Jump to content

Struggles

Members
  • Content Count

    5
  • Joined

  • Last visited

Community Reputation

0 Neutral

My Information

  • Location
    Mississippi
  • Agent Count
    < 500 Agents
  1. So I discovered "Script String Functions" and in there it has an operation to encrypt global and parameters with variable lengths. Still not sure how to pass it to a remote PC encrypted, and decrypt it on the local machine without the plain text being logged anywhere. I have figured out that if I encrypt it with X length, I can store that value as it's own variable in another script, and use 'decrypt' with the same length and get the first decrypted variable. I'm still not sure where that decryption happens though and would love to know if anyone has done more research on this.
  2. We are looking to crack down on security and trying to create a secure way to pass encrypted info from our LabTech server, through Automate, to the Agent, and execute on the host PC. I know PowerShell has a way to accomplish this, but I am having problems with the Private Key being private. I've considered a few ways to make it reasonably secure, however I still have to pass the decryption method through the chain and that gets logged in plain text. Is there a method to pass encrypted data through Automate and have it encrypted at both ends, like some sort of VPN tunnel between Automate and Agent?
  3. $AppList = @( "*king.com*" ) foreach ($app in $AppList) { $GetApp = Get-AppxPackage -Name $app -AllUsers if ($GetApp -ne $null) { Write-Host "Trying to remove $app" Get-AppxPackage -Name $app -AllUsers | Remove-AppxPackage Get-AppXProvisionedPackage -Online | where DisplayName -EQ $app | Remove-AppxProvisionedPackage -Online start-sleep 20 }Else{ Write-Host "$app not found" } $GetApp if ($GetApp -eq $null) { Write-Host "$app removed sucessfully." }Else{ Write-Host "$app removal failed" } } Above is a very simple script I wrote that lets you list apps you don't want (in this case Farm Hero and Candy Crush) that come preinstalled with Windows. Thing is, it works fine in PowerShell as Admin but it will not work in Automate or backstage. I've got several other scripts running correctly, but something about this one fails. I even tried using Super User execution permissions and still nothing. I'm planning on doing a work around using a temp-Task Scheduler thing, but I want this to work 'cause I cant get the logs that way. Any suggestions?
  4. So I did this, but it still returns 'no primary DC' sense the first statement comes back with more than one domain controller. SELECT COUNT(a.ComputerId) FROM computerroledefinitions as a join computers as b on a.ComputerId = b.ComputerID join roledefinitions as c on a.RoleDefinitionId = c.RoleDefinitionIdwhere c.RoleName = "AD Domain Naming Master" AND b.ClientID = %clientid% LIMIT 1; I guess I don't fully understand how this statement works. To me it looks like it singles out a client container from the computers location, then searches for a role definition of "AD Domain Naming Master" in that client ID container, then returns the number it finds; finally if that number is not 1, it comes back with "Primary DC Not Found or Multiple Found. Ending Script". This role is unique to our primary DC's and it still fails unless there is only 1 DC in a site container with the workstation. I think this is a pre-check as the next section actually selects it, and uses that Limit 1. SELECT DISTINCT REPLACE(domain,'DC:','') FROM computers WHERE domain LIKE 'DC:%' AND clientid = @clientid@ LIMIT 1 EDIT: Solved this one . . . turns out we had a Lab DC setup on the network in a test container. Works!
  5. So, I have a really cool and useful script I found posted here and it works fantastically for a majority of sites. Unfortunately it doesn't yet work at all sites because at some places there is more than one domain controller. At those sites, only one of the multi-DC's has the AD Domain Naming Master role, but also only one has the NTDS role - so I am confused as to why the script cannot correctly identity this and select just 1 DC from 2 or 3 when c.RoleName = "AD Domain Naming Master" Is there an easier way to single out systems based on roles installed? OG post for more info
×
×
  • Create New...