A bit more of a complex monitor today! This monitor allows for the checking of all the members of any local group (domain groups will also work if done on a DC) and allow you to trigger an alert if accounts are found that shouldn't be there. The biggest usage for this in my experience is detecting for users [...]
This is a simple one for today - useful for having a monitor to check for accounts that should not be there as local users. "%windir%\System32\WindowsPowerShell\v1.0\powershell.exe" -noprofile -command "& {(Get-WmiObject -Class Win32_UserAccount -Filter \"LocalAccount='True'\" | Select -expandproperty name) -join \",\"}" The result is a comma delimited string of local user accounts
This is a great proactive monitor because in most cases anyone who has over 50GB of OST files normally has an Outlook that runs like a snail or constantly crashes "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoProfile -command "& {$ErrorActionPreference = 'SilentlyContinue';$emptyOutput = \"\";$arrayresult=@();$thresholdInGB = \"50\";dir c:\users | foreach -begin {} -process{$size=(dir $_.FullName *.ost -recurse -force -ea silentlycontinue | Measure-Object ‘length’ -sum -Maximum).sum;If (($size/1GB) [...]
This is going to be the first in a number of blog posts that will give ideas/starting points for adding more value to your client monitoring. In this series I will not be focusing on how to create these monitors, more the code that can be used. I cover creating remote monitor creation here if you are not sure how to [...]
Following the release today by the United States Computer Emergency Readiness Team (https://www.us-cert.gov/APTs-Targeting-IT-Service-Provider-Customers), one of the steps they recommend is to use tools to detect intrusions and identify compromised systems and that these tool reports on APT (advanced persistent threat) actors using Sogu (also called PlugX) to compromise MSP systems. NCCIC recommends that network defenders use these tools to help [...]
This is a Remote Monitor that can function in Automate, that will trigger certain keywords that can be detected upon if the profile sizes go above a certain size. I have two monitors here, pick whichever you need depending on your requirements. The first will output all profiles and sizes, the second will only output profiles that are over [...]
This again is a report that a number of people have asked for. Unfortunately, to allow the the filtering of a location at the point of report run would require a full rebuild of the report from scratch. I don't have the time to do that, unless someone wants to pay me for it ;) This is the middle [...]
Following a discussion in the LabTechGeek channel, I was surprised to find that a number of people had systems that were not checking in to the Automate server properly. Some of you may know, but there are two types of check-in done by your remote agents: A normal check-in, done over Port 443, numerous things are sent during this [...]
I started working on this as soon as there was a reasonably easy way to detect vulnerable machines on Windows. It includes: A script that you run against agents, which sets EDFs and highlights numerous things (BIOS/Firmware update, notes, whether certain mitigations are enabled and whether you are secure) A Dataview that you can import to have a good [...]
Two of the questions that we get asked often in the LabTech Geek Slack are usually phrased like this: I am trying to map a drive/delete a desktop icon/edit the registry for a user in a script and it is not working How do I run things on the user desktop? The reason number 1 doesn't work is because [...]
Posting this up as a report I did for someone per a request in the LabTech Geek Slack. It will display a list of all computers that have unclassified software, as well as bringing back a comma delimited list of the software that is unclassified. You can run this against a blank client and it will display every computer, [...]
This search will find every computer that does not have Adobe Acrobat Reader DC, and does not have Foxit, and does not have Sumatra. It is a relatively complicated one, but the following works when you structure it like this:
I thought this one of mine was worth sharing, especially helpful if you need a method of mass generating alerts/tickets/warnings for clients running Office 2007 or earlier. Internal Monitor - SOFTWARE - Office 2007 or Below Installed - Zipped SQL Download Install Instructions: Extract the .SQL file out of the zip download above In the LabTech CC, go to [...]
I see this question raised a lot - and there is a simple way to resolve it. On the agent run the script in Maintenance > Agent > Probe - Remove from an Offline Agent. That's all that is needed!
This report was requested in the LTG forums and I can definitely see the benefit in it. The report will display any hotfix that has a finished date in the last 30 days. The report should not ignore empty agents, meaning that if you have an agent in this report and it is blank it means it hasn't done [...]
The internal monitor referenced in this post can be downloaded here: LT - Offline Servers Custom - Hung Server I've been meaning to do a blog on RAWSQL monitors for a while - so here it is! The initial request is here https://www.labtechgeek.com/topic/4012-internal-monitor-for-over-x-amount-of-failed-logins-in-a-time-period The first request there is attached as a RAWSQL Internal monitor. Extract the .SQL from this and [...]
A task for this morning that I thought I'd share the outcome to! I like having things in roles, it makes detecting them and scripting with them a lot easier. {%@manage-bde -status@%} Protection Status:[ \t]+Protection On
This report was requested on LabTech Geek's Slack. It displays a detailed overview of a computer, with details about the computer's identification, hardware information, latest performance, service history, software summary, overall drive information, network information, and software. I hope you enjoy. Now before you download this, the report is provided free of charge for your use at your own risk. I [...]
This report is a lot less boring than the previous, and great if you have a Datto. To run this report you will need to be using the official Datto plugin that exists so the report can access the data needed. The report includes numerous bits on information and looks great if you're showing clients that you truly are [...]
Now this is a bit of a "boring" report, more of a "compliance ticker" and its usage is limited to the data that is available in LabTech (in the database this is the table h_computers). I mostly used this report to refine my use of parameters to see how easy it was to filter. I give the option as [...]
