Jump to content

LabTechRob

Members
  • Content Count

    88
  • Joined

  • Last visited

  • Days Won

    2

LabTechRob last won the day on April 28

LabTechRob had the most liked content!

Community Reputation

5 Neutral

My Information

  • Agent Count
    Less than 100

Converted

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. I can't show you how to use the server (big topic, there!) but I can better explain how to stage a file for installation. In this example, I'm going to install WinRar. Step 1: Get the software. Goto their website and download the build file (winrar-x64-56b5.exe). Because my environment also has 32 bit computers, I also get the 32 bit installer (wrar56b5.exe.) Step 2: Stage the software. On the LabTech server, I open c:\Transfer\Software. I create a WinRAR folder and copy the two files (above) into that folder. My build files are now ready for distribution to my users. Step 3: Create the installation script. Here is an installation template that holds the minimum actions you'll need to get the job done - file download and the install command: The only thing left here is to alter the initial IF statement so you're not installing RAR on machines that already have WinRAR. For this, I suggest using the IF 'Registry Check' comparison.
  2. LabTechRob

    Windows Deployment Images w/ Labtech

    Keegan is right - don't image with the agent installed. Instead, make sure the agent installer is on the image and use the RunOnce key to install the agent with command line params. Write the installation so that it works fully unattended. Job done!
  3. LabTechRob

    Default Admin + Hide It

    Released! As promised, we now offer the option to hide the Admin name from logon selection:
  4. LabTechRob

    LabTech Geek Month 2 (ish) Digest

    Hi Vandeal, Our documentation can be found here with the Ransomware Monitor explained in detail on page 29. To save you the click, here's the overview: This isn't a tool from Foolish IT, it is a policy wholly built and maintained by Third Wall. When you enable the policy, Third Wall will write four ‘A Third Wall…’ files to each user’s ‘My Documents’ folder. We then put a watcher on all four files, watching for any changes to those files. The idea is to catch ransomware encrypting files. If any one of those four files are changed, your assigned ‘Detection Action’ will immediately run and you will receive an alert. ‘Detection Action’ is one or more of these options that will run if the Ransomware Monitor sees a change to one of those files: Disable VSS, Isolate (removes network connectivity to everything, except for your LabTech server and your Screen Connect server), AV-Scan. You can also select 'Shutdown' or 'Ticket Only'. Let me know if you've any other questions here, I'm happy to help.
  5. LabTechRob

    Record logins on a server

    Made a mistake in my last post. If you add a simple internal monitor to a Third Wall installation, you can be alerted when a user signs into a computer. You have to create it yourself, it doesn’t come with the plugin but if you have any questions on how to do it, I’m happy to show you how.
  6. Suggestion: Don't try to copy the file from a server share, stage the .msi file on your LabTech server at %lltshare%\transfer and download it from there. That will make the File Download work flawlessly and you won't get hung up with credentials. Once it is on the target computer, use 'Shell' to install it. %windir%\system32\msiexec.exe FTW. https://www.advancedinstaller.com/user-guide/msiexec.html This will install the application as the Local System Account. I like to use the /L switch and 'File Upload' the logs. That way, if there's an issue, you can easily see the installation logs.
  7. LabTechRob

    Record logins on a server

    Third Wall (plugin) won’t ticket on logon but it will monitor and record all logon/logoff events which are viewable via report or through a dataview.
  8. LabTechRob

    Default Admin + Hide It

    The trailing $ still hides it from dos lookups but I was wrong to offer this as a solution to the above; it doesn't work against hiding the account from the logon menu. The registry key to do this is: REG ADD "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\SpecialAccounts\UserList" /v Administrator /t REG_DWORD /d 0 (requires reboot) We're adding this to Third Wall, will be available with our next release.
  9. LabTechRob

    Uninstall software in bulk

    There are several ways to get this done, here are a few suggestions. If you can avoid it, don't hardcode your path to the uninstaller but get the path from the registry. Not all titles will let you do this but the better software houses will stamp an 'Uninstall Path' to itself in the registry. Lookup that registry key, set the return as a variable, then run that variable in context with your installer. 'Variable Set' will allow you to do this. If that isn't an option then you will want to use LabTech script's line filter. (don't take these command lines literally!) Third option, uninstall by guid. Again, different titles have different rules but you may get away with: %windir%\system32\msiexec.exe /x {A3AEEA68-AC93-4F6F-8D2D-78BBF7E422B8} /silent /noreboot Best advice I can give you here: make sure your uninstall string works thru the CMD Prompt before writing it to your script! If it works in CMD Prompt, it will work in a script, 1:1.
  10. LabTechRob

    Create Search based off of SQL query

    Check the tables on your LabTech server. You should see a table named 'sensorchecks'. Here's an example of the insert we do for the Third Wall plugin to make our custom tables work with native searches. Select DISTINCT Computers.ComputerID, Clients.Name As `Client Name`, Computers.Name As ComputerName, Computers.Domain, Computers.UserName, plugin_tw_locationvalues.twnEnableLogonReports As `plugin_tw_locationvalues_twnEnableLogonReports`, plugin_tw_computervalues.twtDoNotEnableLogonReports As `plugin_tw_computervalues_twtDoNotEnableLogonReports`, Computers.OS FROM Clients INNER JOIN Computers ON Computers.ClientID = Clients.ClientID LEFT JOIN plugin_tw_locationvalues ON plugin_tw_locationvalues.LocationID = Computers.LocationID LEFT JOIN plugin_tw_computervalues ON plugin_tw_computervalues.ComputerID = Computers.ComputerID WHERE (IFNULL(plugin_tw_locationvalues.twnEnableLogonReports, 0) <> '0') AND (IFNULL(plugin_tw_computervalues.twtDoNotEnableLogonReports, 0) <> 1) AND (Computers.OS LIKE 'Microsoft%') AND (Computers.OS NOT LIKE '%XP%') AND (Computers.OS NOT LIKE '%VISTA%')
  11. LabTechRob

    Create a Task Schedule entry with Automate

    Perhaps a pure DOS application of the task will work better? I've little experience with powershell I'm afraid but I can tell you this runs just fine by the LSA and for me thru LabTech: schtasks.exe /Create /RU system /NP /RL HIGHEST /SC ONEVENT /MO "*[System[Provider[@Name='Windows-ApplicationModel-Store-SDK'] and EventID=4]]" /EC "Microsoft-Windows-Store/Operational" /TN "TW - Block Windows Store" /TR "powershell.exe -Command Stop-Process -ProcessName WinStore.App -Force" /f That command creates a scheduled task which actives a kill command when the Windows Store is run and I think it can be made to suit your purpose as well.
  12. Couple things here. First, the obligatory plugin pitch. Install Third Wall and use the UI from the location screen. Second, you may want to consider adding %Logon Type:3%' to your monitor along with types 2, 7 and 10. This will reveal any network services which are trying to logon to your machines. I've seen environments where an old and forgotten service was running overtime with outdated credentials to the domain machines and no one knew there were literally thousands of failures a day.
  13. LabTechRob

    BitLocker Encryption Status

    We're using this line to check for disk encryption: %windir%\system32\manage-bde.exe %systemdrive% -status And then read the 'Percentage Encrypted' line, expecting 100%. Is querying the 'protectors' a better method?
  14. LabTechRob

    EV - Failed Logins* - making it usable?

    Have to recommend adding LogonType 3 to your monitor. 2, 5 & 10 are right too, of course but as this page shows (http://techgenix.com/logon-types/), LogonType 3 will also show Network logon attempts. This will expose that service or printer setup five years ago, was never updated, but continues to try to sign onto your remotes.
  15. LabTechRob

    Is custom tabs still an option?

    It sure is. When you create a 'tab' on the computer screen, it will be displayed as a tile in the 'Plugins' group, when running LT12. So all SDK instructions are still right, even though LT is using tiles instead of tabs now. But you already have the ability to run a browser on your screen which is actually being generated by the remote. Open a computer screen and right-click the upside-down 'U' on the bottom left. (Just right of the 'Begin' button and the Screen Connect icon.) From the context menu, select 'Proxies' -> 'HTTP Proxy'. This will launch a browser which will proxy all network requests from your designated remote.
×