Jump to content
Braingears

Agent Deploy - Generate Installers with Tokens

Recommended Posts

Posted (edited)

Will generate ticket with Windows MSI, Mac, and Linux installers with tokens.
• Enter # of months until the token expires. If left blank, the default is 12 (enter number only)
• Enter alternative LocationID. If left blank, it will default to the Location where the script was executed from. 
• Enter Email address if you want to receive an email with all of the links.
• Additional PowerShell and Mac Terminal Scripts will be included to make deployments easier. 

Due to the latest vulnerability patches, we can no longer download any Automate Installer that is not downloaded with an Authenticated Automate User. With the help of Darren White creating the Token Generator, I've created Automate scripts to easily create the Automate Installers with Tokens and will currently create tokens from 1 month to years.

I've also updated the "Agent Deploy - Create GPO on DC" to create a "CW Automate Agent Deployment" GPO and automatically link it to the root of the domain (optional parameter). 

**Caution** This not a ConnectWise Automate blessed method of creating installer tokens, and the the developers could change the installer methods just like the did with the previous installers at any time. This is also true for the tokens themselves in the `installertokens` table. 

Agent Deploy - Generate Installers with Tokens.xml Agent Deploy - Remove GPO on DC.xml

Agent Deploy - Create GPO on DC.xml

Edited by Braingears
Updated 'Create GPO' due to accidentally applying Mac Token when creating .bat
  • Like 2

Share this post


Link to post
Share on other sites

Nice, this is what I was envisioning to build for us internally, so I appreciate it. Question, is there any upper limit on the installer tokens that you have come across? For example, is 120 months a valid input? I assume no process from CWA rolls through and wipes these tokens out that we have found yet?

Share this post


Link to post
Share on other sites

Although I did not limit the number of months that you could enter, it's my personal recommendation not to exceed 1-2 years. Fortunately every time you use the links provided it will download the most up-to-date agent installer to be used. On the other hand, I have no idea what CW Automate developers plan to do or change in the future. None of us expected the typical generic installers would be locked down, and they might also make changes to the Deployment.aspx or `installertokens` table in the future. The official web portal only creates these tokens for 24 hours and clears out expired tokens in a nightly routine. Time will tell...

 

Share this post


Link to post
Share on other sites

Thanks Chuck, unfortunately, I'm meeting with an error that the Automate Server or token parameters was not entered or was inaccessible

Share this post


Link to post
Share on other sites
Posted (edited)

hmm...Bitdefender is blocking the powershell script that creates the Automate.bat file....not sure how to work around that without putting environments at risk.  It obviously doesn't like system calling powershell (we've had that problem using a batch file with BD to deploy automate).

Kinda makes sense...system running a powershell command to download something from internet.  its exactly what we do not want to be happening..until we do

Edited by Mark Hodges

Share this post


Link to post
Share on other sites

You may have saved me several hours of work. I was getting ready to start working on exactly this same thing, so if you did, thanks in advance! 

Share this post


Link to post
Share on other sites

I must be missing something because every it downloads an installer is says the package cannot be opened. 

 

Logs state:

Automate Installer Exit Code: 1620
Automate Installer Logs: C:\WINDOWS\Temp\Automate_Agent_2020-07-06_10-38-23.log
The Automate MSI failed. Waiting 15 Seconds...
Installer will execute twice (KI 12002617)
Automate Installer Exit Code: 1620
Automate Installer Logs: C:\WINDOWS\Temp\Automate_Agent_2020-07-06_10-38-42.log

 

 

Share this post


Link to post
Share on other sites

It took me a minute, but I figured out what happened. The script generated a .bat file with the mac agent token instead of the windows one, I manually edited the bat file and it's working.

 

So basically once I run this I have to go manually edit the bat file with the right installer token. I can't find where it is generating the bat file yet to fix it. 

I found where to fix the issue I'm running into. On the Create GPO on DC script at line at line 46. I adjusted installer_token to installertoken_msi. Once I did this it began working, it makes sense though since the last intaller_token was the mac token. 

 

Thanks again for doing all the heavy lifting! 

 

::---------------------------------------------------------------------------------
::  Script      : Install ConnectWise Automate Agent
::  Version     : 1.0
::  Written by  : Chuck Fowler
::---------------------------------------------------------------------------------
:: The Token "@InstallerToken@" will Expire on @expirationdateutc@ UTC

%windir%\system32\WindowsPowerShell\v1.0\powershell.exe -Command "Invoke-Expression(New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/Braingears/PowerShell/master/Automate-Module.psm1'); Install-Automate -Server '%redirhostname%' -LocationID @TargetLocationID@ -Token '@InstallerToken_MSI@' -Transcript"

 

Edited by DeWaynePeden
Updated information.

Share this post


Link to post
Share on other sites

The script for deploying the GPO references '@InstallerToken@ when creating the .bat file. Because the last agent generated is the mac agent. So it applies the mac token. When I changed the link at line 46 to create the bat file using @installer_token_MSI@ it pulled the windows token and generated the correct installer. There was no issue downloading an installer, it just downloaded and configured and .msi installer with a mac token so it never worked.

 

I hope that makes sense. 

  • Thanks 1

Share this post


Link to post
Share on other sites

@DeWaynePeden Thanks for the update. I've updated the script. 

Remember to update the GPO's .bat file. You can also 'Remove GPO' then 'Create GPO' to replace it after the script has been updated. 

Edited by Braingears

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...