Jump to content

AC_Martin_J

Members
  • Content Count

    28
  • Joined

  • Last visited

About AC_Martin_J

  • Rank
    IT Sidekick

Profile Information

  • Location
    Sweden
  1. Completely agree! Allthough the timeout can be lengthened now, it's still a big issue that we can't whitelist our browser. I turned on 2FA recently and I have to login to the WebGUI and Remote Control approximately twice a day. Extending the timeout even further doesn't seem like a good workaround. Also, please consider SAML-support, as mentioned earlier in this thread. We have ADFS and Smart Cards in our environment which we could then use to login to Pulseway.
  2. According to the Pulseway Roadmap, Remote Control will be integrated within the WebGUI instead of a stand alone app. It is estimated to be released during Q2 2020. Hopefully we'll see that update arriving soon, and I imagine that it will become much easier to initiate chat messages and then remote control the user when everything is managed from the same place.
  3. Unfortunately, Pulseway doesn't support Swedish characters within scripts at this point in time (I'd love to see that in the future though). However there's a way around it.. You can use ASCII-code instead of letters. I did this with a script recently in order to create a scheduled task, and it's working fine. Replace the following: $group = "Administrators" With: $group = [char]065+[char]100+[char]109+[char]105+[char]110+[char]105+[char]115+[char]116+[char]114+[char]097+[char]116+[char]246+[char]114+[char]101+[char]114 (The ASCII code above says Administratörer. Please note that putting the code within quotation marks will store the ASCII-code itself, which we don't want in this case)
  4. Hi there! I think the workflows introduced in Pulseway 8.0 are powerful but not necessarily intuitive and easy to use.. My main concern is that you are only able to have one instance of a certain trigger enabled at once. For example "Service Stopped". I get the idea that you want to collect everything in one schematic, but it becomes problematic because you can't create branches directly under the trigger. Instead you have to add something like a condition first, and then create branches depending on the outcome, and then add multiple scenarios depending on what needs to be accomplished. In my case, I'd like to create a workflow where Service X is restarted on all workstations if it's found in a stopped state. At the same time as I want a notification when Service Y is in a stopped state on a specific machine. They are completely unrelated, but with the current configuration I somehow need to merge them in a single workflow. Trigger - Stopped state Condition - if service = X Action - Start service X Condition - if service = Y and machine = 1 Notify user via email Condition - if service not = X Condition - if service = Y and machine = 1 Notify user via email As you can see, one of the services (Y) needs to be added twice, simply because the machine may or may not fulfill the service X condition. This behavior will scale exponentially when I add more services to the mix. A better solution would be to either allow more workflows with the same trigger (and then maybe let the administrators decide in which order they will run), or let the administrator add branches directly below the trigger. In that case it could've looked something like this: Trigger - Stopped state Condition - if service = X Action - Start service X Re-evaluate workflow Condition - if service = Y and machine = 1 Notify user via email Re-evaluate workflow If no conditions are met, end workflow as successful One more thing.. Being able to get a preview of which machines will be affected when creating filters within the workflow would help a lot. A short list of 1-5 machines is enough to let the administrator know if the filter is misconfigured.
  5. I'm getting suspicious about the keyboard-app being the culprit in this case, but I'm not an expert. I would at least consider using another keyboard app for a while to see if it behaves differently. I'm using Gboard on my OnePlus device and it works well with Pulseway Remote Control, another keyboard to consider might be "Switftkey" among others.
  6. You can run the following script on a domain controller to see all enabled users using Powershell in Pulseway: get-aduser -filter * -properties samaccountname, enabled, givenname, surname | where {$_.enabled -eq $true} | select -property samaccountname, givenname, surname | sort-object -property samaccountname The output will be all users in AD where the enabled-attribute is set to true (ie all active users), and they will be presented in alphabetical order sorted by their username.
  7. Remember to not only enable workstations to generate notifications, but also enable the account/s to receive them as well. Have a look under Account -> Notifications and make sure that they are enabled there too.
  8. Hi there! I often find myself running scripts on our machines in a way that demands follow up/verification, so I thought it would be a good thing to be able to add scripts to a queue in Pulseway to have them run at a later point in time when a system becomes available online. Currently I tend to keep a document with all the machines listed, so I can mark them one by one in order to know which ones are done, and which ones remain. This is kinda tedious because our machines (especially laptops) tend to be offline for longer periods of time, and I have to follow up on a daily basis until the script ran successfully on all of them. I know about automation tasks in Pulseway and the possibility to schedule scripts to run daily, weekly etc. But they will continue to run on all computers for as long as the task is enabled. I've tried to cope with this by building scripts that won't reapply the software and/or settings if existing data is found. It seems to work, although it's not an optimal solution since the scripts will run tens or hundreds of times on our systems when they only really need to be ran once. So, what am I suggesting? The possibility to run one or multiple scripts (either directly or via an automation task depending on what the Pulseway devs prefer) With an option to run once. With an option to include offline systems (the script/s will be queued for when they come back online) With an option to send success/failure-reports to the administrator With an option to retry once, twice or three times whenever a script is unsuccessful. (in my case this is useful because Powershell Impersonation doesn't work in home environments when VPN is disabled, so a second attempt may succeed.) A section in Pulseway WebGUI where an administrator can see the deployment progress and success/failure-ratio. One of many scenarios: I have a script that will install a scheduled task with some predefined values, and upgrade an MSI-installation to a newer version. I want to make sure that all our computers run the script with a successful output. Please let me know if you find this suggestion useful!
  9. Thanks for your reply! I can't find any misconfiguration regarding the group policies. This is a behavior that'll happen on our workstations from time to time. I can always remote control the clients, but the issue is that I sometimes have to wait one minute because the notification isn't shown (I know this because I'm talking to the end user via phone simultaneously). Have a look at the following pictures to see how I've configured it all:
  10. This functionality is not available in the Pulseway Remote Control software at the moment. As a pulseway user, I can't determine whether I want this functionality or not. Because I can see the benefits but I also see them as security concerns at the same time (if the account were to be compromised).
  11. I appreciate you sharing the script, but please note that the password is stored unencrypted and visible to others in both the script itself (if you edit the code) and in the registry. You might want to consider using the Autologin-tool from Mark over at Windows SysInternals instead. It's a great tool to add autologin to kiosk-computers and such, while keeping the credentials safe since they will be encrypted. https://docs.microsoft.com/en-us/sysinternals/downloads/autologon To turn it back off, you simply run the tool again and disable the autologin feature. In other situations, there's also a Cmdlet to gather credentials and store the password as a secure string which is handy. You can try the following to test it out: #Running this first line will open a prompt for you to enter username and password and store it in $Credentials $Credentials = Get-Credential #Running the second line will output the UserName that was entered previously, and in a readable formt $Credentials.UserName #Running the third line will output the Password as a secure-string (non readable) $Credentials.Password #You can then use the stored information when running the Invoke Cmdlet for example (ie running a scriptblock on another computer), or when connecting to Office 365. #Furthermore it's possible to convert the secure-string into an unreadable text format so you can save it in plain text but without the risk of having it compromised. #Running the fourth line will convert the password from a SecureString and store it in $Password $Password = $Credentials.Password | ConvertFrom-SecureString #You can then compare the output of $Credentials.Password and $Password by running them separately. The first one will show the SecureString-data, and the second will show the same information but in plain text while it can also be exported/saved for future use, unlike a securestring. #Running the fifth line will export the password in an unreadable plaintext-format and save it as a file, so you can import this at a later point in time (ideal when running scripts with the task scheduler where the script needs credentials in order to proceed). Set-Content "C:\temp\MyPasswordData.txt" $Password #Running the sixth line will import the password and convert it back to a securestring so you can use it in your scripts. $ImportedPassword = Get-Content "C:\temp\MyPasswordData.txt" | ConvertTo-SecureString Hope this helps!
  12. @Greg Candido It's possible to run Pulseway with User Impersonation, and by doing so you should be able to access network resources because it's essentially running as a user instead of system. I did the following in our setup: Create an account for the Pulseway service in active directory. Give the new account share permissions and file permissions on the directory where the MSI-file resides. Open Pulseway Manager on one of the clients. Open Settings -> Runtime and check the "Enable Powershell User Impersonation". Enter the credentials created in the first step above, including the domain. Apply the settings and exit the Pulseway Manager. Open registry editor on the same client and navigate to HKEY_LOCAL_MACHINE\SOFTWARE\MMSOFT Design\PC Monitor Copy the data of each of the following keys for later use: PowerShellUserImpersonation PowerShellUserImpersonationDomain PowerShellUserImpersonationPassword PowerShellUserImpersonationPasswordCtrl PowerShellUserImpersonationUsername Open the group policy manager on a domain controller and create a new group policy object. Expand Computer Configuration -> Preferences -> Windows Settings > Registry and create the following keys: PowerShellUserImpersonation Action: Update Hive: HKEY_LOCAL_MACHINE Key path: SOFTWARE\MMSOFT Design\PC Monitor Value name: PowerShellUserImpersonation Value type: REG_SZ Value data: 1 PowerShellUserImpersonationDomain Action: Update Hive: HKEY_LOCAL_MACHINE Key path: SOFTWARE\MMSOFT Design\PC Monitor Value name: PowerShellUserImpersonationDomain Value type: REG_SZ Value data: %the domain name copied from previous steps% PowerShellUserImpersonationPassword Action: Update Hive: HKEY_LOCAL_MACHINE Key path: SOFTWARE\MMSOFT Design\PC Monitor Value name: PowerShellUserImpersonationPassword Value type: REG_SZ Value data: %the password data copied from previous steps% PowerShellUserImpersonationPasswordCtrl Action: Update Hive: HKEY_LOCAL_MACHINE Key path: SOFTWARE\MMSOFT Design\PC Monitor Value name: PowerShellUserImpersonationPasswordCtrl Value type: REG_SZ Value data: %the password ctrl data copied from previous steps% PowerShellUserImpersonationUsername Action: Update Hive: HKEY_LOCAL_MACHINE Key path: SOFTWARE\MMSOFT Design\PC Monitor Value name: PowerShellUserImpersonationUsername Value type: REG_SZ Value data: %the username data copied from previous steps% Link the newly created GPO to an OU with one or more test-clients and verify that the user impersonation is working, and then enable it on all the clients in the domain where you want to enable the functionality.
  13. I'm currently running Pulseway OnPrem (7.0.0 build 120 release 283), and I'm using Pulseway Remote Control (6.6.3). The issue I have experienced is that the remote control notification doesn't always show up on the client when I attempt to remote control a session. We have 150+ computers in our environment and sometimes it works fine, and sometimes it doesn't, and the different behavior can even occur on the same machine from time to time. Pulseway is configured to automatically allow the remote session if no one accept (or deny) the request within a minute, and I have noticed that even if the notification doesn't show up, the connection will still be established when the timer runs out. To make things clearer, here are two different scenarios. (Scenario 2 is the incorrect behavior) Scenario 1: Select computer -> Select active session -> Client notification "do you allow x to remote control" -> User press Allow -> Remote session established Scenario 2: Select computer -> Select active session -> Client notification not shown -> 1 minute timeout -> Remote session established Are you guys aware of this? Has anyone else experienced the same behavior?
  14. @Chris Nah, that's not at all what I'm after, but thanks.. I want to use the Pulseway message feature ad-hoc, for example when a critical system goes down and I need to immediately notify all my users that I'm aware and that we are working on a solution.
  15. I might have misunderstood the whole thing here, but if you want to move a client between Organization, sites or groups as Chris mentioned, then the client needs to have Pulseway agent 6.0 or later, which is where this functionality was first introduced.. I've had a couple of devices myself that I couldn't move because of this, but it went fine after booting them up and allowing pulseway to update to a newer version.
×
×
  • Create New...