By Jamie Taylor
The latest version of the remote control app, no longer requires elevation when it's launched in a directory where the local user has full access to.
New installations will also be placed in the Application Data folder by default for the current user, eliminating the need of elevation.
By Mark G38
Let me start off by saying this is not meant with any kind of hate or ill will. I very much love the Pulseway product overall, and I have been using it for a quite a number of years now. I very much want to see Pulseway continue to improve and catch up to a lot of the other RMMs out there by addressing some obvious "misses" with certain aspects of the software. This is going to be a bit of a novel but I hope the Pulseway staff and the community give it a read and feel free to comment, add suggestions, etc. The below items are too much to put into a bunch of separate feature requests. I apologize in advance if this is too much in one spot
Ability to completely remove or hide default scripts. Should also be able to delete individual ones within the default section. Ability to adjust script level permissions. There are some scripts I have written such as an MDM remote wipe type script that I want to be able to access within Pulseway if needed, or one of my higher tiered consultants but not my lower tier. I should be able to assign some sort of permissions to scripts to hide/show them based on security group, level, or team. A full inventory of the machine should be performed by the agent and visible in the web portal. This is a basic function of every other RMM I've used. I should be able to see all services on the machine, just like Pulseway looks at all applications installed. Services should then be selectable to be managed or not, or allow the ability to manage them right from that screen. Windows Updates - We should be able to easily see a list of installed updates on the machine without having to go back through Patch Policy History. The list could easily be populated on the Windows Updates section that Pulseway currently has. Dashboard - Needs more adjustable widgets. Patch status should be available as a dashboard widget with the ability to drill down to site/customer or filter for those things when creating the widget. PowerShell Console - Should be able to press up or some other key to be able to access, select previous inputs from that active session. Scopes - From the Scopes creation page, we should be able to then click on the Scope and see all the machines that the Scope includes. This would be a much easier and faster way then having to go to Systems and then select the Scope and drill down that way. Exclusions - We are unable to create exclusions for alerts. The answer is to move the machine to it's own group, and apply a new policy to that machine. This is certainly not ideal as 1, if you logically group your machines together, then splitting one out is a mess and even more importantly, then more policies created, the more you have to worry about going in and updating them when you want to change 1 thing. The less policies that have to be maintained, the better.
Input Variables - My single biggest issue with scripting currently is the lack of usability with the current custom input fields. It takes more time to click add/edit and input what is needed into the UI, then it does for me to just declare the same variables at the start of my script when writing them.
Have script input variables work as environment variables, and they can be filled in at the time of script run. So if I have script to search for something by date range, I can create 2 input variables, Start & End, and leave them blank. When I got to run the script, it pops up a window with the available custom input variables allowing me to fill them in at that time. Here is an example of a popup window at the time of run for another RMM tool I've used. All these variables are declared in the script as $env:customvariablename, and then inside the RMM portal, at the script creation screen, they are entered in, much like you can with Pulseway, and you can select the type of variable. Variable value, Boolean, selection (dropdown). Whatever is selected/inputted at the time of ran is simply passed to the $env:customvariablename that corresponds to that input variable. I've shown the 3 areas of how this works to show the complete idea behind this in the attachments. Site Variables - Pretty much the same concept as above, except these are created at the site (customer) level instead of the script level. They are called in the same fashion as above. This would allow for much greater flexibly around scripting as many clients have license specific software that needs to be installed and being able to set a site(customer) level variable that gets pulled automatically when the script runs, would allow for 1 script to be made and ran across multiple clients at a time without having to edit the script or make copies with the unique license key for each. It would simply read from the site variable when running and insert whatever is in that site variable field. Output of scripts (the content) in the push notification or email alert. If I schedule a task to run on a recurring basis and I get a failure notification, being able to see why is incredible helpful. Or, even if it's a success, there are plenty of use cases why seeing the output is needed. If I'm running a script to collect xyz info across multiple systems, being able to easily see that in a central spot on the notification or email is imperative. I shouldn't have to log into Pulseway and check each machine or check the task and look through the report. Tasks - We should have the ability to schedule tasks to run much more frequently that once per day. I would like the ability to run a custom script that checks for something specific let's say, once an hour, which then writes to a custom event log that I then have Pulseway set up to trigger an alert from. This would be helpful in creating plenty of custom alerts based on Event Log errors but once a day is not frequent enough in some cases. Workflows
As I understand it, the entire workflow idea works around something that generates a notification. This creates a big issue with workflows in the sense that, we are limited to whatever Pulseway deems an acceptable "condition" or filter. What would make workflows amazing, would be essentially turning them into "custom monitors". What I mean by that is I create a script that let's say reads some random programs event log because my customer needs to know when this particular software generates a specific error, (and no, it doesn't write this error to any event log). There is no built in way to approach this with Pulseway. If I could simply create a workflow and choose to run a script as the initial item, and then based on the exit code of that script, do other things from run a script to fix, generate an alert to my team so someone can go in and look at what is causing the error and resolve it, etc. I could apply that workflow to any systems I wanted, and set it to run every 10 minutes, an hour, whatever, and when it detects the event, again, based on how the script was written, it triggers the workflow or the alert. As in the example above, if I set it to run every 30 minutes and look for "if error exists", if it does, it then creates an alert so that myself and my team get notified. But it would also allow the workflow to perform additional steps as remediation if desired.
Another useful example of what I'm trying to explain, is perhaps I want to perform a certain set of steps based on a tag setup in Pulseway. I should be able to set up a workflow against a tag or against a scope and set it to run every so often. When a machine is then given that "tag" the workflow triggers and performs the steps assigned.
This goes along with 4 under scripting. In the same vein, workflows should be triggerable off the result of a script. In other words, I shouldn't HAVE to make it an event log entry. It would be great if I could set up a script via a task, and then set a workflow to check results of that script and allow me to choose either to alert or trigger a workflow on either a success of failure, whichever I wanted at that time.
I would LOVE to use Pulseway's built in cloud backup, but there are just too many flaws / missing items in it currently.
Scheduling - The only current options are every day, every 2, or every 3 days. All backup solutions I've ever seen, give you the ability to select which day(s) you want the backup to run, be it every Monday, or any multiple combination of days. We should also have the ability to select the TIME the backup will take place. Right now, it uses the time the backup job was created, so if I want a job to happen at 2 AM, I have to stay up until 2 AM to schedule that job for the first time. This is a very shocking miss on the backup front.
Ability to exclude certain file types (by extension) is needed.
Notification on job success or job failure is a MUST, not how it current is where it notifies you once it reaches below a targeted % range.
The ability to see the used space. Since your cloud backup works off either 500GB or 1TB licenses, we need to be able to see how much space is current in use per machine so we can plan to take the needed action should the backups start approaching the limit.
A report on the files backed up. Since this is a file only backup type, it's imperative to be able to see a list of all files backed up during the job, and if they were successful, failed, or skipped.
The ability to specify if the backup is considered a failure based on % of failed or skipped files is also needed. For example, if I'm targeting 1000 files, perhaps 5 failed isn't a concern to me, but if 300 fail, that's a failed backup job IMO. Therefore, having the ability to say if 10% (or whatever amount I want) of files fail to backup, the job is considered failed. In general, during my demo of this, I've had some concerns which your staff did witness directly:
The next backup date seems to fluctuate between the current day and next day if you sit that the backup status screen of Pulseway. The initial dig into a backup job, showed folders that I had excluded, were still present and you could drill down. However, after mounting a recovery to explore, the interface then hid all the folders not backed up. Concerning if it's collecting any data from folders I specifically didn't include in the target paths. You can see from the image below, it backed up 2 days in a row, almost the exact same amount of files and used the same amount of space. This is a test VM which had no changes in the test target directories, and yet the 2nd day it did what appears to be a full backup again. Subsequent days seem to have improved and the file count went down to a more expected level.
Here are some feature requests I submitted around some of the points above:
By Carl T
This post assumes you are already managing bitlocker in some capacity (feel free to read through my guide on how I am managing bitlocker with Pulseway custom fields here.).
The use cases for this script are a bit niche. This script will remove the tpm as a valid key protector for the c:\ drive of a workstation.
Two common use cases for when you may wish to do this:
1. In the event a laptop is stolen. - We have it setup where we can add stolen devices to a scope.. Devices that come online in this scope will kick off a workflow which includes the blow script. While in theory you shouldn't need to do this if the attacker doesn't know the password to the device, there are a number of instances out there where tpms are exploited with physical access to a device to then use the tpm to decrypt a drive. Such as this: https://pulsesecurity.co.nz/articles/TPM-sniffing
2. When terminating a remote employee's access to their computer. If an employee is out in the field or working from home, simply resetting their password might not be enough to lock them out of their device depending on your setup.
The script is fairly simple and is below:
$TpmProtectorID = ((Get-BitLockerVolume -MountPoint c).KeyProtector | Where-Object KeyProtectorType -EQ 'Tpm').KeyProtectorID Remove-BitLockerKeyProtector -MountPoint c -KeyProtectorId $TpmProtectorID Restart-Computer -Force Hope this is handy for some folks out there
If you recover the device and wish to re-enable the tpm you can do this from the management console, or simply run this script to put things back to "normal"
Add-BitLockerKeyProtector -MountPoint c -TpmProtector Restart-Computer -Force