Jump to content


  • Content Count

  • Joined

  • Last visited

  • Days Won


HickBoy last won the day on July 22 2018

HickBoy had the most liked content!

Community Reputation

3 Neutral

My Information

  • Agent Count

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. HickBoy

    Script to remove Symantec Cloud

    I've hacked one together that works fairly well (albeit not an officially supported uninstall method from Symantec). We use this as a last resort when the official ways to remove does not work... This uses CEDAR from Symantec to clean the agent from the system. I do some other stuff such as pre-removing the registry values that usually stop Symantec from uninstalling when it complains about pending actions. I do this via an embeded batch file called from the LabTech Script: :: 04/02/2019 :: Clears PendingFileRenameOperations Registry Key to allow Symantec AntiVirus to Uninstall :: Delete Key REG Delete "HKEY_LOCAL_MACHINE\System\currentcontrolset\control\session manager" /v PendingFileRenameOperations /f 2> nul Here's the two important parts of the script (NOTE: The -silent is case sensitive and undocumented). Let me know if you want the full thing and I will clean it up and export it.
  2. HickBoy

    Prolonged CPU usage monitoring

    Darren is the master of the craft so maybe my poorly written monitor could be something improved upon. I have attached some screenshots and the code below. My monitor is designed to be reviewed on a HUD where I look to see what application is eating up memory for the customer. It's not running on all customers as I only deploy it when I am trying to track down what process is using large amounts of memory and allows me an instant view into multiple computers via a dataview/hud. The monitor does not create any alerts, but rather uses PowerShell to grab the process currently using the most RAM on the system and just spits out the process name and the value in MB. It's not super smart and does not handle things like 14 Chrome processes each using 250 MB per process but rather whatever single process is using the most RAM. There's probably a better way to do this but its worked for me in finding customers where I can cross reference another monitor I use that checks for >80% CPU usage over 20 minutes, etc. Command line for monitor: %windir%\system32\WindowsPowerShell\v1.0\powershell.exe -executionpolicy BYPASS -command "(Get-Process | where {$_.ProcessName -notmatch 'Memory Compression'} | Sort-Object WorkingSet | Select-Object Name,@{n='Value';e={[Math]::Round($_.WS / 1MB,0)}},@{Name='Mem';Expression={'MB'}} -Last 1 | Format-Table -hidetableheaders | Out-String).trim()" Command if you want to just test on any computer in PowerShell: Get-Process | where {$_.ProcessName -notmatch 'Memory Compression'} | Sort-Object WorkingSet | Select-Object Name,@{n='Value';e={[Math]::Round($_.WS / 1MB,0)}},@{Name='Mem';Expression={'MB'}} -Last 1 | Format-Table -hidetableheaders
  3. HickBoy


    Here's an updated version that works with Symantec Endpoint Protection Cloud, which is the version that will soon replace the End-of-Life version called Symantec Endpoint Protection Small Business Edition that shows up in Add/Remove program as "Symantec.Cloud" to confuse just about everyone out there...(Thanks Symantec)... The only difference between this and Gavsto's previous post is the AP Process name has changed in the new version to SCS* I tested this on both a server OS and workstation OS as there's new billing codes for each version now, yet both seem to use the SCS.EXE for running the A/V.
  4. Hopefully this post will revive some life into this idea. For anyone interested, here's my TreeSizePRO script that I use to get disk-space reports for our customers. This script is pretty old so I went and wrote some documentation on how to get it installed and working correctly. I hope it can help anyone out there looking to use TreeSizePro with Automate and possibly give people ideas on how to make it better. The TreeSizeProAutomateScript.7z file attached to this post includes the XML script and PDF instruction guide on how I configured my system. I am sure there's a million better ways to set this up and your welcome to hack away to your hearts content. Some important points before you download: The script requires a licensed copy of TreeSizePro as the FREE version does not support passing command-line parameters. You need an OLD version of TreeSizePro (Pre 6.2) as anything newer has the following limitations: Newer versions will not run on WinXP/Win2003 Newer versions require .NET 4.5 pre-installed Newer versions require the portable version to be run from a USB drive The old version that I use with my script ( 32.bit) does have have any of the above limitations. You will need to contact JAM software (URL in the Documentation) to obtain the legacy version. The script is not Plug and Pray. You need to modify two lines to confirm the location of where you are storing the TreeSize.EXE and TreeSize.INI files. You need to modify the location of where you are storing the 7za.exe file that zips up the reports and prepares them for e-mailing to you. Here's an overview of what the script does: Runs TreeSizePro silently on the users computer. Creates 3 files A %COMPUTERNAME%_FILES.XML that you can load into Excel to see the largest files. A %COMPUTERNAME%_FOLDERS.XLSX that you can load into Excel to see the largest folders. A %COMPUTERNAME%_TREE.XML that you can load into any copy of TreeSizePro to review the computer in detail. Once complete, the three reports are zipped up (using 7-Zip) and e-mailed to the tech who ran the script. Example Largest Files: Example Largest Folders: Example TreeSize.XML report: The Script: Attachment Updated: 7/22/2018 @ 2:00 p.m. PST TreeSizeProAutomateScript.7z
  5. HickBoy

    Service Monitor False Positives

    We have the same issue but not just service monitors. We are also seeing this with SNMP remote monitors. If a power supply fails and is subsequently replaced, the monitors will occasionally get stuck in the failed state. Running the test shows them in a success state just like your example. We've had a ticket open since Nov 2017 on the issue but started seeing it in October 2017. Ticket #9588384 in the LabTech support if you need to refer to a similar issue. We also just got upgraded from 11 to 12 and I have not seen this issue since we have gone to 12. It was very sporadic and hard to get LabTech to see the issue in real-time. The fix was always to delete/re-create the monitor. Hope that helps to let you know your not alone with the issue. NOTE: If it does appear in LT12, I will post back that the issue was not resolved for us. Here's an example of an SNMP Remote Monitor that shows as failed, but is actually healthy:
  6. LoneWolfe, We struggled with the HP/DELL monitoring as well. We broke down and finally did take the SNMP road. We did need to install the foundation packs to open up the OID's but the overall setup is pretty simple for HP/DELLS. Our approach to the issue of monitoring HP/DELL hardware using a combination of remote monitors that look at services and SNMP. If a drive or raid controller fails, we know about it pretty quickly. First, we monitor the HP Management services (such as CqMgHost) to confirm they are running: The second thing we do is monitor the HP hardware via SNMP. We ran a dual setup of CIM and LabTech side by side for 6 months and the SNMP monitors were accurate 100% of the time compared to the modern HP CIM and legacy HP CIM which had been 100% accurate since the 90's We setup the LabTech Monitors as follows and they are attached to a group. We have a simple SNMP setup using default HP OIDS. I would be happy to provide screenshots of each OID if your interested. We got them from another post on this forum. Anything other than a 2 returns an error which flags the device for review. We then keep a HUD online which shows any device that has Alerted. In our world, if there's a problem we don't care that much about what specific drive or part failed. We just care that something did fail and the server needs attention. Most likely we would have to logon and run some diagnostics before a warranty part can be dispatched by the vendor regardless of what the Alert message delivers. At this point and engineer would logon to the server (or ILO) and review the actual error to determine the best course of action. Steve
  7. Tom: 1. Right-Click the scripts and select "find" to search for the script name. NOTE: You can always determine what the name will be by looking at the XML file you downloaded with a program like NotePad++ that allows easy vewing of the XML. 2.Watch the scripting videos for LabTech on YouTube or the ConnectWise University here: https://university.connectwise.com/University/training/videolibrary.aspx If this is your first taste of scripting then this specific script may be a bit much to chew as it includes not only scripting but links to Network devices, modifying EDF's etc. My two cents. Steve
  8. I came across an issue recently where I had 1000 users that required a registry key deployed to their HKCU hive. With LabTech (err... ConnectWise Automate) I was having trouble getting the key deployed to users who were not logged on at the time of the script (think Citrix, VDI, etc.) All of the systems I wanted to access are VDI so they can be turned on/off very easily and this got me to thinking about deploying the the hive via a script that would load/unload user registry hives who are not logged in at the time of the script. After finding this article online (https://community.ivanti.com/docs/DOC-2417), I adapted the script to work with LabTech variables and incorporated it for my engineers. Now we no longer have to fight with GPP to deploy HKCU registry keys as we can drop them right from LabTech. The script will do the following: 1. Loads registry key into currently logged on user. 2. Loads registry key to .Default profile so new users will pick it up. 3. Loads registry key to all users in the C:\Users\* registry hives that are currently not logged in. This is not my work and I am not taking credit for it. I hope it may help others that were in the same boat as I was and maybe someone can take it to the next level and clean it up a bit. Some basic instruction: 1. Modify Line #3 in script with your registry key (uses reg.exe to import) 2. If you wish to add additional registry keys, just copy like #3 with a new variable name (such as @RegistryKey2@) 3. Edit the Batch script located in Line #8 and add your new Variable to sections #1/#2/#3 in the second screenshot. SCRIPT: CODE TO CHANGE IF YOU WANT TO ADD REGISTRY KEYS Enjoy! Deploy HKCU Registry Key to All Users regardless of Logon Status.zip
  9. HickBoy

    SNMP Traps

    JonasA, Do you mind sharing your traps as I am attempting to do the same for a Sophos UTM 9.5. Thanks...
  10. All: I have a Legacy Search setup to find specific machines that are using an old (broken) video driver. I would like to convert this search into an Internal Monitor as the data is stored in LabTech. For the life of me, I am unable to figure out how to convert this into the Internal Monitor. My goal is to have the Internal monitor fire off daily if a new machine appears with the old (broken) video driver and then (if possible) schedule a script (already created) to run at 11:00 p.m. (Compensated time) for the end-user. I tried doing this as a DataView/Advanced Search and using the stock Internal Monitor drop-downs but it appears I could not access the specific tables needed to grab the video driver version. My raw SQL ability is lacking so I am unaware of how to convert this SQL query below into an actual RAWSQL query. I tried following the post http://www.labtechgeek.com/forum/viewtopic.php?f=7&t=293#p21022 without much luck. If anyone has ideas on how to accomplish this, it would be great if you could share as I would love to see what ideas people have. RECAP: 1. Internal Monitor that looks for a specific video driver version. 2. Monitor schedules a script to run after-hours (11:00 p.m. Local Time for the user) Here's a screenshot of my Legacy Search Here's the RAWSQL from the search Select DISTINCT Computers.ComputerID, Clients.Name as `Client Name`, Computers.Name as `Computer Name`, Computers.Domain, Computers.UserName as `Username`, Locations.`Name` as `Locations_Name`, Computers.OS, v_VideoCards.`Manufacturer` as `v_VideoCards_Manufacturer`, v_VideoCards.`DriverVersion` as `v_VideoCards_DriverVersion` From Computers, Clients, Locations , v_VideoCards Where Computers.ClientID = Clients.ClientID and Locations.LocationID = Computers.LocationID and v_VideoCards.ComputerID = Computers.ComputerID and ((Locations.`Name` = 'WIN7DATACENTER1') AND (Computers.OS = 'Microsoft Windows Server 2008 R2 Datacenter x64') AND (v_VideoCards.`Manufacturer` = 'Teradici') AND (v_VideoCards.`DriverVersion` < '')) Thank You!
  11. Thank you. I understand exactly what you mean with both responses. I've looked at Active Setup in the past but never thought about dropping .REG files via LT to a staging location and then deploying from the local machine upon logon. Your second response is similar to what LabTech support suggested as they felt I could create a Remote Monitor that looks for the EVENTLOG entry when a user logs in and run the script for the user that would update the registry keys. P.S. The next time I am driving on my way up to Oregon (I am here in Los Angeles), I owe you a beer at Woody's. Your exceptional assistance on this board has helped me solve numerous obstacles during my day to day with LabTech. I have not posted much, but I sure do use (and appreciate) the scripts/ideas that you have provided. Thank You.
  12. Hello, I offered the following scenario to LabTech support but they stated they don't know of a way to accomplish my goal. I have a client with 250 desktops/users. They requested a program be updated which requires a registry modification to the HKCU\Software\ProgramName registry key. My plan was to create a script to modify the key (No problem there, I have the script ready). My problem is how to get the script to run against all users since they may (or may not) be logged in when I run the script. Because there are so many users (and they work in shifts 24/7) I don’t see any way that I can push out a change to the HKEY_CURRENT_USER registry since I won’t know when the user is logged in/logged out (or) the machines turned on/off (or) if the machine happens to be one of their Citrix servers where it will be on 24/7 but the specific users not able to be seen via the LabTech agent. NOTE: If I try to run the script when the user is not logged in to their normal desktop, the script fails because it cannot find HKEY_CURRENT_USER registry key. I am trying to figure out how to deploy the key to the user via LabTech so that it applies to the user after they turn on their computer and logon. I would have pushed this key out via a domain script, but these users are not all in the same domain, some have computers off-site, laptops that are traveling, etc. I am not worried so much about the Citrix server, rather I really care about the end-user computers running labtech agents. Is there some feature in LabTech that says, “Run this script when (X and Y) happens”? If X and Y are not met then wait and continue waiting until both are met and then fire off the registry key change. X = Users computer is turned on Y = User is logged into the computer
  13. Hi Tim, I am having some issues implementing this and was wondering if a screenshot of your System Dashboard > Config > Configurations > Additional Fields > Network Devices Tab would solve my issue? The issue I am having is that I am unable to perform steps #11 - #16 because the Additional Data Fields (EDF's) are not appearing in my Dashboard. If the Import of the script was supposed to create them, it did not. I closed/opened Control Center but did not see anything added. I can create them manually, but I am unsure of how you configure them based on your post so I would like to see how to set them up. I believe I only need to see the correct fields added to Screenshot #1 below. Below are screenshots of my system (after I imported the script) and as you can see, I don't have any extra EDF's auto created other than the stock ones that come with LT. Please let me know if I missed something or if there's more information I can provide. Screenshot #1 (Dashboard EDF) Screenshot #2 (EDF Tabs) Screenshot #3 (Network Device) Steve