Jump to content


  • Content Count

  • Joined

  • Last visited

  • Days Won


Everything posted by MetaMSP

  1. @qcomer pointed out that the Standards and Health plugin no longer has the same schema as when this snippet was obtained; I thus have commented out that section.
  2. Interesting to see the differential against the list from circa 2010... clients computers config contacts locations networkdevices passwords probeconfig userclasses users
  3. Memorializing from CWSupport... -- Users have SuperAdmin SELECT `users`.`UserID`, `users`.`Name`, IF((BIT_OR(`userclasses`.`Permissions`) & (1 << 0) = (1 << 0)), 'True', 'False') AS 'SuperAdmin', COUNT(`userclasses`.`name`) AS 'Class Count' FROM `users` LEFT JOIN `userclasses` ON FIND_IN_SET(`userclasses`.ClassID, `users`.`ClientID`) WHERE `users`.`Name` != 'root' GROUP BY `users`.`UserID`; -- Auditing not set to Everything SELECT `users`.`Name` FROM `users` WHERE `AuditLevel` != 5 AND `users`.`Name` != 'root'; -- Audit Users by User Class Membership SELECT users.
  4. SELECT mastergroups.fullname AS GroupName, groupagents.name AS MonitorName, alerttemplate.name AS AlertTemplateName FROM groupagents LEFT JOIN alerttemplate ON groupagents.alertaction = alerttemplate.alertactionid LEFT JOIN mastergroups ON groupagents.groupid = mastergroups.groupid WHERE alerttemplate.name NOT LIKE '%Do Nothing%' UNION SELECT 'Global Internal Monitor' AS GroupName, agents.name AS MonitorName, alerttemplate.name AS AlertTemplateName FROM agents LEFT JOIN
  5. Another point of clarification from the Great @MartynKeigher: Scripts life-cycle is.... scheduledscripts >> pendingscripts >> runningscripts >> h_scripts & h_script One-off scripts are still put in the scheduler. even if it is scheduled for 'now'\'run once'. We (CW) do NOT write directly into pending scripts. some plugins DO do that.. but that's [not recommended].
  6. Memorializing from our Lord and Savior @MartynKeigher: martynkeigher Sep 21st at 21:21 iirc... 0 - Not Started 1 - In Progress 2 - Succeeded 4 - Succeeded with Errors 5 - Failed 6 - Aborted
  7. Here's a little routine that will create a random password, store that password with a username (specified in script global @username@) and a timestamped title in a client's passwords, then uses that set of credentials to create a local administrator account on a Windows device. It's meant to be repetitively scheduled on devices that you want to enforce the existence of the local administrator account upon. Each time the script runs, it checks the age of the stored credentials and, if over the number of days specified in script global @ClientPwMaxAgeInDays@, rolls the password specified in the
  8. Couldn't get this to proc until I changed 'AS' to 'USING'... any thoughts?
  9. Got this little snippet at one time from CWSupport, maybe want to run this periodically to clean things up /*Patching Cleanups*/ /*Eliminate extra policy approvals from system if the policy is gone*/ DELETE FROM `patchapprovalsettings` WHERE ApprovalPolicyID NOT IN (SELECT ApprovalPolicyID FROM `patchgroupapprovalpolicies`); /*Clean out Hotfix Table if the computer no longer exist*/ DELETE FROM `hotfix` WHERE computerid NOT IN (SELECT computerid FROM computers); /*S&H patch numbers that do not match the agents Issue: If a missing patch is superseeded before S&H can see it ha
  10. Another one from the Slack files, this one courtesy of @MartynKeigher Appends a '*' to the name of all searches being used by a group to join agents or network devices: UPDATE sensorchecks SET `name` = LEFT(`name`,LENGTH(`name`)-1) WHERE `Name` LIKE '%*'; UPDATE sensorchecks SET `name` = CONCAT(`sensorchecks`.`name`, '*') WHERE sensid IN (SELECT autojoinscript FROM mastergroups) AND `name` NOT LIKE '%*'; UPDATE sensorchecks SET `name` = CONCAT(`sensorchecks`.`name`, '*') WHERE sensid IN (SELECT networkjoin FROM mastergroups) AND `name` NOT LIKE '%*'; UPDATE sensorchecks SET `name` =
  11. https://docs.connectwise.com/ConnectWise_Automate/ConnectWise_Automate_Supportability_Statements/How_to_Identify_and_Remove_Nonfunctional_Agents SELECT DISTINCT FilteredComputers.ComputerId, ( (FilteredComputers.`Name` = '') + (FilteredComputers.`OS` = '') + (FilteredComputers.`Version` = '') + (FilteredComputers.`BiosName` = '') + (FilteredComputers.`USB` = '') + (FilteredComputers.`Tape` = '') + (FilteredComputers.`Sound` = '') + (FilteredComputers.`SCSI` = '') + (FilteredComputers.`Memory` = '') + (FilteredComputers.`Video` = '') + (Fi
  12. If anyone is having issues scheduling scripts or using the Script Scheduler (search keywords...) via the Web Control Center in 2020.7, 2020.8, or 2020.9: UPDATE lt_scripts SET Permission='0,' , EditPermission='0,' WHERE Permission = ''
  13. Try this, and remember YMMV - if in doubt, contact CW Support: Log in to the ConnectWise Automate® Server Open Labtech Database (SQLyog or MariaDB) as the root user Navigate to and click the Config table Navigate to TableData tab In the Maintenance Column, change the entry to Not Set Click the Save icon and close Labtech Database Launch RegEdit on the Server Browse to: HKLM\SOFTWARE\LabTech\Agent Locate the 'MaintenanceDate' entry/key Edit the data/value - clear it out so the MaintenanceDate value is just blank/empty Start the S
  14. Here's @MartynKeigher's contribution! (Get-WmiObject -Class Win32_UserAccount -Namespace "root\cimv2" -Filter "LocalAccount='$True'"|?{ $_.Caption -notmatch 'HomeGroup|ASPNET|VMWare' } | Select @{Name = "Name"; Expression = {$localAdmins = Get-WmiObject -Class win32_groupuser |?{ $_.GroupComponent -match 'administrators' } |%{ [wmi]$_.PartComponent };if($_.Name -in $localAdmins.Name){$_.Name.ToUpper()}else{$_.Name}}}).Name -join ', ' -replace ',([^,]+)$',' and$1.'
  15. While Base64'ing the above, @Gavsto hit me with this cleaner version! $Ignore = @("Domain Admins","Enterprise Admins","LocalAdminName") $Group = "Administrators" $Result = @(); $Group = [ADSI]"WinNT://$env:COMPUTERNAME/$Group,group"; $Members = @($Group.psbase.Invoke("Members")) $Members | foreach-object { $Result += $_.GetType().InvokeMember("Name", 'GetProperty', $null, $_, $null)} $FinalResult = $Result | Where-Object {$Ignore -notcontains $_} If ($FinalResult) {Write-Output (($FinalResult) -join ",")} else {Write-Output "No Accounts Found"} Which one-lines down to: $Ignore=@("Do
  16. So I borrowed the operative parts of this from https://4sysops.com/archives/create-a-list-of-local-administrators-with-powershell/ $ComputerName = $env:ComputerName $LocalGroupName = "Administrators" $computerCSVResults="" try { $group = [ADSI]"WinNT://$ComputerName/$LocalGroupName" $members = @($group.Invoke("Members")) if(!$members) { $computerCSVResults += $computerCSVResults + "$ComputerName,$LocalGroupName,NoMembersFound" + [environment]::NewLine continue } } catch { $computerCSVResults += $computerCSVResults + "$ComputerName,,FailedToQuery,
  17. For later reference, here's another approach, modified from https://www.pdq.com/blog/modifying-the-registry-users-powershell/ $RegKey = 'Software\Microsoft\Office\16.0\Common\Identity' $RegValue ='EnableADAL' $PatternSID = 'S-1-5-21-\d+-\d+\-\d+\-\d+$' ##################################################################### $ProfileList = gp 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\*' | Where-Object {$_.PSChildName -match $PatternSID} | Select @{name="SID";expression={$_.PSChildName}}, @{name="UserHive";expression={"$($_.ProfileImagePath)\ntuser.dat"}
  18. It seems to be that deploying something to all HKEY_USERS is something that there is a lot of hubbub about but nothing directly lift-and-shiftable into Automate, except for DarrenWhite99's glorious REG-MULTI batch (!!), which can be found at https://www.mspgeek.com/topic/3528-how-would-i-run-a-script-once-user-logs-into-a-computer/?tab=comments#comment-21905 -- There has to be a better way to do this through something modern, like PowerShell, right? Nope. See sentence 1 - everything Google has found for me has been lacking, so here we go... The inherent challenge is this: Automate A
  19. Hosted suffers from the same gotchas that any shared infrastructure does - unless your environment is perfectly configured, it can end up being severely underpowered for the load upon it... and ConnectWise likes to charge for upsells. Access to the LTShare is hindered due to intermittently available WebDAV access that also needs to have a password reset every 30 days, as the password expires after 30 and no option to change that - however, as scripts tend to now be wrappers for github- or other cloud-hosted payloads, this has less of an effect than it once did. Going hosted also ties you to Co
  20. MetaMSP


    Portscan make benefit glorious nation of Kazakhstan?
  • Create New...