Jump to content


  • Content Count

  • Joined

  • Last visited

  • Days Won


KKerezman last won the day on January 27

KKerezman had the most liked content!

Community Reputation

10 Good

My Information

  • Location
    Hillsboro OR USA
  • Agent Count
    2000 - 3000 Agents


Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Thanks to the OP for this script! I made a couple of changes but the core of it was what I needed to get started. I'm filtering out results where the "IDProcess" result is '0' (the Idle processes) and dropping the thread ID data. I also run the PS command as system instead of As Admin, since that fails in a lot of cases. My current full working PS command: Get-WMIObject -cl Win32_PerfFormattedData_PerfProc_Thread | ? {$_.Name -notlike '*_Total*' -and $_.idprocess -notlike '0' } | Sort-Object PercentProcessorTime -desc | select -first 20 | ft -auto Name,IDProcess,PercentProcessorTime I don't use OutFile either, just capturing the PS result natively and emailing the report via this text in the message body: <pre> %powershellresult% </pre> That way Outlook formats the table output in readable fashion.
  2. Ah, goody. It's so nice when we onboard a client and tell them to look for our branded icon and instead it's the green gear. Quality workmanship there, CW team.
  3. Nobody's ever accused any of us in our organization of being too classy, but I'll look into this nonetheless... 😅
  4. Ian, I'm totally sending my boss your way the next time he gripes about the desktop client closing down after he leaves it running 24/7. 😄
  5. (Apologies for the necroposting.) I'm glad I'm not alone in the frustration with trying to script shell commands on Mac agents. I'm getting a lot of "OK" or even weirder results. For instance, I'm trying to run a 'date' command (I need to populate a variable with "today's" date in a particular string format so I can then parse a log file looking for that string match) and yes, 'date' takes variables in %X format which Automate needs escaped by doubling up the % signs, great, fine. So why does the Shell step of "date '+%%m/%%d/%%y'" give me a %shellresult% of "%m/%d/%y"? Argh. I can run the command (minus the extra % signs) in Terminal on a Mac endpoint and get the expected/desired outcome. I'm not asking for anything terribly complicated. I'm starting to feel like CW just kind of stopped all Mac-related development shortly after buying LabTech and I should not bother trying.
  6. Yikes... I don't think ticket comments in Automate have any awareness of the idea of internal notes on the Manage side, I'm afraid. I'd be glad to be proved wrong though.
  7. Hello, @KyotoUK, hopefully what we've done may be of some use. Here's the rough breakdown of the script we use. (And we're using an EDF to track if we have or haven't added/updated the admin account.) Shell 'net user [username]', IF %shellresult% contains [username] then jump to part of script where we just use a batch file to update the password. IF %shellresult% doesn't, we need to create a new account. New account - Use the 'add user' script step, then a shell command for 'net localgroup Administrators [username] /add', and to make the password not expire we run a 'WMIC USERACCOUNT WHERE (Name='[username]' and Domain='%computername%') SET PasswordExpires=FALSE', set the tracking EDF to 1, then exit the script. Update password instead - Download batch file which basically just runs 'net user' to set the password. We use that WMIC command again just to reinforce the 'no expire' part. Then delete the batch file and set the tracking EDF to 1. Why the batch file? Because a 'net user' command and its results show up in the Commands list on a given machine, so folks who have access to Commands logs but shouldn't know the special password will get to see it. (Oh yes, use ECHO OFF in that batch file.) The EDF is just a toggle to say "yes, the special admin account has been taken care of." Then you can use its 0 or 1 status to do a search that populates a group. That group can be set to run the add-or-update-admin-user script every couple of hours. Once the script runs, the EDF/search will take care of removing the endpoint from the group.
  8. Chiming in real quick to say: We ended up abandoning the Sharepoint ISO hosting after one too many "file, what file?" situations. Since we're paying for a Wasabi storage account, we made a bucket with a public read-only ISO in it instead, that seems to be working much, much better. Also the Win10 mount trick @SteveYates described is working a treat. Nice one!
  9. I'm glad I found this post. I just finished fiddling with my copy of Drive Details to create Drive History - 90 Days, with less fiddly data I don't want (why is there output for the drive letter when the header for each section is the drive letter?) and a nice wide expanded graph per drive for better visibility, plus actual sorting the drives in letter order (the original Drive Details was listing our fileserver's drives in order D, C, F, then E). I will never enjoy bashing around in DevExpress but hey, whatever gets the job done.
  10. Jay, I can totally do that. You just need to prep a data field under Computers called something like "Windows 10 Version" (put it into whatever folder you like) and then schedule a periodic run of a data collection script. Our script is a bit brute force, really: Powershell command '(Get-ItemProperty -Path ‘HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion’).CurrentBuild' and a series of IF checks (if powershellresult not = 10240 THEN jump to Not1507, set Windows 10 Version EDF to 1507) and so forth. Twice a year we have to expand the script to accommodate the new release ID number. You'll need the list of what "currentbuild" strings correspond to which release ID, that's available on Wikipedia and such. Steve, that's pretty slick. I'd forgotten about Win10's ability to mount ISOs without 3rd party utils. I'll have to look into bringing some of that into our updater system.
  11. I was today years old when I learned there's a REST API inside each ImageManager install. Sweet! Now, why ShadowControl is claiming our 7.5.6 installs are "current" when clearly there've been a couple of significant releases in the meantime is anyone's guess...
  12. Chiming in on this because I just dealt with trying a non-working method to do this and followed up with an actually-working (so far) method. At first I tried setting up an Event Log Remote Monitor for the group in question (long story short, I want to update Bitlocker status with a script after reboots so I know if people have used the "suspend" command incorrectly pre-reboot), but while the monitor applied to each machine it refused to do anything. The solution? Copied one of the built-in "EV - " Internal Monitors, specifically the BlackListed Events - Symantec Endpoint Protection one, and replaced its Additional Condition with: eventlogs.`Source` = 'EventLog' and eventlogs.eventid=6009 And set it to Once Per Day mode, hourly checks. (I don't need the script to run more than once a day on any given machine, really.) I also had to add an Event Blacklist (Dashboard -> Config -> Configurations -> Event Blacklist) entry for ID 6009, source EventLog, Log Name of System, Event Type of Information, with Message and Category left as % wildcards. With that, and Enabling this new Internal Monitor in my Bitlocker specific Group set to fire off the Alert Template that runs my detection script, I seem to be in business. Make of all this what you will! Maybe there's a slightly more efficient way? I'm all ears.
  13. I had a nice hour-long (or so) talk with Mister Goodwin, the OP, a few days ago. If you want to chew the fat at some point I'm game!
  14. I was a 12-year veteran of Kaseya when we pulled the trigger on the Automate migration. Now that I'm about 10 months in, I have Thoughts. (Most of them good, some very annoyed, I suppose.) I can probably carve out some time to talk about how it went, what we like, what we miss, etc.
  • Create New...