Jump to content

DarrenWhite99

Administrator
  • Content Count

    1002
  • Joined

  • Last visited

  • Days Won

    98

DarrenWhite99 last won the day on December 15

DarrenWhite99 had the most liked content!

Community Reputation

249 Excellent

My Information

  • Location
    Redding, California, US
  • Agent Count
    2000 - 3000 Agents

Converted

  • OCCUPATION
    Senior Systems Engineer

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. DarrenWhite99

    Ticket Update Function Not Working

    Use the @TicketCreationCategory@ variable.- Setting this with Variable Set: Constant to integer value X causes all tickets created within the script to be of Ticket Category ID X. This will avoid the need to create a ticket and immediately update to set the category. My suspicion is that if you added a small delay (script sleep 5 seconds) between the create and the update steps, it may work. But if you are only updating to fix the category, just use the variable above to set it correctly in the first place.
  2. We use Citrix reciever on endpoints with Automate with no issues. Check what remote commands are being sent to the agents at the time of the drops to see if it is something Automate is doing. Beyond that you would just have to roll up sleeves and monitor event logs, etc. to find out what is happening.
  3. DarrenWhite99

    Reload System Cache and Retiring agents issues

    Support is probably best equipped to sort this, but what version/patch are you running?
  4. Version 1.0.0

    0 downloads

    This Internal Monitor allows you to schedule a script after the next restart of an agent. There is no official way to indicate this, so it works by looking for scripts with a distinct schedule. When you want a script to execute after a restart, simply schedule it to run 2 years from now. This monitor will report any scripts that are found waiting, and when the agent has restarted (and is online), any waiting scripts will be rescheduled to start immediately. No helper scripts or alert templates are needed with this solution. Because of the way the monitor works, even if the agent is in maintenance mode the script will still be scheduled right away after a restart. (If your script is not a "maintenance mode" type script it will still wait to start) Thanks to @CTaylor for his original implementation at http://labtechconsulting.com/schedule-labtech-script-to-run-after-reboot/ which used a monitor+script solution.
  5. Posted Version 3 at https://www.labtechgeek.com/files/file/39-sticky-tickets-keeps-tickets-active-until-they-are-corrected/
  6. Version 3.0

    1 download

    This is the "Internal Monitor For Automatic Resets on Ticket Status" (IMFARTS) The tickets themselves aren't sticky, this is a solution for designating specific monitors so that if the ticket is closed without the monitor healing, the alert will be reset and a new ticket will be created. This is specifically for the scenario that exists for Internal Monitors that are configured to "Send Fail After Success". These monitors are useful because they do not continuously generate tickets or ticket comments. But issues can be lost if the ticket is closed without the monitor actually healing. If a monitor alert must be ignored, the agent should be excluded from the monitor instead of just closing the ticket. I am not saying that this should apply to every monitor (sometimes you may accept just closing the ticket). But if you have a monitor that you want to insure is not ignored, this monitor this can help. The monitor works by searching for open alerts and tickets that have been generated by the all monitors. Any alerts found where the ticket has been closed but the alert is still active will be returned as a result. You do not want to alert (create a ticket or other action) on the result of this monitor. The results are only there to show you what alerts are currently not being watched because there is an active alert with no active ticket. Based on this, you can decide which monitors you want to enforce. For monitors that you have chosen to enforce, if they are found to have no active ticket the previous alert will be cleared, allowing the monitor to generate a new alert (and ticket) the next time that monitor is processed. This monitor determines which monitors are being watched by a keyword in the other monitor's definition. To enforce a monitor (so that it's tickets will be re-opened), you need to include the string "ENABLEIMFARTS" in the Additional Condition field. A simple way to do this is to add " AND 'ENABLEIMFARTS'<>'IGNORED' " to the Additional Condition field. This will always evaluate to TRUE, so it will not change the existing monitor's logic. You could also use computers.name NOT LIKE 'ENABLEIMFARTS', etc.. As long as the string is in the Additional Conditions, the monitor will be watched. It can easily be incorporated for regular or RAWSQL monitors. An example: A Drive Monitor is reporting that under 2GB of free space exists for the "C" drive on AgentX. A ticket is created, and the monitor is configured for "Send Fail After Success". A technician accidentally closes the ticket. This Monitor detects that there is an active alert for AgentX on the "C" drive, but all tickets from that alert have been closed. If the string 'ENABLEIMFARTS' is found in that monitor, the current alert for AgentX "C" drive will be cleared. When the Drive Monitor processes next and it still finds that AgentX has an issue with "C", because there are now no active alerts this is treated as a new alert and a new ticket will be created. To use: Import the attached SQL. I have prepared it to be safe for import using SQLYog or Control Center, and if you had added it previously it will safely update your current monitor. Revision History: 2017-09-09 20:00:00 - Version 1 Posted. 2017-10-18 06:00:00 - Version 2. Adds support for ignored alerts (so it ignores that the ticket may be closed) and greatly improves the matches by catching alert tickets with customized alert subjects. 2018-12-11 03:00:00 - Version 3! Indicates when it resets status in the Alert History for any monitor it is acting on.
  7. Make sure you have the monitor type set to State Based.
  8. I've seen it, I've never investigated or done any special cleanup. To avoid variable replacement, you need to use the command line and escape the characters. ^ is the command line escape character. Place it in front of the " characters that would normally surround a filename. Place it in front of the % characters to break up the variable name. So: "C:\Windows\%windir%" would be ^"C:\Windows\^%windir^%^" Here is an example showing how you can pass a variable without it being replaced (by Automate or by CMD.EXE) C:\temp>type testit.bat @echo off REM Just echo the first 4 parameters to show how they were passed. Echo Param1="%~1" and Param2="%~2" and Param3="%~3" and Param4="%~4" C:\temp>testit.bat one 2 thr33 4our & REM Showing 4 paramters Param1="one" and Param2="2" and Param3="thr33" and Param4="4our" C:\temp>testit.bat del %ProgramFiles(x86)%\%windir% & REM Showing how replacements are performed and paths with spaces are broken up Param1="del" and Param2="C:\Program" and Param3="Files" and Param4="(x86)\C:\WINDOWS" C:\temp>testit.bat del "%ProgramFiles(x86)%\%windir%" & REM Showing how quotes pass the path with spaces as a single parameter. Param1="del" and Param2="C:\Program Files (x86)\C:\WINDOWS" and Param3="" and Param4="" C:\temp>testit.bat del ^"%ProgramFiles(x86)%\^%windir^%^" & REM Showing how quotes and ^ can be used to block replacement for %windir% but allow other replacements and quotes still effectively contain the file path to one parameter. Param1="del" and Param2="C:\Program Files (x86)\%windir%" and Param3="" and Param4="" The last example is the one showing the desired result. If I had called only "del" instead of my batch file, it would have removed the file properly.
  9. DarrenWhite99

    Bitlocker Enabled

    Role Detection is performed during the System Info inventory. It's process is logged only in LTErrors.txt, but only if you increase the debugging level. If you increase it to maximum it can overwrite and rotate within seconds so it can be challenging to get what you want from it. You might try grabbing the command from the role definition and running it yourself to see what it is outputting, and see if you can discover why it is not being detected in your case.
  10. DarrenWhite99

    Maintenance Mode and Internal Monitors

    This seems strange because we use maintenance mode all the time to suppress offline alerts, etc. I say this not to dispute what you are seeing, but so that anyone else reading this doesn't come to the conclusion that they need to modify their monitors to make maintenance mode work properly. If maintenance mode isn't working, there must be something else wrong since that's literally it's entire reason for existing. 😁 Monitors that are tripped DURING maintenance should not trigger an alert. (Also, ALWAYS use the script function to set maintenance mode, don't use SQL. Maintenance Mode design has changed over time, the script function will do the right thing, custom SQL may not.) The earlier issue mentioned about Event Log monitors and Maintenance Mode is different because event logs generated during maintenance might be uploaded an hour later, and then checked by a monitor several hours later (if the monitor only runs every 4 or 12 hours, etc.). By that time maintenance mode has often been cleared, and the fact that the event logs were generated during that window isn't something the monitors are capable of knowing.
  11. DarrenWhite99

    Bitlocker Enabled

    One thing that comes to my mind is that the way the role works, it is looking for volumes where protection is active. If you have bypassed Bitlocker for 1 or more reboots (manage-bde -protectors -disable C:) then the role will NOT report that BitLocker is enabled even though it is present and the volume is fully encrypted.
  12. DarrenWhite99

    Bitlocker Enabled

    Great work always!
  13. DarrenWhite99

    "Illegal characters in path" err in LTcErrors.txt?

    I believe the FileShare service is the new service that scans the LTShare contents to calculate checksums for, reasons... I would check for any files with these characters: !%{}(),@#$& I think I recall someone saying that parenthesis caused them problems when trying to upload a file (which triggers the same service). If this is the case, I believe it is a known issue that should be fixed in an upcoming patch.
  14. DarrenWhite99

    GPO for LT agent install

    I have never had a problem with the execution being visible. I schedule the task to run as SYSTEM, "when the user is logged in" (SYSTEM is always logged in), with highest privileges, and I don't enable desktop interaction. That way no desktop user needs to be logged in and no credentials are needed.
  15. No, there is no cost and no good reason not to enable them. There are certain features/functions that expect a probe in each location. I definitely recommend enabling them.
×