Jump to content
[[Template core/front/profile/profileHeader is throwing an error. This theme may be out of date. Run the support tool in the AdminCP to restore the default theme.]]

Community Reputation

0 Neutral

My Information

  • Agent Count
    1500+

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Thanks @BrendenCleppe! I made a small modification which will pull the recovery keys for ALL drives on the system and append to the EDF. I have tested it lightly in my system but use at your own discretion. The change I made was disabling line 26 and adding the following PS script to Line 27: $BitlockerVolumers = Get-BitLockerVolume $BitlockerVolumers | ForEach-Object { $MountPoint = $_.MountPoint manage-bde -protectors -get $MountPoint } Get Bitlocker Status of Device_v2.xml
  2. I'm planning to go a different route since I've heard mixed things about Dell | Command. I haven't build the script but I was planning to build a repository of the Dell BIOS updates and then name them according to the model. You can then script it as a variable where the script looks up the Dell model number then insert that into the URL to download. The BIOS updates do allow running from command line and have a silent no reboot switch which means the BIOS will update on next reboot. Like I said this is theoretical as we've backed off a bit while Intel and Dell get their problems solved... the fact that they recalled a recent batch of BIOS updates does not fill me with confidence.
  3. Here you go. You may want to remove or adjust step 5 if you aren't using an EDF to determine if this value is set. That said, we are actually backing off the accelerator on this. With the recent findings that released BIOS updates caused issues we have only been doing OS updates. 2018-01 - Set Registry to Allow Update.xml Obviously use at your own peril and run your own testing.
  4. Has anybody had a think about the best way to handle BIOS patching via Labtech? 99% of our client machines are Dell... is there any interface with Dell Command or similar to help get those patched?
  5. Here's my "confirm" script. I don't trust scripted validation so I'm running this after I run updates on the servers in question and rebooting. It logs the powershell output showing the status of the fix. Once manually confirmed, I have a final script I told my team to run that checks the system as "fully patched" which removes it from the "to be patched" group.
  6. I just did a simple search with Computer.OS.IsServer and then add a search for the EDF check box status and you can then export that to Excel.
  7. Nice work. This is very similar to what I was doing. However I don't know how to best script the PowerShell "check" to ensure that everything went properly. Since the instructions call for installing and then running a PS module, I'm not sure how to script that. I tried each line separately but that is failing because it starts a new session each time. Is there a way to run multiple powershell commands in one step so they exist in a single session? Documentation on the LT site is not that clear: https://gallery.technet.microsoft.com/scriptcenter/Speculation-Control-e36f0050#content EDIT: Scratch that looks like I can format it as a powershell script.
  8. That's a great idea... I hadn't thought of that.
  9. Thanks - let me know what you find and I'll do the same. I'm still trying to figure out a good way to get the registry setting out other than just doing a search for all online machines and pushing the script. I wish there was like a "one time execution group" where devices could be added and filter out once the script was run. Maybe there is and I just can't find it?
  10. What method are you using to mass deploy the reg setting? I got it to work but I'm not sure of the best way to run the script against all machines but only one time and when they are online?
  11. That has been my issue too... I find the force patching never really works well but granted we have some old scripts that were from the old patching system.
  12. Ugh this is going to be a royal pain in the ass. Right now I'm working on a script to manually set the reg key for our Webroot clients (since Webroot has cleared their current version) and testing.
  13. Right so CWA will just push it to the device as an available update but then it won't install. -Phil
  14. In my review of Webroot's documentation, they are saying that they are currently compatible but won't have an update until next week that flips the registry switch. They are saying to force switch it since they are already compatible. However, do we know if force approving the updates in LabTech Patch Manager will respect this reg key? It seems like the reg key just reveals the update in Windows Update... I don't know if LT is smart enough to know it is needed and apply it anyways or if I need to build a script to set the reg key? More info from WR: https://community.webroot.com/t5/Announcements/Microsoft-Patch-Release-Wednesday-January-3-2018/td-p/310146
  15. I wanted to start a thread about this since I haven't seen one pop up yet to have a discussion about the best ways to handle this vulnerably via LabTech's built in patching system. The list of KBs to resolve from what I can see: https://www.catalog.update.microsoft.com/Search.aspx?q=2018-01 security It should be noted in this article that the fix is NOT enabled by default on servers and further registry changes are needed. I'm presuming we can do this via script but I'm curious about thoughts on best practices to implement that in LT. I don't have much other than that at this point... love to get other input on how we can most effectively and efficiently handle this in LabTech.
×
×
  • Create New...