Security Monitoring with Powershell – Ensuring Windows Firewall Integrity

2019-12-02T14:03:57+00:00December 2nd, 2019|

Though you can get products that replace or enhance the built-in firewall on Windows machines, there are still signficant amounts of agents that rely on the Windows Firewall as the last line of defense between the outside world and one of your workstations. Getting the state of the firewalls is not as easy as you would think as it's [...]

Important – urgent ConnectWise Control update needed by 30th October

2019-10-24T14:57:43+01:00October 24th, 2019|

Hello everyone! ConnectWise put out an important notice today that has the potential to affect your ability to remote control machines if not sorted. Their announcement as below: "Connectwise discovered an issue that will impact all versions prior to the latest version in the 19.0 release. Be aware that there is no minimum Automate Version or CWC Automate Plugin version [...]

New Report – Active Directory User Health Report

2019-08-20T22:58:12+01:00August 20th, 2019|

I am happy to bring to you a report I have been working on for a long time. This report (heavily customisable with the included instructions) helps you take ownership of all thing Active Directory by providing information on Active Directory settings, Enabled Users, Disabled Users, Newly Created Users, Domain Admin membership and Group Membership. All that you need [...]

How to enable enhanced debugging for the Report Center

2019-12-10T18:32:58+00:00July 1st, 2019|

I get asked this a lot so figured it was worth putting in to a post! Open the Dashboard, System > Configuration > Dashboard Go to the Config tab Go to the Configuration tab Go to the Properties tab Sort the properties by name, and see if one exists called plugin_reportcenter_loglevel If it does exist, make sure its value is set to 6 If it does not [...]

Free Report – Get a second opinion on your patching

2019-12-10T18:33:52+00:00April 3rd, 2019|

For a good while now I have been relatively cynical of the "100% Compliant" statistic that I see on certain servers in the Patch Manager and I have been considering how best to approach finding problems with patching that were not otherwise being highlighted. I designed this report to follow an important Automate mantra; trust, but verify. This report [...]

Scripting – Easily convert multiple Powershell variables into Automate Script Variables

2019-12-10T18:33:46+00:00February 20th, 2019|

This concept really helps when you want to get multiple, individual items outside of a Powershell script and into multiple Automate scripting variables without messing about running a script multiple times to get different outputs. Step 1 In the scripting engine add a script step that does an Execute Script > Powershell. Add the following script in Script to [...]

Remote Monitor Series: Security! Finding members of local groups that shouldn’t be there (like Remote Desktop Users)

2018-12-08T00:15:45+00:00December 8th, 2018|

A bit more of a complex monitor today! This monitor allows for the checking of all the members of any local group (domain groups will also work if done on a DC) and allow you to trigger an alert if accounts are found that shouldn't be there. The biggest usage for this in my experience is detecting for users [...]

Remote Monitor Series: Finding machines that have over 50GB OST files for Outlook

2018-11-08T22:17:15+00:00November 8th, 2018|

This is a great proactive monitor because in most cases anyone who has over 50GB of OST files normally has an Outlook that runs like a snail or constantly crashes [crayon-5df4a4d2e9706044245860/] Remote Monitor Tips For a Powershell remote monitor, any " that is used inside the Powershell needs to be escaped with a backslash \ A Powershell remote monitor [...]

Remote Monitor Series: Finding machines where Bitlocker is not protecting drives

2018-11-08T21:01:45+00:00November 8th, 2018|

This is going to be the first in a number of blog posts that will give ideas/starting points for adding more value to your client monitoring. In this series I will not be focusing on how to create these monitors, more the code that can be used. I cover creating remote monitor creation here if you are not sure how to [...]

SOGU File Searcher – ConnectWise Automate Script

2018-10-03T23:23:46+01:00October 3rd, 2018|

Following the release today by the United States Computer Emergency Readiness Team (https://www.us-cert.gov/APTs-Targeting-IT-Service-Provider-Customers), one of the steps they recommend is to use tools to detect intrusions and identify compromised systems and that these tool reports on APT (advanced persistent threat) actors using Sogu (also called PlugX) to compromise MSP systems. NCCIC recommends that network defenders use these tools to help [...]

Remote Monitor – Trigger an alert when a profile goes above a certain size, including setup tips for Remote Monitors!

2018-07-03T10:02:00+01:00July 3rd, 2018|

This is a Remote Monitor that can function in Automate, that will trigger certain keywords that can be detected upon if the profile sizes go above a certain size. I have two monitors here, pick whichever you need depending on your requirements. The first will output all profiles and sizes, the second will only output profiles that are over [...]

Patch Compliance Report Grouped by Location

2018-06-29T00:08:19+01:00June 29th, 2018|

This again is a report that a number of people have asked for. Unfortunately, to allow the the filtering of a location at the point of report run would require a full rebuild of the report from scratch. I don't have the time to do that, unless someone wants to pay me for it ;) This is the middle [...]

Agent response slow? Tired of waiting to interact with agents? Offline Server alerts flaky? Your heartbeat may be broken!

2018-07-27T16:19:03+01:00May 10th, 2018|

Following a discussion in the LabTechGeek channel, I was surprised to find that a number of people had systems that were not checking in to the Automate server properly. Some of you may know, but there are two types of check-in done by your remote agents: A normal check-in, done over Port 443, numerous things are sent during this [...]

Spectre/Meltdown Vulnerability Detection – Free Detection Solution

2018-11-06T02:48:45+00:00January 16th, 2018|

I started working on this as soon as there was a reasonably easy way to detect vulnerable machines on Windows. It includes: A script that you run against agents, which sets EDFs and highlights numerous things (BIOS/Firmware update, notes, whether certain mitigations are enabled and whether you are secure) A Dataview that you can import to have a good [...]

Running programs/scripts as a logged in user in a LabTech/Automate Script

2018-11-06T02:41:36+00:00January 16th, 2018|

Two of the questions that we get asked often in the LabTech Geek Slack are usually phrased like this: I am trying to map a drive/delete a desktop icon/edit the registry for a user in a script and it is not working How do I run things on the user desktop? The reason number 1 doesn't work is because [...]

Internal Monitor – RAWSQL – Machine’s running Office 2007 (V12) or Earlier

2017-11-10T22:14:58+00:00November 10th, 2017|

I thought this one of mine was worth sharing, especially helpful if you need a method of mass generating alerts/tickets/warnings for clients running Office 2007 or earlier. Internal Monitor - SOFTWARE - Office 2007 or Below Installed - Zipped SQL Download Install Instructions: Extract the .SQL file out of the zip download above In the LabTech CC, go to [...]

Remove a Probe from an Offline Agent

2017-10-13T10:53:40+01:00October 13th, 2017|

I see this question raised a lot - and there is a simple way to resolve it. On the agent run the script in Maintenance > Agent > Probe - Remove from an Offline Agent. That's all that is needed!

Load More Posts