Jump to content


  • Content Count

  • Joined

  • Last visited

  • Days Won


Slartibartfast last won the day on August 31 2018

Slartibartfast had the most liked content!

Community Reputation

3 Neutral

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Slartibartfast

    Daily SQL Script

    You can do that, but these are just simple SQL queries so if they are failing your server likely has a serious problem that will very quickly become apparent. I've been running these for a year+ and never had any of them fail.
  2. Slartibartfast

    Daily SQL Script

    I know they reported that the issue with the windowsupdateetlfiles table was fixed but I think people still encountered the issue. You can certainly try turning off this step and seeing if the table remains reasonably sized.
  3. Slartibartfast

    Daily SQL Script

    I often find myself giving out several SQL Execute steps I run in a daily script and explaining what they do, so this is mainly to save me time and typing. I am simply going to list the SQL Statements and an explanation of what each one does. These all go into a script that I schedule against the CWA server 1 time a day, but you can schedule it however often you like. 1. UPDATE agents SET lastscan = now() WHERE lastscan > now() This resets all disabled internal monitors 2. UPDATE hotfix SET pushed='0' WHERE installed=0 AND pushed=1 AND approved=2 This resets the "pushed" flag for deployed patches, so CWA doesn't just give up after they fail a few times. I'm not sure if this is still needed but it doesn't hurt. If you are still using pre version 11 patching then I envy you, but change the value of "approved" to 1. 3. DELETE FROM drives WHERE missing=1 I'm not even going to explain this one 4. DELETE FROM agents WHERE agents.name LIKE "%drive space critical%" AND agents.name NOT LIKE "%Disk - C:%" AND agents.computerid NOT IN (SELECT computerid FROM computers WHERE `os` LIKE "%server%") This removes all those pesky disk space remote monitors on PCs for everything other than the C drive, because on workstations I could not care less about those drives. 5. DELETE FROM ScriptState WHERE LOWER(Variable) LIKE '%ticketid' AND VALUE NOT IN (SELECT ticketid FROM tickets) This is something from Chris Taylor, so you know it's good 6. DELETE FROM eventlogs WHERE eventid IN (2280,5139) This just deletes some events that seemed to take up a lot of space and that I didn't find useful 7. DELETE FROM eventlogs WHERE message LIKE "%software protection%" OR message LIKE "%uninitializing automatic updates%" OR message LIKE "%Security ID:S-1-0-0%" OR source="Microsoft-Windows-Security-Auditing"AND blacklistid=0 Same reason as step 6 8. DELETE FROM windowsupdateetlfiles Deletes everything from this table, as this table is known for it's insane bloat and uselessness, and I seem to recall some potential issues with truncate that delete doesn't suffer from 9. DELETE FROM computerroledefinitions WHERE currentlydetected=0 AND `type`=0 This removes roles that were detected and are now missing from agents
  4. Slartibartfast

    Failed Logins reported

    On the IRC channel so far viewtopic.php?f=5&t=1009 <- in case anyone is bored, or has ran into this before Sorry Katty, not something _I've_ seen. [12:30] No clue [12:30] okie dokie [12:30] Is there anything on the DC that Robin SHOULD be accessing? [12:31] Does robin even exist? [12:31] only thing i can think of is maybe they have something installed that's looking for shares but doesn't have all the cred info. [12:32] i'd lean towards a peristent mapped drive with stored expired creds [12:32] yea