🤘 2 reputation

SelfMan

Standard

Joined: 4/8/2011

Last seen: 5/30/2019

Activity
  • hey Colby, that would be awesome! Thanks buddy!

  • BlueKeep RDP vulnerability scanner
  • This is because of RDP session temp folder GPO in Administrative Templates\Windows Components\Terminal Services\Temporary folders group policy.:

    https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc759190(v=ws.10)

    Enable the setting and you'll be good to go.

    EDIT (2019-01-13): A minor adjustment

    Newer Operating systems have this GPO under:

    Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Temporary Folders

  • Add the following to the installation step: /L*V "C:\log\example.log" and after the installation fails, check the log for details.

    More info about Msiexec and logging can be found here https://www.advancedinstaller.com/user-guide/qa-log.html

  • I've created a simple report as sa example. Stopped services XML

  • Hi, first of all, you should configure the service's recovery actions in the service's properties. There you can also use a program to send a mail so you know a service failed. Other than that, you can modify the powershell script so that it logs its actions to a file in a share. OR you can have a PDQ Inventory report which will tell you all you need to know. The only downfall is that you have to tell the report which services can be safely ignored as there are many which do start but then at a later time stop.

  • Hi,

    • does the discovered IP in PDQ inventory match the nslookup's IP address?
    • what are your heatbeat settings?

    PDQ Inventory hearbeat settings

  • Hi, this will not answer your Domain question, but may give you some insight. Me personaly, I do prefer the local (on the site) installation of PDQ Inventory as all the requests and scans are much quicker on site. The host machine can be accessed via RDP from anywhere in the infrastructure. Sure, this all depends on the amount of computers. And also, if the computers are outside of the network, you can always use the PDQ Inventory Agent. Just be careful not to flood the network connection as many computers at once can produce a lot of traffic.

  • Sorry for the SSD Question, I've forgotten to re-read your post and it seems that the Deletion of a post is not working as expected.

    I have just another question - What are your Performace settings in PDQ Deploy? Options > Preferences > Performance

  • netsh is your friend... you can find some more info here

    Just create a batch and deploy it where needed. Something like:

    netsh interface ipv4 set address name="Local Area Connection" source=dhcp

    netsh interface ipv4 set dnsservers name="Local Area Connection" source=dhcp

    @echo It may take a few moments for changes to take effect. You may close this window or

    @pause

    you just have to have the correct name of the network adapter.

  • Just out of curiosity. Do the systems, PDQ Deploy is running on, contain any antivirus? If so, did you exclude the application data folders from scanning?

    Like

    C:\ProgramData\Admin Arsenal

    C:\Program Files\Admin Arsenal OR C:\Program Files (x86)\Admin Arsenal

    C:\Users*\AppData\Local\Admin Arsenal

  • Be sure to install PDF Sam like this msiexec /i "pdfsam-v3.3.7.msi" /qn CHECK_FOR_UPDATES=false DONATE_NOTIFICATION=false SKIPTHANKSPAGE=Yes LOCALE_CODE=enLOCALE PLAY_SOUNDS=true CHECK_FOR_NEWS=false PREMIUM_MODULES=false

    change atributes according your preferences

  • Hi Thomas, did you specify the credentials including the domain? Credentials dialog

  • The only problem with the fix is that it has to be applied per user, so you have to apply it either via a logon script or directly through group policy. The text already states that you have to check the Group policy for it beeing applied.

  • You may also give the wuforce.vbs script from Rob Dunn a shot. https://community.spiceworks.com/scripts/show/82-windows-update-agent-force-script-email-results-version-2-8 This way you can force the machine to update and when finished, reboot it.

    I am using this all the time.

  • WinRAR
  • Media Player Classic Home Cinema AKA MPC-HC
  • You are welcome. Though I see here a small problem. As PDQ Deploy is a 32bit application, its probably starting the 32bit version of CMD to execute the batch. Hence the diferences.

    But this has to be answered by the  PDQ guys, as i dont see in to the insides of PDQ Deploy.

  • The rules applied while the command is executed are the same as when you have a new computer, open the network neighbourhood and click on the yellow bar "Enable network discovery".

    Like this one https://i.stack.imgur.com/tQbhl.png

    This is pretty much you have to do if you want to manage the computer remotely. You have to enable filesharing, otherwise the administrative shares C$, D$, IPC$, ADMIN$ wont be available.

  • Hi Adam,

    its easy, download the latest version of ProduKey from NirSoft, run it, hit F9, select "Load the product keys from all cumputers in your local domain" OR specify the IP range Produkey should scan for.

    Then just wait for it to collect the data.