Jump to content

nicecube

Members
  • Content Count

    18
  • Joined

  • Last visited

Community Reputation

0 Neutral

My Information

  • Agent Count
    4000 - 6000 Agents

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Hello, I am a little worried about this vulnerability Zerologon Vulnerability (CVE-2020-1472) , someone made a script / monitor to patch this ? Microsoft have made a patch to activate an additional security function but have to do a manual intervention to secure the Netlogon Remote Protocol (also called MS-NRPC). From what I could read it is necessary to monitor the events ID 5827 / 5828 / 5829 / 5830 / 5831 If I apply the enforcement mode, I must monitor the events ID 5829 for deny access and make a list of computers that can no longer connect. https://support.microsoft.com/fr-ca/help/4557222/how-to-manage-the-changes-in-netlogon-secure-channel-connections-assoc EDIT: From what I understand, here are the steps to follow to secure the environment. Step 1: Install the August 11 patch on all domain controller (Monitor to check if the KB was install and push the update or use the patch manager ?) Step 2: Enable the new Group Policy (Domain controller: Allow vulnerable Netlogon secure channel connections) on the domain Controller OU " < Only needs to be done if you have a system(s) that are identified by the 5829 Event and cannot be remediated Step 3: Monitor the event ID to see what device is not compliant (5827 / 5828 / 5829 / 5830 / 5831) (Export to CSV or run a report ll check) Step 4: Once all the warnings events was verify / fix apply the reg key to allow only Secure RPC connexion February 9, 2021 , Microsoft ll push the enforcement mode and make it default Sry for my english this is not my primary language
  2. You can use SQL Get DataSet funtion with SQL Fetch DataSet Row you can look in the Automate forum for example Check my example, you have to define a variable @cnt@ = 1
  3. The script is working great ty @DarrenWhite99
    Amazing ty @DarrenWhite99 for this script help me to deploy a lots of automate agent !
  4. Ty @DarrenWhite99 for this amazing script, i edited the bachfile to deal with multiple location, i ll try to automate the bath file with automate! ::--------------------------------------------------------------------------------- :: Script : Install ConnectWise Automate Agent :: Version : 0.1 :: Written by : Chuck Fowler ::--------------------------------------------------------------------------------- :: Token will Expire on 8/19/2021 2:41:40 AM UTC @ECHO OFF ipconfig | find /i "10.101.1." > NUL IF %ERRORLEVEL% == 0 GOTO DataCenter ipconfig | find /i "192.168.1." > NUL IF %ERRORLEVEL% == 0 GOTO ST-Jerome ipconfig | find /i "192.168.2." > NUL IF %ERRORLEVEL% == 0 GOTO Terrebonne ipconfig | find /i "192.168.5." > NUL IF %ERRORLEVEL% == 0 GOTO ST-Hippolyte ipconfig | find /i "192.168.7." > NUL IF %ERRORLEVEL% == 0 GOTO Bois-Leger-Concept ipconfig | find /i "192.168.8." > NUL IF %ERRORLEVEL% == 0 GOTO RollandGodard ECHO Ip adres conflict GOTO END :DataCenter %windir%\system32\WindowsPowerShell\v1.0\powershell.exe -Command "Invoke-Expression(New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/CUSTUM_LOCATION_JUST_TO_BE_SAFE/master/Automate-Module.psm1'); Install-Automate -Server 'SECRET.AUTOMATE.SERVER' -LocationID 470 -Token 'HIDDEN' -Transcript" GOTO END :ST-Jerome %windir%\system32\WindowsPowerShell\v1.0\powershell.exe -Command "Invoke-Expression(New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/CUSTUM_LOCATION_JUST_TO_BE_SAFE/master/Automate-Module.psm1'); Install-Automate -Server 'SECRET.AUTOMATE.SERVER' -LocationID 22 -Token 'HIDDEN' -Transcript" GOTO END :Terrebonne %windir%\system32\WindowsPowerShell\v1.0\powershell.exe -Command "Invoke-Expression(New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/CUSTUM_LOCATION_JUST_TO_BE_SAFE/master/Automate-Module.psm1'); Install-Automate -Server 'SECRET.AUTOMATE.SERVER' -LocationID 112 -Token 'HIDDEN' -Transcript" GOTO END :ST-Hippolyte %windir%\system32\WindowsPowerShell\v1.0\powershell.exe -Command "Invoke-Expression(New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/CUSTUM_LOCATION_JUST_TO_BE_SAFE/master/Automate-Module.psm1'); Install-Automate -Server 'SECRET.AUTOMATE.SERVER' -LocationID 116 -Token 'HIDDEN' -Transcript" GOTO END :Bois-Leger-Concept %windir%\system32\WindowsPowerShell\v1.0\powershell.exe -Command "Invoke-Expression(New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/CUSTUM_LOCATION_JUST_TO_BE_SAFE/master/Automate-Module.psm1'); Install-Automate -Server 'SECRET.AUTOMATE.SERVER' -LocationID 114 -Token 'HIDDEN' -Transcript" GOTO END :RollandGodard %windir%\system32\WindowsPowerShell\v1.0\powershell.exe -Command "Invoke-Expression(New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/CUSTUM_LOCATION_JUST_TO_BE_SAFE/master/Automate-Module.psm1'); Install-Automate -Server 'SECRET.AUTOMATE.SERVER' -LocationID 113 -Token 'HIDDEN' -Transcript" GOTO END :END
  5. Thank you for this contribution, I will test this for my next deployment.
  6. Im using this method to monitor admin group on Domain Controller, this script run every 5 minute. I have a monitor set on my Automate to check for Event ID 20 $CurrentAdminsHash = Get-FileHash -Path '@monitor_folder@\@monitor_file@' | Select-Object -expandProperty Hash $Date = Get-Date $newAdmins = '@monitor_folder@\@monitor_new@' $Change = '' Get-ADGroupMember -Identity '@AdminGroup@' | Select-Object -ExpandProperty samaccountname | Export-Clixml -Path $newAdmins -Force $NewAdminsHash = Get-FileHash -Path $newAdmins | Select-Object -expandProperty Hash If ($NewAdminsHash -ne $CurrentAdminsHash){ $Change = 'Yes' $ChangesDetected = 'Domain Admins Group changed detected on: ' + $date $ChangesDetected | Out-File -FilePath '@monitor_folder@\@monitor_change@' -Append -Force } else { $Change = 'No' $NoChangesDetected = 'No Changes detected on: ' + $Date $NoChangesdetected | Out-File -FilePath '@monitor_folder@\@monitor_no_change@' -Append -Force Write-EventLog -log HelpOX -source AdMonitor -EntryType Information -eventID 10 -Message "Aucun Changements dans le groupe @AdminGroup@" } If ($Change -eq 'Yes') { $change = Compare-Object (get-content C:\HelpOX\Monitors\AdminGroup\CurrentDomainAdmins.xml) -DifferenceObject (get-content C:\HelpOX\Monitors\AdminGroup\NewAdmins.xml) | foreach {$_.InputObject} $change = $change -replace "<S>", '' $change = $change -replace "</S>", '' $MyEventInfo = @{ LogName='HelpOX'; Source='AdMonitor'; EventID='20'; EntryType='Information'; Message="ATTENTION Changement dans le groupe Domain Admins, utilisateur(s) suivant a ete modifier: $change" } Write-EventLog @MyEventInfo Get-ADGroupMember -Identity "Domain Admins" | Select-Object -ExpandProperty samaccountname | Export-Clixml -Path 'C:\HelpOX\Monitors\AdminGroup\CurrentDomainAdmins.xml' }
  7. You can create a powershell script that runs with scheduled windows tasks. If the file is in problem the script create an alert in the event viewer. Then you can create a monitor who checks the custum alert you have created and provide personalized action. The script and the scheduled task can be deployed by a labtech script
  8. Hello, I have made a script to send a notification to users to tell them that there will be Windows updates to advise them to save their work and leave their computers open. I would like to recover in the database the day of maintenance. Can someone tell me in which table I could find this information, or if there is a simpler way, I could make an extra data field but I would prefer that all be automatic. sorry for my english it's not my main language So far i foud this SELECT NextInstallWindowServerTime FROM computerpatchingstats WHERE ComputerId = %computerid% $sql_complete_date = "@sql_complete_date@" $sql_date = $sql_complete_date -replace ".*=" -replace " .*" $sql_date_day = (get-date $sql_date).DayOfWeek echo $sql_date_day
  9. Hi, don't know if you still need this scrip but i made one. Printer setup + Config.xml
  10. You can do a Shell Encanced: Command: %userprofile% Variable List: Profile Now you have the user profile path in a variable %Profile%
×
×
  • Create New...