Hello everyone, all though some of you may already know for those that don't I am going to be at the IT Nation Explore (Previously Automation Nation) event in Florida. I'll be getting there Wednesday evening and leaving Sunday evening. Please feel free to seek me out and I hope to meet as many people as I can (look [...]
For a good while now I have been relatively cynical of the "100% Compliant" statistic that I see on certain servers in the Patch Manager and I have been considering how best to approach finding problems with patching that were not otherwise being highlighted. I designed this report to follow an important Automate mantra; trust, but verify. This report [...]
This concept really helps when you want to get multiple, individual items outside of a Powershell script and into multiple Automate scripting variables without messing about running a script multiple times to get different outputs. Step 1 In the scripting engine add a script step that does an Execute Script > Powershell. Add the following script in Script to [...]
A bit more of a complex monitor today! This monitor allows for the checking of all the members of any local group (domain groups will also work if done on a DC) and allow you to trigger an alert if accounts are found that shouldn't be there. The biggest usage for this in my experience is detecting for users [...]
This is a simple one for today - useful for having a monitor to check for accounts that should not be there as local users. "%windir%\System32\WindowsPowerShell\v1.0\powershell.exe" -noprofile -command "& {(Get-WmiObject -Class Win32_UserAccount -Filter \"LocalAccount='True'\" | Select -expandproperty name) -join \",\"}" The result is a comma delimited string of local user accounts
Never miss an update - subscribe below! See how we handle your data at our privacy and GDPR policy - hint, we will never send your name or e-mail address to third parties and we will only use it to send you updates on the site or content put on it.
The idea for this monitor was triggered by a problem someone posted about in the LabTechGeek Slack. This monitor will find any modifications that have been made to a standard windows host file, and return them. The test should be setup to do a condition contains "Standard host file" minus the ". "%windir%\System32\WindowsPowerShell\v1.0\powershell.exe" -noprofile -command "& {$Pattern = '^(?<IP>\d{1,3}(\.\d{1,3}){3})\s+(?<Host>.+)$';$File [...]
This is a great proactive monitor because in most cases anyone who has over 50GB of OST files normally has an Outlook that runs like a snail or constantly crashes "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -command "& {$ErrorActionPreference = 'SilentlyContinue';$emptyOutput = \"\";$arrayresult=@();$thresholdInGB = \"50\";dir c:\users | foreach -begin {} -process{$size=(dir $_.FullName *.ost -recurse -force -ea silentlycontinue | Measure-Object ‘length’ -sum -Maximum).sum;If (($size/1GB) [...]
This is going to be the first in a number of blog posts that will give ideas/starting points for adding more value to your client monitoring. In this series I will not be focusing on how to create these monitors, more the code that can be used. I cover creating remote monitor creation here if you are not sure how to [...]
Following the release today by the United States Computer Emergency Readiness Team (https://www.us-cert.gov/APTs-Targeting-IT-Service-Provider-Customers), one of the steps they recommend is to use tools to detect intrusions and identify compromised systems and that these tool reports on APT (advanced persistent threat) actors using Sogu (also called PlugX) to compromise MSP systems. NCCIC recommends that network defenders use these tools to help [...]
Hello everyone! It's been a few months since I released a free report, and figured this one may go down well. This report will export all populated EDFs, including checkboxes and dropdowns and format all the data for you in a, hopefully, easy to consume report. Perfect if you are storing things like Bitlocker encryption keys, Local Admin passwords [...]
This is a Remote Monitor that can function in Automate, that will trigger certain keywords that can be detected upon if the profile sizes go above a certain size. I have two monitors here, pick whichever you need depending on your requirements. The first will output all profiles and sizes, the second will only output profiles that are over [...]
This again is a report that a number of people have asked for. Unfortunately, to allow the the filtering of a location at the point of report run would require a full rebuild of the report from scratch. I don't have the time to do that, unless someone wants to pay me for it ;) This is the middle [...]
Following a discussion in the LabTechGeek channel, I was surprised to find that a number of people had systems that were not checking in to the Automate server properly. Some of you may know, but there are two types of check-in done by your remote agents: A normal check-in, done over Port 443, numerous things are sent during this [...]
By far the biggest trap that people fall into when they start leveraging the capabilities of Automate scripting, commands and all other sorts of goodies, is they choose to run those features as Admin. There are a significant amount of functions that allow you to run as Admin. Most people try these functions and they don't work as they [...]
This is one that I have been asked for for a while. I have designed the Compliant Assets section to look similar to the original At-Risk Assets design. This has been tested in Automate 11 and 12. You can download it here: Antivirus Health including Compliant Devices It looks like this, I hope you find it useful:
I started working on this as soon as there was a reasonably easy way to detect vulnerable machines on Windows. It includes: A script that you run against agents, which sets EDFs and highlights numerous things (BIOS/Firmware update, notes, whether certain mitigations are enabled and whether you are secure) A Dataview that you can import to have a good [...]
Two of the questions that we get asked often in the LabTech Geek Slack are usually phrased like this: I am trying to map a drive/delete a desktop icon/edit the registry for a user in a script and it is not working How do I run things on the user desktop? The reason number 1 doesn't work is because [...]
Posting this up as a report I did for someone per a request in the LabTech Geek Slack. It will display a list of all computers that have unclassified software, as well as bringing back a comma delimited list of the software that is unclassified. You can run this against a blank client and it will display every computer, [...]
Though Automate/LabTech has built-in tests for website latency and simple ping up/down checks, there is nothing in place for monitoring latency/response time on a network. This can be achieved by doing the following: Right click the agent you want to install the monitor on, Monitors > Add New Monitor Choose Yes to create using the Wizard Choose Monitor the results of an Executable [...]
