DarrenWhite99
-
Posts
1302 -
Joined
-
Last visited
-
Days Won
250
Content Type
Forums
Store
Downloads
Events
File Comments posted by DarrenWhite99
-
-
On 6/3/2022 at 7:08 AM, nkalapodis said:
I had to make a few changes to this monitor for the current version of CWA 2022.5 (Patch 5)
1: The Additional Condition statement, you need to replace the 1 in (MAX(computerid),1) so if your Automate Server's Agent ID is 1234 you would put (MAX(computerid),1234)
That is already called out in the instructions. It automatically uses your Automate server id if you have an agent on your server. if you don't have an agent on your server you need to change 1 to whatever computerid you want to alert against.
On 6/3/2022 at 7:08 AM, nkalapodis said:I had to make a few changes to this monitor for the current version of CWA 2022.5 (Patch 5)
2: Default the monitor user 90 free licenses as the default trigger and doesn't care what you put in the Result field for number of free licenses. In my testing I put 87 but the alert always said 90.
That is happening because of this query in the Identify Field (SELECT 10*CEILING((MAX(DynamicClients)-COUNT(*))/10) FROM computers JOIN config) It always selects 90. so I updated it to (SELECT CEILING((MAX(DynamicClients)-(5450))) FROM computers JOIN config)
That 5450 is our total count of agents (5500) minus the number of licenses I want it to alert against, so I want it to alert when we get to less than 50 do 5500-50 = 5450.
Now my ticket shows the proper data.I do not recommend this modification. Changing as described above will result in a new alert generating every time the license count changes by 1. So it would alert when you have 87 licenses, and then again when you have 86, and again when you have 85, etc.. The formula was used to make the value always change in a increment of 10 so that it is less sensitive. The alert doesn't report EXACTLY how many licenses you have, it reports that you are BELOW a number of licenses. So if you alert when you have 87 free, you have LESS THAN 90, so 90 is reported. Anything from 81-90 would report LESS THAN 90, and then when you hit 80 or less it changes to LESS THAN 80, etc. Going from 87 to 0 free licenses would generate 10 alerts in total, vs. generating nearly 90 alerts if modified as you suggested.
-
My first impulse: Build and View runs as your user account, while the monitors run as root internally. Since this monitor is directly manipulating (deleting) from the computerroledefinitions table, users may not be able to do that. As such, build and view may fail (this is expected) while the monitor may run as scheduled (as root) without issue.
And.. I just tested mine and I can use Build and View without issue. This is the output that mine shows. (Note that my AgentID value is expected to be different than yours)
I would still lean towards permissions being the issue. Is the monitor disabling itself because it won't run? If it is running normally then while not being able to use Build and View is annoying you aren't missing out of the function of the monitor.
-
On 8/20/2020 at 7:59 AM, nicecube said:Ty @DarrenWhite99 for this amazing script, i edited the batchfile to deal with multiple location, I'll try to automate the batch file with automate!
@ECHO OFF ::--------------------------------------------------------------------------------- :: Script : Install ConnectWise Automate Agent :: Version : 0.1 :: Written by : Chuck Fowler ::--------------------------------------------------------------------------------- :: Token will Expire on 8/19/2021 2:41:40 AM UTC ipconfig | find /i "10.101.1." > NUL && GOTO DataCenter ipconfig | find /i "192.168.1." > NUL && GOTO ST-Jerome ipconfig | find /i "192.168.2." > NUL && GOTO Terrebonne ipconfig | findstr /i /r /c:"Gateway .* 192\.168\.5\." > NUL && GOTO ST-Hippolyte ipconfig | findstr /i /r /c:"Gateway .* 192\.168\.7\." > NUL && GOTO Bois-Leger-Concept ipconfig | findstr /i /r /c:"Gateway .* 192\.168\.8\." > NUL && GOTO RollandGodard ECHO IP address unrecognized GOTO ENDGlad it helped @nicecube! I owe the entirety of that script to @Braingears though.
I did tweak it a bit, for some possible improvements. You can use the "COMMAND1 && COMMAND2" syntax and COMMAND2 will only execute if COMMAND1 ended successfully. So FIND.exe can be used with && to directly jump instead of testing ERRORLEVEL. Also, findstr.exe can use limited regular expressions, so you can do a more complex match like specifying the Default Gateway you are targeting, not just a matching IP. (Typically to match that without typing the entire line you would see something like: ipconfig | find /i "Gateway" | find /i "192.168.5." > NUL )
-
1
-
-
The script is for Automate. If you don’t have Automate, you won’t be able to use it. Heres a link to a comment explaining how to install it.
https://www.mspgeek.com/files/file/31-remove-continuum-agent-software/?do=findComment&comment=53 -
On 5/13/2020 at 8:05 AM, Dominic B said:
Hi @DarrenWhite99,
I am a bit confused about what number I should put in the Result field. Should it be set to the number of max licences we are allowed according to our plan ? Or is it the number of remaining licences I want to be warned at ?
The monitor automatically sets the threshold for you. But result is the level of free licenses you want to be warned at.
You need to make sure the alert template is valid. If you want a ticket, use a template that generates a ticket. To send email, use a template that sends an email. Etc.
-
Did you review this comment?
-
Just import the script, open it, and copy out the powershell.
I mean, honestly... “I don’t like the way this is bundled. Bundle it differently so that I don’t have to take 4 minutes of my time to do the same steps I’m asking to be done.”
¯\_(ツ)_/¯
-
1
-
-
This monitor is not sniffing the network or “detecting” devices. It works by comparing AD information (gathered by the AD plugin) to see which Windows machines on the domain have been recently active and comparing this to Automate agents. It is designed to only notify you regarding Domain joined Windows systems, where you actually could install an agent. There is no point in alerting that a new Access Point or Printer is “missing an agent”. It cannot return anything that isn’t joined to the domain. If you are getting alerts like that they must be coming from somewhere else.
-
7 hours ago, TallonD said:
I am having trouble importing the monitor. The SQL import works fine, it prompts to add 2 items to the database. Looking through SQL history it shows that it went through the import process, but I still don't have the monitor listed after multiple cache reloads, and even a server restart. Any ideas?
Perhaps it was added previously and renamed. Try running:
SELECT * FROM Agents WHERE GUID='81fe7c64-2592-4a08-9461-38cf2ad5ba59';
That will return the row (showing the name) for the Internal Monitor that it should have added or updated.
-
2 hours ago, droth1187 said:Trying to figure this out myself and not sure what field to change. Can you please clarify what needs to be adjusted? I just want to increase it so if it emails 3 times than it clears itself. Thank you. So far, the script has been running fine otherwise.
Change nothing in the monitor. The function is entirely controlled by the Extra Data Field where you put your address in.
Per the Script Notes:
Multiple email addresses are supported and must be separated by ";". Email addresses will be removed once the recovery notification has been sent as follows: Email addresses ending with "!" will have one "!" character removed each time the agent recovers. This can be used to preserve the notification for multiple offline/online cycles. Email addresses ending with "*" will not be removed, so the agent status will be tracked indefinitely. Email addresses without a trailing "!" or "*" will be removed after a single notification.
So, to email yourself three times, you would enter your email address as "email@domain.com!!".
The first time it emails, it will update the address to be "email@domain.com!".
The second time it emails, it will update the address to be "email@domain.com".
The third time it emails, it will remove the address "email@domain.com".This can be done independently with multiple addresses on a single agent, so you could enter:
"email1time@domain.com;email2extratimes@domain.com!!;emailcontinously@domain.com*"
It will loop over each address to send the recovery email and then will remove the address (if no ! or * found), trim off one "!" (if you used !), or leave the address as is (if you used *). -
Great screenshots @BenF, very helpful. The monitor is "trying" to alert against only 1 computer, and it is looking for the computer with Automate installed. (Where LTAgent=Running). If you don't have an agent for it, it falls back to using ID 1. If you don't have THAT agent, then it won't work.
So, edit the "IFNULL(MAX(computerid),1)" section in the Additional Condition and replace "1" with whatever computer you want to have the alert to generate against. I think that will resolve your issue.
-
On 5/18/2019 at 12:34 PM, helpdesk@envisionITP said:
Thanks for writing back and sorry for the delay getting back to you. I will review the post again but I was looking for details about the scripts names created, monitor name created, searches created. I imported the file but cannot find anything related to this. I do not see the monitor name you listed. AGain I will review it again to see what it is doing and names of the items listed. Thanks
It is an Internal Monitor. There are no additional Scripts, Searches, EDFs, etc. It stands alone.
You should find it in Control Center at "Automation" -> "Monitors" -> "Internal Monitors". Make sure that you restart Control Center after importing to ensure all windows are closed. If you have the monitors window opened it won't refresh the list. If all else fails, try running the entire .SQL file in SQLYog, and see if it is returning some kind of error. Perhaps it is failing to import? (Control Center won't tell you anything about the import)
-
The above error message is because the AD Plugin is not installed. This monitors uses data gathered by the AD Plugin, and will not work without it.
-
On 2/24/2019 at 4:26 PM, BenF said:
I've imported this now and trying to test that it works. I would love some help if possible, is there a way to see or test this monitor in Automate 12. When I do a build and view query no results are returned at all
This is GOOD, if you have plenty of licenses available. The monitor will alert if the number of available licenses is below the "Result" value.
To test this, you can edit the monitor (don't save) and change the Result field to a large number. Then hit Build and View, and it should return 1 row for the alert.
-
On 3/21/2019 at 12:08 PM, helpdesk@envisionITP said:
Wondering if you can explain some details of this process, Is there a monitor name?
The monitor name is "Expire RoleDections Not Detected For 7 Days*".
The process is explained in the post. What additional information would you like explained?
-
48 minutes ago, reboot-3-times said:
I imported this into v2019.2 and it is showing 0 results, but I know I have agents out of date. Is there anything else that I have to do? I have it targeting the All Agents group.
I have added an FAQ to the file description. Please review and see if your question has been answered.
-
8 minutes ago, Richie111 said:
I figured that would be an issue but in the test case i found there were two volumes and they both were enabled. where would logging be of when the mange-bde ran from the role detection?
Role Detection is performed during the System Info inventory. It's process is logged only in LTErrors.txt, but only if you increase the debugging level. If you increase it to maximum it can overwrite and rotate within seconds so it can be challenging to get what you want from it. You might try grabbing the command from the role definition and running it yourself to see what it is outputting, and see if you can discover why it is not being detected in your case.
-
On 11/29/2018 at 2:14 PM, Richie111 said:
I have some machines that got the role but now say detected false. running manage-bde on the machines shows that Bitlocker is installed and working correctly. Any thoughts?
One thing that comes to my mind is that the way the role works, it is looking for volumes where protection is active. If you have bypassed Bitlocker for 1 or more reboots (manage-bde -protectors -disable C:) then the role will NOT report that BitLocker is enabled even though it is present and the volume is fully encrypted.
-
On 11/19/2018 at 8:32 AM, jcd51989 said:
Stopped working after while can't seem to figure out why?
Can you define "stopped working"? No results? Or Build and View fails? If you don't have the latest version, you should re-download and install it as I improved the speed. It is looking for computers that have logged into the AD Domain "recently". If you AD plugin has broken somehow and you aren't getting updated computer information, the monitor will not find any agents to report.
-
Just make sure the alert template has “Run Script” as its only action.
-
On 10/2/2018 at 10:57 AM, Rick Smith navitend said:
OK Let me ask this; How is this script installed ? I downloaded, installed how I thought appropriate, but it didn't put any "if/then/else" statements into the script formation.
Not sure I want to run a script when I can't see what it's doing...
You shouldn’t run a script you can’t see, but there is no reason you shouldn’t be able to read the script. You import the standard way by going to System-> Import-> XML File. Try importing twice (no, it shouldn’t matter) and restart Control Center. Then locate and open the script. If you still have trouble maybe jump into the LabTechGeek Slack, and ask in the Scripting channel.
-
On 8/30/2018 at 2:38 PM, Mrjoshua said:
The SQL Check is "SELECT version FROM computers WHERE computerid=%computerid%" Contains "Service Pack 1"
Does this need to be %os% instead?
I'm going with "No". Computers.version contains the "Service Pack x" string, so that is the right place to be checking for it.
Try running the following query:
SELECT version FROM computers WHERE computerid=XXX
with XXX being the correct computer id.
Or it might be helpful to run the script using the debugger to learn more about what is going on. (After that step executes, the internal variable %sqlresult% should have the value returned by the query, you can see if the service pack is listed).
-
On 6/25/2018 at 5:31 AM, lgs141 said:
This is a great idea! @DarrenWhite99 I downloaded v1.0.1, but it doesn't seem to limit the results to machines running Windows as the query results lists devices such as QNAPs. Should this be working out of the box?
The 2.0 version is between 3 and 60 times faster (It dropped my queries from 6-15 minutes down to 15-30 seconds) and includes the OS limit. I think I may have accidentally uploaded the wrong file for 1.0.1, because when I downloaded it I didn't see the OS limit in there.
Give the new version a try and it should be much faster in addition to excluding non Windows OS computers.
-
1 hour ago, 365Geek said:
I notice that after a computer comes 'online' and trips the monitor and alert, the Extra Data Field gets blanked out. How would I go about changing this so we continue to get alerted if a computer comes online? (Example is if a computer comes online rarely and only for a few minutes, if we miss it the first time we'd like to continue getting alerted).
From the description:
Read the Script Notes for advanced control over the number of times a notification will be triggered.Let me know if the script notes don't explain it correctly.
AV - Conflicting Programs or Services
in Internal Monitors
Posted
I realized I didn't have a definition for ThreatLocker. I'll add this here if anyone wants to update their monitor to include it. ThreatLocker can only be detected by installed services, so this one line needs to be added into the services group: