Jump to content

BlueToast

Members
  • Content Count

    32
  • Joined

  • Last visited

Community Reputation

1 Neutral

My Information

  • Agent Count
    10000+

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. I forgot to mention this -- being after the fact -- we have a script that sets a Script State for PowerShell version. They're similar to EDFs.
  2. BlueToast

    Access Denied during File Download

    Is this setup correctly?
  3. BlueToast

    RMM Security Best Practices

    Anyone care to share a robots.txt they are using?
  4. When I try to access the link to the Internal Monitor for Remote Monitor Version Mismatch:
  5. Hello! Is there a way to force reinstallation of Remote Monitors properly? This MySQL query succeeds in removing the Remote Monitors per criteria from the database: DELETE FROM agents WHERE agents.`ComputerID`='44356' AND (agents.`DataOut` LIKE '%VEEAM%' OR agents.`AlertMessage` LIKE 'VEEAM%'); And, the system quickly responds to installing the Remote Monitors again. However, after the system finishes installing the Remote Monitors, the Commands History is spammed with a message: So, perhaps another way to word my question: is there a way to force Remote Monitors on a remote agent to reinstall/reinitialize properly (without having a constant unending SPAM of the above message in Commands History as noted above)?
  6. Has anyone successfully gotten working the ConnectWise Automate Control Center fat client within their RDS environment for users who do not have any local/domain administrative rights? If so, how?
  7. BlueToast

    Sophos Removal Script

    Hello all! I would like to share with you a script I had ceased working on related to Sophos. First and foremost, this script is for... Businesses with dozens if not hundreds or more machines with Sophos Managed Service Providers (MSP) This script is NOT for... Non-business/consumer/home/personal flavors and end-users of Sophos products Other notes: This script a DEVELOPER release, meaning it has not thoroughly passed through testing and may result in system instability or a Windows OS that might not boot Make system backups before running this script. Usage of this script is at YOUR OWN RISK. If your system fails to boot or experiences some issue as a result of this script, restore from backups / fix the problem and post the solution / update the script and post about it This script was developed with the intent to specifically remove Sophos Anti-Virus (SAV) The reason this script was created was because of how incredibly stubborn, resistant, and problematic Sophos business products are for removal through normal and proper means (i.e. removal through Programs and Features). There are cases where following the normal methods of removal are unsuccessful and result in entries from Programs & Features disappearing while leaving remnants if not fully active Sophos installations on systems. When this scenario is encountered and dozens/hundreds of machines are involved it becomes a nightmare for technician labor time (time = $$$) without having any means of automation to aide with removal of Sophos products from client machines (hence the existence of this script). The reason for release of this script is because of the necessity to involve and receive further development on this script from and by the community. In my testing of this script on machines that I do not have physical access to I have found that a little more than 50% do not come back online after running this script and rebooting those machines (I do not know why and would appreciate finding out how to overcome this). For machines that do come back online Sophos is 99-100% gone. In successful removals: (1) in some cases may be a few folders remaining on the system (particularly with some Web Intelligence DLLs and a SAV Temp folder), and (2) WinSock providers may still be present (even if the files no longer exist on the system), this can be verified with the "netsh winsock show catalog" command. Since my focus has been specifically on removal of Sophos Anti-Virus (SAV) I do not expect this script to be 99-100% for other Sophos products, but this script was designed to allow for further development to expand the scope to other Sophos products (and serve as an 'ultimate Sophos removal' script) and improve its reliability in removal. The script is a single batch script file. To run it, it must be run with elevation (right-click > Run as Administrator). 7Z Archive (password: SOPHOS) http://szan.to/cloud/Ultimate_Sophos_Removal_20190111-0845_Development_Password-SOPHOS.7z TXT file (save with .bat extension instead of .txt) http://szan.to/cloud/Ultimate_Sophos_Removal_20190111-0845_Development.txt For courtesy, feel free to scan the script and these URLs with virustotal.com - they are clean
  8. If the .NET Framework version is stored in the MySQL database, is the PowerShell version(s) stored anywhere in the MySQL database? I was looking but could not find any.
  9. Is anyone else observing how occasionally Automate Agents create folders in C:\Windows\system32 that are named after variables (including the surrounding % characters), i.e. "C:\Windows\system32\%windir%", "C:\Windows\system32\%drive%", "C:\Windows\system32\%ltsvcdir%", "C:\Windows\system32\%systemroot%". For the most part these have been harmless, but there was one time last year where a script we wrote that used variables in some commands cause Automate Agents to create these kind of directories which ultimately caused operational issues for Windows OS' (fixing this required us to write a custom PowerShell script to go delete these %folder%'s + then a reboot of machines was required). Trying to delete using a Shell Script Function would result in %variable% being resolved (making it impossible to delete under cmd.exe). If you have been experiencing this, how have you dealt with this? Is there any solution to keep Automate from creating these %folder%'s?
  10. When you exported the script as an XML file to attach here, before you save it, use the "File Type" drop-down to change from XML format to Excel XLS format. The Excel format will be a line-by-line human readable export (note: Excel XLS format cannot be imported).
  11. What does the script "Duong_Restart Labtech Agent*" do? Is there an Excel export of the script that I can review here?
  12. BlueToast

    HP driver update script...

    I wonder if HP is moving to replace SoftPaq Download Manager (SDM) with Image Assistant (IA). Check it out! Software http://ftp.hp.com/pub/caps-softpaq/cmit/HPIA.html Manual https://ftp.hp.com/pub/caps-softpaq/cmit/imagepal/userguide/936944-003.pdf - see pages 22-24 for command-line options An HP technician recently informed us that people are moving away from SDM to use IA. I gave it a test and it's far more simple, straight-forward, better documented, and easier to use than SDM. Additionally, it doesn't involve installing any software - it's portable.
  13. Found solution! 😁 Related error (WindowsUpdate.log) that pops up when issuing a "Resend Patches" inventory command: WARNING: ISusInternal::GetUpdateMetadata2 failed, hr=8007000E Error code: 0x8007000E Article: https://blogs.technet.microsoft.com/configurationmgr/2015/04/15/support-tip-configmgr-2012-update-scan-fails-and-causes-incorrect-compliance-status/ Problem: Memory allocation issue Solution: Move service WUAUSERV into its own SVCHost.exe process by executing "sc config wuauserv type= own" and restarting the WUAUSERV service, then try "Resend Patches" inventory command again.
  14. Hello! I am currently troubleshooting a machine where the Resend Patches inventory command fails. This is the only machine at this location and client experiencing this problem. In my scenario I am able to update the machine manually via Windows Update GUI. What suggestions do you have for troubleshooting? Here is a list of things I have tried: Rebooting the machine Reinstalling the ConnectWise Automate Agent completely from scratch (Agent_Uninstall.exe + manual removal of any remaining registry keys, folders, and files) Checking/resyncing the system clock Resetting Windows Updates to defaults (reg add "HKLM\SOFTWARE\Microsoft\Security Center" /v "NoWindowsUpdate" /t REG_DWORD /d 0 /f & reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\AU" /f & reg delete "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer" /v "HideSCAHealth" /f) Manually installing the latest Windows Update Agent Applied every solution from the older article that was at https://support.microsoft.com/en-us/help/971058/how-do-i-reset-windows-update-components. This includes resetting BITS queue manager, deleting CatRoot2 and SoftwareDistribution, resetting service permissions for BITS and WUAUSERV, reregistering BITS and WUAUSERV DLL files, reset Winsock, reset proxy settings, clear BITS queue, restore Windows Update default settings, update Windows Update Agent. Applied every solution from https://support.microsoft.com/en-us/help/947821/fix-windows-update-errors-by-using-the-dism-or-system-update-readiness. This includes ensuring CheckSUR Packages folder exists, repairing with DISM /Online /Cleanup-image /Restorehlealth, sfc /scannow, wuauclt /resetauthorization /detectnow, repairing with the System Readiness Tool (SRT), running the Windows Update Diagnostics (WUD) scripts. Deleting the folders %drive%, %ltsvcdir%, %systemroot%, and %windir% from C:\Windows\System32, then rebooting the machine Ensuring that the HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Policies\WindowsUpdate\DisableWindowsUpdateAccess registry key doesn't exist (or is set to 0) Changing the ConnectWise Automate Agent port from 42000 to something like 42006 and restarting both ltservice and ltsvcmon Verified that WMI is consistent with 'winmgmt /verifyrepository', and successfully executed basic WMI commands: wmic path win32_physicalmemory get capacity wmic path win32_physicalmedia get serialnumber wmic nic get MACAddress, PNPDeviceID wmic bios wmic os wmic nic wmic cpu wmic memphysical wmic memorychip wmic diskdrive Checked that volume C has sufficient free space (147 GB free) I have analyzed the WindowsUpdate.log and picked up the following error codes: 0x80004004 0x80070003 (The system cannot find the path specified.) 0x8007000E (Not enough storage is available to complete this operation.) 0x800706BA (The RPC server is unavailable.) 0x80072F8F 0x8024000B (WU_E_CALL_CANCELLED) 0x8024001E (WU_E_SERVICE_STOP) 0x80240031 (WU_E_INVALID_FILE) 0x80240033 (WU_E_EULA_UNAVAILABLE)
  15. BlueToast

    Windows Deployment Images w/ Labtech

    If you are using MDT, create an Application in your Deployment Share using the MSI version of the Agent installer and silent/passive installation parameters, and add this as an application install in your Task Sequence. Then all you will need to do as far as maintenance is to keep that MSI install file updated on the server's file system in the applicable Deployment Share.
×