PowerShell

Well until Pulse-way get around to integrating Bitdefender I needed some way to quickly see who was installed and who was not, this scrip adds an entry to the computer name as "NoBit" or "BitActive" depending weather or not the bitdefender service is found or not. then just visit Systems, Key in the name filed NoBit and hit search to see which clients are missing Bitdefender. Note, does not check if service is running or actually active, only that the service exist. Suggestions Welcome. #Written by eDecisions #Use to determine if Bitdefender is loaded $computername = (New-Object -ComObject WScript.Shell).RegRead("HKLM\SOFTWARE\…

Seems I still find a lot of these systems that were managed by 2011 small buiness server where the server has been removed from the domain but the WUSU settings were not removed from the GPO correctly leaving one or more systems looking for a server that no longer exist. This script removes and reset the update service back to default on the client. Suggestions/Comments? # Stop the Windows Update service Stop-Service -Name wuauserv # Remove the registry key Remove-Item ` 'HKLM:\Software\Policies\Microsoft\Windows\WindowsUpdate' ` -Recurse # Start the Windows Update service Start-Service -Name wuauserv

This script changes the state of Hidden files, if hidden files are set to show this turns them off, if hidden files are set to hide this shows them. Comments? # This key contains all of the profiles on the machine (including non-user profiles) $profileList = Get-ChildItem -Path "HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList" # This key contains the path to the folder that contains all the profiles (typically c:\users) $profileFolder = (Get-ItemProperty 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList').ProfilesDirectory # This key contains the path to the default user profile (e.g. C:\Users\Default)…

Script enables RDP if its disabled, and enables if its disabled. #By eDecisions $RDP = (Get-ItemProperty -path 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server').fDenyTSConnections If ($RDP -eq 0) { Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server' -Name fDenyTSConnections -Value "1" } IF ($RDP -eq 1) { Set-ItemProperty -Path 'HKLM:\SYSTEM\CurrentControlSet\Control\Terminal Server' -Name fDenyTSConnections -Value "0" }

Ok this guy will display the users mapped drive of the user thats logged into the pc as well as the status of the drive, disconnected, Ok, ect... Nice if you's setting up another pc remotely and you want to see what the shared drives on another users pc were so you can match them. #by eDecisions $Taskname = "netuse" $lastlogon = (New-Object -ComObject WScript.Shell).RegRead("HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\LastLoggedOnUser") SCHTASKS /CREATE /sc ONCE /st 00:00 /TN $Taskname /RU $lastlogon /TR "c:\maplist.bat" start-sleep -s 1 New-Item c:\maplist.bat -ItemType "file" Set-Content c:\maplist.bat 'net use…

For our client security audits, and PEN testing events, we are required to disable NetBIOS on the network adapters. The below script is what we run when an asset registers with Pulseway. $key = "HKLM:SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces" Get-ChildItem $key | foreach { Set-ItemProperty -Path "$key\$($_.pschildname)" -Name NetbiosOptions -Value 2 -Verbose}

We do not use IPv6 in our current environment, so to help with security, we disable it on the network adapters. The below script is what we run when an asset registers with Pulseway. Disable-NetAdapterBinding -Name "*" -ComponentID ms_tcpip6

It was requested I post this so hopefully someone else in the community can benefit. Until we are able to deploy Bitdefender from within Pulseway, this is the next best thing. I wrote this again, for my clientele who generally are PS 3.0 + so some small adjustments may be needed if you are attempting to run this on PS 2.0. This will download and silently install Bitdefender. All you need to edit is the $BitdefenderURL and possibly the $BaseURL depending. When you log into GravityZone and make a package and go to get install links, the base URL in your portal will always be the same followed by the remaining part of the URL which can change based on the package. …

This post assumes you are already managing bitlocker in some capacity (feel free to read through my guide on how I am managing bitlocker with Pulseway custom fields here.). The use cases for this script are a bit niche. This script will remove the tpm as a valid key protector for the c:\ drive of a workstation. Two common use cases for when you may wish to do this: 1. In the event a laptop is stolen. - We have it setup where we can add stolen devices to a scope.. Devices that come online in this scope will kick off a workflow which includes the blow script. While in theory you shouldn't need to do this if the attacker doesn't know the password to the devic…

Hi, My requirement is to monitor hardware components in a server using the REST API and Powershell. Currently I'm working at Fujitsu servers and I'm able to get the necessary monitoring information to Powershell objects from Fujitsu iRMC (Baseboard Management Controller) using the REST API. However, proceeding from here is the issue. I want to know how to feed the queried information to Pulseway and generate notifications based on the thresholds that will be defined. Based on the research I've done it seems like I need to create a plugin and add it to the Pulseway Manager. (Not 100% sure about this) Could you please help on how to get this done? …

Is there a way to force use of Powershell 7.2 when running powershell scripts in Pulseway?

This took me a while to get working, so I figured I'd share the detail in case anyone else would like to use something similar. I've been working on identifying computers that have local user accounts with blank passwords. This problem is more a relic of launching our RMM journey late and not being ready to enforce a password policy, but it might be useful for someone else. I used the variable 'offenders,' and it returns a comma-separated list of the local user accounts that have blank passwords or just the word "Secured" if all accounts have a password. Add-Type -AssemblyName System.DirectoryServices.AccountManagement $script = { Param($cred) try…