I wasn't clear on anything and I can give more information.
  9. Damnit you're too fast for me! I looked a few weeks ago and nobody was really talking about this so I started working on my own version of this and now i see it's here and ready? Bah!
  10. I know this is old, but for anyone picking this up there's a bug in the Mac version of the script that reports as failed even though it successfully installs. Line 40 the %shellresult% variable is misspelled.
  11. Old thread but just confirmed that LoneWolf's VirusScan detection template does work for me too. Thanks!
  12. Not answering the question directly, but instead leading a different way. What VPN client are you using? A lot of them have command line features, so you could script the entire thing (script install of VPN client, connect to VPN, powershell join domain, disconnect from VPN) which would gain you the same streamline process you're looking for. I use Meraki and Cisco AnyConnects for VPN, and both of them have command line features (AnyConnect client has it's own or Meraki I use rasdial in Windows).
  13. This is a few years old, I think there are some better tools to monitor Dells these days. I build a monitor around a portable Perl shell using the Nagios plugin check_openmanage. It connects via SNMP polling and returns status of the hardware including the RAID controller/drives (assuming the OpenManage software can see them). This works on Native Dell servers with Windows running as the OS. I know someone else here built a plugin for Dell hardware checks specifically. I can't remember who it was but I think there was a thread about it somewhere here. I'm still trying to figure out something similar for a Dell server running VMware. I don't want to go through the VMware layer since it's typically not as consistent but VMware SNMP polling doesn't exist. My best option is something through the iDRAC but that doesn't do SNMP either. I don't want to use traps.. I don't know yet.
  14. Yes, I'll back up the notion that you should use the standalone UserCentric agent installed directly on the DC. My biggest complaint was with the LT sync, it wasn't able to detect disabled users which means anytime there was a de-hire you would need an LT admin to remove the user. Seemed silly to me. Install the standalone UserCentric agent, it checks right in and handles all of the disables/changes with flying colors. Limit the sync down to just the OUs that contain your users, and then you can exclude any service accounts to get your final number.
  15. I tried this and it failed for me so I dug into why and I had some different GUIDs. Not sure if it was a version mismatch (I'm removing or just my weird environment but I had to add in the following to get it to work for me: Under the Sophos Uninstall section I added 4 lines of the msiexec uninstalls to finish cleaning out the Sophos products that the script left. MSIEXEC.EXE /X{09863DA9-7A9B-4430-9561-E04D178D7017} /QN REBOOT=SUPPRESS MSIEXEC.EXE /X{BCF53039-A7FC-4C79-A3E3-437AE28FD918} /QN REBOOT=SUPPRESS MSIEXEC.EXE /X{66967E5F-43E8-4402-87A4-04685EE5C2CB} /QN REBOOT=SUPPRESS MSIEXEC.EXE /X{1093B57D-A613-47F3-90CF-0FD5C5DCFFE6} /QN REBOOT=SUPPRESS Then under the "LT cmd 25" section I added those same new GUIDs to remove the Uninstall entry in the registry for both Wow6432Node and regular Software HKLM%5cSOFTWARE%5cWow6432Node%5cMicrosoft%5cWindows%5cCurrentVersion%5cUninstall:%7b09863DA9-7A9B-4430-9561-E04D178D7017%7d\ HKLM%5cSOFTWARE%5cWow6432Node%5cMicrosoft%5cWindows%5cCurrentVersion%5cUninstall:%7bBCF53039-A7FC-4C79-A3E3-437AE28FD918%7d\ HKLM%5cSOFTWARE%5cWow6432Node%5cMicrosoft%5cWindows%5cCurrentVersion%5cUninstall:%7b66967E5F-43E8-4402-87A4-04685EE5C2CB%7d\ HKLM%5cSOFTWARE%5cWow6432Node%5cMicrosoft%5cWindows%5cCurrentVersion%5cUninstall:%7b1093B57D-A613-47F3-90CF-0FD5C5DCFFE6%7d\ and... HKLM%5cSOFTWARE%5cMicrosoft%5cWindows%5cCurrentVersion%5cUninstall:%7b09863DA9-7A9B-4430-9561-E04D178D7017%7d\ HKLM%5cSOFTWARE%5cMicrosoft%5cWindows%5cCurrentVersion%5cUninstall:%7bBCF53039-A7FC-4C79-A3E3-437AE28FD918%7d\ HKLM%5cSOFTWARE%5cMicrosoft%5cWindows%5cCurrentVersion%5cUninstall:%7b66967E5F-43E8-4402-87A4-04685EE5C2CB%7d\ HKLM%5cSOFTWARE%5cMicrosoft%5cWindows%5cCurrentVersion%5cUninstall:%7b1093B57D-A613-47F3-90CF-0FD5C5DCFFE6%7d\ That's all it took and then it worked beautifully. I also added in a "Resend System Information" so the AV listed would update. Thanks to kierangroome for putting this together!
  • Create New...