726 docs tagged with "Security"

This document outlines a script that sets the required registry values to configure "SchUseStrongCrypto" for the .Net Framework. A reboot is required after adding the registry keys. The script is designed to be executed as an autofix script from ConnectWise Automate, ensuring proper configuration and ticket management for reboots.

This document provides an overview of agents configured with Duo Multifactor Authentication within the ConnectWise Automate environment. It details the necessary dependencies, describes the relevant data columns, and includes the SQL representation for querying this information.

This document provides a Dataview that displays the status of Google Authentication for users in ConnectWise Automate, indicating whether it is enabled or not.

This document describes a monitoring solution that identifies disabled accounts on Active Directory servers using the Active Directory plugin. It automatically creates a ticket for each disabled account found, ensuring that administrators can address these issues promptly.

This document outlines a monitoring solution for detecting account lockouts on Windows machines. It includes details on the check action, server address, check type, and dependencies for effective account management.

This document provides a comprehensive report on all active users within the last 30 days using the Active Directory plugin. It includes details such as account status, last logon time, and password information, ensuring administrators have valuable insights into user activity and security.

This document provides a detailed overview of a dataview that displays stale users in Active Directory, defined as those who have not logged in for over 90 days. It includes information on dependencies, columns displayed, and their descriptions.

This document provides a comprehensive overview of a dataview that displays all users associated with a domain, including their general information, account status, and security details. It outlines the columns available in the report, such as client, location, account name, email, and password expiration details, along with their significance.

This document outlines the process for creating and managing an ADPluginUser account for domain controllers detected in the AD Plugin. It details the script initiation for password changes, dependencies, and alert templates, while also addressing the limitations on EOL systems.

This document details a script for notifying users about upcoming password expirations. It includes configuration options for alerting, ticket creation, and email notifications, as well as instructions for customizing messages and handling different user scenarios.

This document describes a monitor that utilizes the Active Directory plugin to identify any enabled accounts with the name "test" on the domain. The purpose is to help technicians evaluate these accounts for potential security risks.

This document outlines a script designed to create or update a domain admin account for the Active Directory plugin, including features for random password generation and troubleshooting capabilities. It is intended for use on domain controllers detected by the Active Directory Domains plugin and includes implementation steps, dependencies, and variable configurations.

This document outlines a dataview created to verify the applied workaround and installation of necessary patches to mitigate and detect Active Directory privilege escalation attacks. It provides a comprehensive overview of computer accounts with non-compliant sAMAccountNames and details about patch statuses.

This document outlines a PowerShell script designed to verify the installation of necessary patches to mitigate and detect Active Directory privilege escalation attacks. It checks for the presence of specific patches, monitors registry settings, and identifies non-compliant computer accounts, ultimately enhancing security compliance for domain controllers.

This document provides a comprehensive guide to generating professional Active Directory reports that clients can use to assess and clean up their Active Directories. It includes example reports, detailed descriptions of included reports, associated content, implementation instructions, FAQs, and potential problems to watch out for.

The Active Directory User Assessment report provides a detailed overview of all user accounts within the domain, including a summary of the associated back-end settings on the Domain Controller, enabling administrators to assess user security and account management effectively.

This document details the process of setting up the Active Directory Reporting Solution by creating necessary database items, including tables and views, along with scheduling an essential script for compliance and security checks.

This script provides auditing functionality for members of Admin groups in Active Directory, allowing for optional alerts regarding any changes made to these groups. It is designed to run on a Domain Controller and can help maintain security and compliance by tracking modifications to critical administrative roles.

This document provides a script to enable the Active Directory Recycle Bin, detailing the prerequisites, process, sample output, and ticketing information in case of failure. The script ensures that the Windows OS and domain modes meet the necessary requirements before enabling the feature and outlines the logging and notification procedures.

This document provides a detailed overview of a script that allows a machine to join a domain even when it is not connected to the same network as the Domain Controller (DC). It outlines the variables used, the process involved, and the expected output, highlighting the efficiency gained through automation.

This document details a script designed to update Active Directory users' email addresses by matching them with contacts in Automate, facilitating user-centric billing and ensuring accurate email synchronization. The script operates specifically on Domain Controllers and includes a SQL query to retrieve necessary contact information.

This document outlines a client-specific script designed for monitoring Active Directory users whose passwords are set to expire within the week. The script automatically generates an email notification to inform users about their upcoming password expiration, ensuring timely action and compliance.

This document provides a detailed implementation guide for setting a registry key that enables auto-lock on Windows machines after 10 minutes of inactivity. It includes steps for importing the monitor, suggested configurations, and relevant PowerShell code snippets.

This document provides a detailed guide on how to add the necessary Cipher Suites for an Automate agent to successfully sign up with ConnectWise Automate, including enabling TLS 1.2 and handling the required configurations.

This document provides a detailed implementation guide for the Add-WifiProfile script in ConnectWise RMM, allowing users to manually add Wi-Fi profiles to Windows computers. It includes setup instructions, user parameters, task creation steps, and sample runs.

This document outlines a RAWSQL monitor designed to alert administrators whenever a new user is added or when a user’s permissions are modified, ensuring the security and integrity of the system.

This document outlines various solutions for managing local and domain administrators effectively, including processes for creating, updating, and monitoring admin accounts on Windows machines.

This document provides a detailed overview of the dataview used to audit agents in the environment, including descriptions of each column such as Client Name, Location Name, and Agent Operating System, among others.

This document outlines the purpose and functionality of a monitor set designed to detect computers that are placed in the wrong location based on router addresses. It details how to define multiple router IPs, the format required for input, and provides sample screenshots for clarity.

This document outlines a monitor set designed for ConnectWise Automate to detect machines that have not installed Windows updates within the last 45 days. It ensures that all systems are up-to-date and protected against known security threats, focusing on supported operating systems and patch-managed devices.

This document outlines the process for targeting clients with Enhanced Data Fields (EDFs) enabled to install DUO, while excluding agents that have EDF set for Exclusion. It also references a dependency for installing MFA authentication for Windows EDFs, which can be utilized as an Autofix Script.

This document describes a monitor that detects Windows agents lacking shadow copies or having copies older than a specified system property value. It includes dependencies and target systems for implementation.

This document outlines a script designed to audit registry settings related to group policy redirection. It populates a custom table with the collected data, ensuring effective data management and reporting. The script includes detailed dependencies, variable definitions, and a comprehensive process for execution and output logging.

This document outlines a solution for auditing folder redirection policies on target machines, allowing users to visualize effective policies, redirected folders, and their destinations. It includes associated content, implementation steps, and FAQs regarding the script and data collection.

This document outlines a PowerShell script designed to automate the addition of Active Directory to Windows Autopilot by checking specific registry values and executing necessary commands if conditions are met. It includes setup instructions, sample run outputs, dependencies, and detailed process steps.

This script helps to verify whether antivirus (AV) is running on a system. If the AV is not running, the script attempts to start the AV process. It is intended for use with the "AV-Disabled" monitor and can create or update tickets based on the AV status. This automation saves time and enhances security management.

This dataview assists in auditing control sessions by tracking key details such as participant names, connection times, and disconnection times, providing a comprehensive overview of session activities.

This document provides a detailed overview of a custom RAWSQL monitor designed to check the custom table privileges for a user in a database. It outlines the necessary dependencies and the target scope of the monitoring solution.

This script monitors for the creation of new super admins since the last run, generating alerts for any new additions. It saves time by automating the tracking process and creating corresponding tickets for any changes.

This document provides a detailed overview of a dataview that lists all scripts in the ConnectWise Automate environment, including their folder details, types, execution permissions, and performance metrics. It also summarizes script execution over a defined retention period.

This document outlines the criteria for determining whether an Automate user’s password is considered strong or weak. It details the requirements for a strong password, including character length, variety, and complexity, and provides a summary of the data view used to assess password strength.

This document provides an overview of the Automate Database Maintenance User Class Permission Script, detailing its functionality, required properties, and variables. It ensures the synchronization of user class permissions from the Default Client to all other clients based on specific system property settings.

This document outlines the process of auditing and establishing hardening rules and policies for ConnectWise Automate servers based on the latest guidelines. It includes a detailed description of the variables involved, the processes executed, and the expected output, aimed at enhancing server security and compliance.

This document provides a summary of a monitor designed to detect Automate users who have been locked out from logging in, ensuring better management and security of user access.

This document outlines the setup and dependencies for the Restrict Vendor Access monitor in ConnectWise Automate, ensuring that when specific EDFs are checked, machines in the system are automatically restricted from vendor access.

This document details a monitor that identifies devices with disabled Antivirus. It includes information about an Autofix for Windows machines that can restart the Antivirus service and is applicable to all operating systems, though the Autofix feature is specifically for Windows.

This document outlines the AV - Out of Date Monitor, a tool designed to identify devices with outdated AntiVirus definitions in ConnectWise Automate. It serves as a copy of the stock monitor for effective device management and security compliance.

This document provides a comprehensive overview of the antivirus status on agents, detailing information about the installed antivirus software, its activation status, and whether it is up to date. It includes key metrics such as last contact time, operating system details, and protection status.

This document provides a list of recommended exclusions for various AV/security products to ensure the proper functioning of ProVal scripts and tools.

This document provides comprehensive information regarding the servers that have Azure AD Connect software installed, including the specific versions of the software. It outlines associated content such as policies, procedures, and reports related to the Azure AD Connect Version Audit, along with implementation steps for setting up the necessary configurations.

This document provides an overview of how to detect agents with Secure Boot enabled, including the detection string used and the expected result for applicable operating systems.

This document provides a role definition for tracking machines that utilize UEFI BIOS type. It includes a detection string and settings for identifying applicable operating systems.

This document provides a comprehensive guide on installing BitDefender Endpoint Security Tools on endpoints, detailing the installation process, logs, dependencies, and the overall procedure.

This document provides a comprehensive guide for completely removing BitDefender Endpoint Security Tools from an endpoint using an agent procedure. It includes implementation steps, optional variables, and the process for ensuring proper uninstallation, along with logging and error handling.

This document outlines the roles responsible for determining the eligibility of Windows Server for BitLocker. It includes detailed detection strings, comparators, and the applicable operating systems for each role, along with SQL commands to implement these roles.

This document provides a comprehensive guide on managing Bitlocker protection on endpoints, including updates on auditing scripts, implementation steps, and optional configurations for automatic encryption and Active Directory backups.

This document provides an overview of the Bitlocker key protectors that have been backed up to Active Directory, including details about the audited domain controller and the status of each key protector.

This document provides a comprehensive overview of the Bitlocker Audit script, detailing its functionality in gathering Bitlocker and TPM information from target endpoints, storing it in custom tables, and creating backup files for recovery passwords.

This document provides a detailed overview of a script that automates the process of backing up the existing BitLocker recovery key to a joined Active Directory domain, saving significant time in the process. It includes sample runs, dependencies, variables, and the overall process involved in executing the script.

This document provides an overview of a Bitlocker monitoring script that identifies target machines based on specific conditions related to Bitlocker settings and client configurations. It includes SQL queries, dependencies, and guidelines for targeting the Bitlocker solution.

This document outlines an internal monitor designed to detect the agent where the "Bitlocker Fully Decrypted - System Drive" role is present on Windows machines. It provides insights into the dependencies and target systems for effective monitoring.

This document outlines an internal monitor designed to detect unsupported Windows workstation operating systems that have not been updated regarding BitLocker encryption status. It checks for specific conditions related to the key protector ID, protection status, and configuration settings, ensuring compliance and proper execution of the associated BitLocker initialization script.

This document details a script that audits the recovery keys for each encrypted drive on an agent and adds the information to a custom table, saving time and improving efficiency in managing BitLocker encryption.

This document outlines a monitor set that detects computers where Bitlocker is enabled and the drive is fully encrypted but lacks any key protectors. It utilizes data from the Bitlocker Audit script and provides guidance on scheduling and dependencies for effective monitoring.

This document outlines a monitoring solution for identifying target machines with specific Bitlocker settings, ensuring that only compliant machines are flagged for further action. It includes SQL queries and dependencies for effective implementation.

This document provides a comprehensive overview of a monitoring script designed to identify target machines with specific Bitlocker monitoring criteria. It includes dependencies, target recommendations, translated SQL queries, and a visual representation of ticketing processes.

This document provides a comprehensive guide on how to disable BitLocker protection on one or all volumes using a PowerShell script. It includes sample runs, user parameters, and dependencies required for execution.

This document describes a script designed to add a recovery password to a BitLocker-enabled drive that lacks a key protector. The script disables the current BitLocker protection, initializes the TPM if necessary, and re-enables the protection with a Recovery Password protector. It is intended for execution as an Autofix script and not for manual use.

This document provides a detailed guide on how to encrypt a drive using Bitlocker disk encryption. It includes sample runs, global and user parameters, and the process for selecting key protector types. Important dependencies and prerequisites are also outlined to ensure successful encryption.

This document provides a detailed guide on implementing the BitLocker Volume Initialization script within ConnectWise RMM. It covers requirements, user parameters, task creation, and execution steps for encrypting a drive using BitLocker disk encryption.

This document provides a comprehensive guide to creating device groups for the BitLocker drive encryption auditing solution in ConnectWise RMM. It details the necessary dependencies and outlines the criteria for four specific device groups: BitLocker - Audit Required, BitLocker - Enabled, BitLocker - Disabled, and BitLocker - Regular Auditing.

This document outlines the process to determine if the C: drive on an endpoint has BitLocker enabled. It includes information on accessing the data through BitLocker dataviews or the roles tab in ConnectWise Automate, along with the necessary detection string and settings.

This document outlines a suite of 9 agent procedures designed for the initialization of BitLocker volumes using various protection methods. Each procedure is detailed with examples and logs to illustrate functionality and outcomes during execution.

This document outlines a solution for enabling BitLocker on endpoints, including options for encryption methods and TPM control. It includes associated content such as scripts, custom fields, and monitors to ensure effective deployment and management of BitLocker encryption.

This document outlines the procedure for enabling BitLocker on the system volume, detailing the encryption methods used, dependencies, and step-by-step implementation instructions for creating a task in ConnectWise RMM.

This document provides a detailed guide on creating a monitor that generates a ticket when the BitLocker Initialization fails on the system volume for Windows workstations. It includes dependencies, implementation steps, and ticketing information.

This document outlines the process for retrieving any available Bitlocker recovery keys from endpoints and saving them to the xPVAL Bitlocker Key CF. It includes example logs, dependencies, and a detailed process for execution.

This document outlines the process for pushing BitLocker recovery keys to Active Directory and Azure Active Directory. It details the script creation, execution, and logging for successful and unsuccessful backup attempts, ensuring key management and security compliance.

This document provides a detailed implementation guide for the BitLocker Recovery Password backup to Active Directory using a ConnectWise RMM script. It includes requirements, sample runs, task creation steps, and troubleshooting tips.

This document provides a comprehensive overview of the Bitlocker audit dataview, detailing the Bitlocker status of machine drives, key protectors, TPM status, and backup status in Active Directory for all audited computers.

This document provides a comprehensive overview of the Bitlocker information displayed in the dataview for all retired computers that have executed the Bitlocker Audit script. It details the Bitlocker status of machine drives, key protectors, TPM status, and backup status in Active Directory, along with the necessary dependencies and column explanations.

This document details a script that audits endpoints for BitLocker status, checking if drives are BitLocker-enabled, ensuring encryption is complete, and retrieving any available recovery keys. It provides a comprehensive overview of the script’s functionality, dependencies, and expected output.

This document provides a summary and settings for checking if the agent has Bitlocker TPM present. It includes a detection string, comparator, and applicable operating system details.

This document outlines a role that checks if the Trusted Platform Module (TPM) is ready for use on a machine. If the TPM is ready, the role is applied to the machine in the ConnectWise Automate database, ensuring proper configuration and security measures are in place.

This document outlines the creation of dynamic groups to deploy the task for clearing and auditing browser saved passwords, including details on the criteria for each group and the endpoints involved in the process.

This document outlines the steps to create a monitor that generates a ticket when the task to clear or audit browser saved passwords fails. The monitor is essential for ensuring that saved passwords are properly managed and removed when necessary.

This document provides an overview of the Password Manager Lockdown Status for computers monitored by the Lockdown Browsers Password Manager. It details whether the password manager has been successfully deactivated for installed browsers and identifies any failures in the process.

This document outlines a dataview designed to display potential brute force attacks against Windows devices by counting failed login attempts recorded in the ConnectWise Automate database. It provides insights into the accounts experiencing these attempts and highlights the importance of monitoring such events for security.

This document describes a script that automates the creation of information base categories for every imported manage board in the CW Manage Plugin, saving approximately 30 minutes of manual work. It includes details on dependencies, variables, global parameters, and the process involved.

This document details a script designed to optimize ticket routing in ConnectWise Automate by creating descriptive and exact categories based on imported boards. It outlines the process, dependencies, and global parameters necessary for effective use, as well as providing insights into the expected output and time savings achieved through automation.

This document outlines a role used to detect servers that have the Certificate Enrollment Web Service Feature installed. It includes a detailed detection string and settings applicable for Windows operating systems.

This document outlines a role used to identify servers that have the Certification Authority feature installed. It includes a detection string and settings to effectively determine the installation state of the feature on Windows operating systems.

This document provides a PowerShell role designed to detect servers that have the Certification Authority Web Enrollment feature installed. It includes a detailed detection string and settings for compatibility with Windows operating systems.

This document provides a detailed overview of a script designed to uninstall Check Point Endpoint Security from Windows machines. The script handles drive decryption and requires multiple reboots for successful uninstallation, ensuring a thorough process. Caution is advised when using this script due to its reboot requirements.

This script is used to check the status of the RDP enable on the machine and update the same result in CF cPVAL RDP Enable Status.

This document provides a detailed overview of a script designed to automate the CHKDSK process for all internal drives on a machine. It includes parameters for ticket creation and outlines the process for checking and fixing bad sectors, along with logging output.

This document provides a detailed guide on how to remove extensions from popular Chromium-based browsers including Chrome, Edge, Brave, Vivaldi, and Chromium. It includes user parameters, task creation steps, and a sample PowerShell script for automation.

This document provides an overview of the Addresses Autofill Lockdown Status for computers monitored by the Lockdown Chromium Browsers Address Autofill remote monitor. It details whether the autofill feature has been successfully disabled in installed Chromium browsers and identifies any browsers where the disabling process has failed.

This document provides an overview of the Credit Cards Autofill Lockdown Status for computers monitored by the Lockdown Chromium Browsers Credit Card Autofill remote monitor, detailing the effectiveness of the autofill deactivation process across installed Chromium browsers.

This document details the process of auditing Chromium extensions installed on an endpoint, including example logs and dependencies. It provides insights into the execution of the audit script and its output, helping administrators maintain control over browser extensions.

This document outlines the procedure to clear enforced homepages in Chromium-based browsers. It details the process of removing specific registry keys that control homepage selection, new tab page control, and session restoration, ensuring a clean browser experience.

This document provides a comprehensive guide on installing the Cisco Secure Client along with necessary configurations and parameters required for a successful installation. It includes details about using URLs or managed files for the installer and outlines the required values for Umbrella installations.

This document provides a comprehensive guide on installing various Cisco Secure Client modules on Windows and MAC machines, including prerequisites, dependencies, user parameters, and detailed instructions for execution and troubleshooting.

This document provides a comprehensive guide for implementing the Cisco Secure Client Package Installation via ConnectWise RMM. It details prerequisites, dependencies, script creation steps, and module definitions to ensure a successful installation of the Cisco Secure Client and its components.

This document provides a detailed overview of a script designed to silently remove the OpenDNS Umbrella Roaming Client. It includes sample run visuals, global parameters, and process steps for effective uninstallation.

This document provides a detailed overview of a script that removes saved passwords from various web browsers, including Google Chrome, Microsoft Edge, Brave, and Mozilla Firefox. It highlights the script's functionality, sample runs, and the importance of closing browsers before execution.

This document outlines the steps to perform a Browser Saved Password Audit or Clearance using a custom PowerShell script. It includes sample runs, implementation details, and deployment instructions to ensure secure management of saved passwords across different web browsers.

This document describes the custom fields used in the creation of Dynamic Groups for Browser Saved Passwords and their application in the Task for Clearing and Auditing Browser Saved Passwords. It includes details about each field, its purpose, and implementation steps.

This document provides information on the Duplicate Password Count feature, which tracks the number of accounts with duplicate passwords in ConnectWise RMM. It includes dependencies, details about the feature, and a screenshot for reference.

This document outlines the necessary organization name required for deploying Threatlocker. It emphasizes the importance of matching the name with the existing organization in the ThreatLocker portal for successful deployment.

This document outlines the configuration of the ThreatLocker Authorization Key at the company level for Windows machines, including its dependencies and detailed field information.

This document provides instructions for storing the ThreatLocker Group key at the company level specifically for Macintosh machines. It includes details on how to obtain the group key and references to related solutions and documentation.

This document provides an overview of the Weak Passwords Audit solution within ConnectWise RMM, detailing the count of accounts with weak passwords on a domain. It includes dependencies, details about the fields used in the audit, and a screenshot for reference.

Documentation for the Compare-ADGroupMembers command to return information about membership changes to a group based on previous runs of the script.

This document outlines a script designed to send email alerts when unsynced or unmapped components are detected in the CW Manage plugin. The script runs weekly and checks for various unsynced configurations, generating a ticket in Autotask if issues are found.

This document outlines the process of auditing and implementing hardening rules and policies for CW Control (on-prem) servers, focusing on security enhancements and compliance with best practices as per the recent CW guidelines.

A comma-separated list of approved local admins for the client. Setting this custom field at the location or computer level will override the value set at the organization level.

If enabled, this option will automatically send a push request to the user's device when they attempt to log in. The default value is blank, which requires the user to manually request the push.

Select the required platform to enable Duo to auto-deploy.

Select Yes to exclude the device/location from DUO deployment automation.

If enabled, it will control whether offline access is permitted. For Duo, offline access allows users to authenticate without a real-time connection to Duo’s service, usually by using previously generated passcodes or other offline methods.

This determines the behavior when Duo's service cannot be reached. If enabled, the system will allow the user to log in (fail open). If disabled, the system will deny access (fail closed). The default is to fail closed.

The Host Key or API Hostname, which is the endpoint in Duo’s service that your application communicates with. This hostname is also found in the Duo Admin Panel and is necessary for setting up the integration.

This is a unique identifier for your integration with Duo’s service. It’s used to link the authentication requests from your application to the correct Duo account.

When enabled, Duo authentication is required only for remote logins via RDP. If not, Duo authentication is required for both console and RDP logins. The default is disabled, meaning Duo protects both.

This is a sensitive piece of information, akin to a password, used in conjunction with the IKEY. The SKEY is used to sign communication between your application and Duo’s service securely.

If enabled, it allows smart card login as an alternative to Duo authentication. If not, it disables the Windows smart card provider. The default is blank, which does not allow smart card login without Duo approval.

0 to disable Offline Access for User Elevation; 1 to enable Offline Access for User Elevation

0 to prevent Offline Enrollment during User Elevation; 1 to Enable Offline Enrollment during User Elevation

0 to respect existing Duo authentication control around logon; 1 to Disable Duo at logon and only prompt during User Elevation; 2 to enforce Duo at logon and User Elevation

The username format sent to Duo. One of: 0 for sAMAccountName (narroway), 1 for the NTLM domain and username (ACME\narroway), or 2 for the userPrincipalName (narroway@acme.corp)

Enable this custom property to require Duo after smart card primary logon, or not to allow smart card logon without Duo approval afterward.

This document outlines the configuration of a view in Kaseya VSA that excludes machines requiring Malwarebytes exclusion. It details the filters applied to this view and provides an overview of the dependencies and export attachments related to the view.

This document explains how to exclude Malwarebytes from the machine level by setting a specific configuration field. It provides details on the relevant field name and its usage within the system.

Select the operating system to activate the local admin group cleanup solution for the client. To exclude a specific location or computer, set this field to `Disable` at that level.

This CF is used to gather the output of the RDP Enable status

Threatlocker Authentication Key to deploy threatlocker Agent on windows machines

Enables Threatlocker auto-deployment for Windows or both Windows and Macintosh machines at the organization level.

Enable this custom field to exclude the location or device from Threatlocker Deployment.

Stores the Threatlocker group key for agent deployment on Macintosh machines

Organization name to be used for Threatlocker deployment. If deploying to an existing organization, the name must match the organization name in the ThreatLocker portal.

Select the operating system to enable Vulscan Discovery Agent deployment.

Specifies the install key for the VulScan Discovery Agent. The Install Key allows agents to be associated with the organization during the agent installation.

This document provides a detailed guide on creating a new MySQL user with Read-only permissions using ConnectWise Automate. It includes user parameters, sample run output, and process details necessary for executing the script effectively.

This document outlines the steps to create a monitor that generates a ticket for CRI Agent deployment failures, ensuring timely alerts for critical non-impact issues.

This document provides a detailed guide on how to install Crowdstrike on an agent using a script. It covers requirements, variables, global parameters, the installation process, and expected output logs.

This document provides detailed information about user profiles on computers, including data storage, dependencies, and the structure of the custom_proval_computer_accounts table. It is designed to assist with the management and auditing of user profiles within an organization.

This document outlines a monitor designed to detect agents where the CVE-2021-1675 patch has been installed, along with the application of custom mitigations against the exploit. It also includes relevant dependencies for further reference.

This document outlines a solution template for detecting, remediating, and auditing CVE vulnerabilities, specifically focusing on SMB Signing. It includes associated scripts, monitors, and implementation steps to ensure effective vulnerability management.

This document describes a client script that generates tickets for each client based on the count of computers requiring remediation for CVE-2016-2115 related to SMB Signing. It includes sample runs, variables used, and ticketing format for effective communication with clients.

This document provides a comprehensive overview of the status of the CVE-2016-2183 vulnerability on agents where the remediation script has been deployed, including details on the operating system, last contact, and vulnerability state.

This document details a script designed to detect and remediate the CVE-2016-2183 Birthday Attacks vulnerability related to 3DES cipher suites. It outlines the required execution settings, dependencies, variables, output, and ticketing processes for effective vulnerability management.

This document provides a comprehensive solution for detecting, remediating, and auditing the CVE-2016-2183 Birthday Attacks related to 3DES Cipher Suites. It includes templates for scripts, monitoring, and auditing to ensure effective management of this vulnerability across agents.

This document outlines a client script designed to create a ticket for each client where remediation is required for the CVE-2016-2183 Birthday Attacks 3DES Cipher Suites vulnerability. It includes details on dependencies, variables, output, and ticketing format.

This document outlines the method to track Domain Controllers where Enforcement Mode is disabled, including the detection string, comparator, and applicable operating systems for effective monitoring.

This document outlines the detection of Enforcement Mode Enabled on agents as part of the Rollups prerequisite check for CVE-2020-1472. It includes the detection string, comparator, result, and applicable operating systems.

This document details a script designed to restore System account permissions to folders affected by CVE-2021-1675, addressing access issues and enhancing security measures. It outlines the dependencies, script states, process, and expected output, ensuring users can effectively mitigate the risks associated with this vulnerability.

This document outlines a script that sets permissions for the user "System" on the C://Windows//System32//Spool//Drivers folder to DENY, aiming to prevent file injection related to CVE-2021-1675. The script also enables event logging for monitoring purposes, providing a comprehensive solution for security enhancement.

This document outlines a monitor designed to identify endpoints that may be vulnerable to the Windows CVE-2021-26858, specifically targeting Microsoft Exchange Server. It includes suggested configurations for alert styles, templates, and check actions to ensure timely detection and response to potential threats.

This document provides a script that removes the mitigation on the agent by deleting the imported registry entries related to the Office 365 zero-day vulnerability. It includes a summary, sample run, dependencies, variables, script states, process, and expected output.

This document outlines a script designed to detect the impact of CVE-2021-42321 on Exchange servers. Upon detection of the vulnerability, the script generates a ticket for further action. It includes global parameters, sample runs, and guidelines for mitigating the vulnerability through security patches.

This document provides a comprehensive solution for applying a temporary workaround for the Microsoft Support Diagnostic Tool Vulnerability (CVE-2022-30190) as released by Microsoft. It includes detailed implementation steps and associated content for monitoring and restoring registry keys.

This document provides a method to detect machines with a Microsoft 365 Apps / Microsoft Office version lower than those released on January 10, 2023. It includes information about dependencies and target systems, ensuring that all installations are compliant with the latest security updates.

This document outlines a PowerShell script designed to add registry keys for CVE-2023-32019 remediation on supported Windows operating systems. It includes options for reverting changes and emphasizes the importance of testing the script on a limited number of machines before wider deployment.

This document details an internal monitor designed to detect online Windows agents where the office is installed, and where mitigation efforts for vulnerabilities have not been attempted.

This document outlines a solution to protect against CVE-2023-36884, a critical vulnerability affecting Office and Windows that allows for remote code execution via HTML. It includes associated content such as scripts, dataviews, and internal monitors for effective mitigation.

This document provides a detailed overview of the computers where mitigation efforts for vulnerabilities have been attempted or applied. It includes essential information such as client names, locations, computer names, last contact times, operating systems, and the current status of mitigation efforts.

This document outlines a script that mitigates the vulnerability CVE-2023-36884 by checking the operating system and Office version, and applying necessary registry changes if conditions are met.

This document provides a detailed overview of how to enable the solution to disable fastboot on client Windows workstations, including field specifications and screenshots for reference.

This solution details the deployment and removal solution of the Malicious Software Removal Tool and provide its implementation process

This solution contains Copilot disabling/uninstall and revert optional addition to revert the copilot back if required

This solution details the deployment and removal solution of the Malicious Software Removal Tool and its implementation

This document provides a comprehensive data view of security information related to Automate users, including their permissions, last login details, and group assignments.

This document provides a comprehensive guide to configuring a ConnectWise Automate server with security settings. It includes information on firewall port settings, global parameters, and sample output from the script execution. This guide is essential for ensuring server hardening and security compliance.

This document describes a script designed to store the latest version of SonicWall NetExtender in the system properties, ensuring that the most up-to-date version is easily accessible and manageable.

This document outlines a monitor that reports any failed email occurrences that are not related to specific exclusions. It generates a ticket detailing the failed emails every hour, providing crucial information for troubleshooting and resolution.

This document provides a comprehensive guide on creating an automated backup script for Windows systems. It covers the necessary steps to set up the script, schedule backups, and ensure data integrity. This guide is ideal for users looking to streamline their backup processes and enhance data security.

This document provides an RMM-specific display of the client-level breakdown of machines that are missing a certain number of patches, including detailed columns for client ID, name, operating system, patch status, and machine count.

This document outlines a script designed to facilitate the installation of Windows updates on computers using the Deep Freeze Tool. It verifies the system state, pushes updates, and manages the transition between THAWED and FROZEN states to ensure a seamless update process without disrupting user experience.

This document outlines a monitoring solution designed to identify Dell endpoints that may be vulnerable to CVE-2021-21551. It includes suggested configurations for alerting and a detailed check action to assess vulnerability status.

This document provides a comprehensive overview of the Dataview that displays the dbutil status for machines checked against the Dell Security Vulnerability CVE-2021-21551. It details the script used for the check, its dependencies, and the columns included in the Dataview.

Monitors Dell server hardware events from Windows Event Logs generated by Dell OMSA.

The solution describes how to configure NinjaOne to automatically generate a CW Manage ticket for Dell OMSA alerts.

The condition runs the automation once per hour and generates a ticket with the script’s results if any monitored event log is detected.

This document provides a script that checks for the installation of Dell SupportAssist software on Windows machines and uninstalls it if found. The process includes verification of the uninstallation, ensuring that the software is no longer present on the system. The automation is designed to save time and streamline the management of software on Windows devices.

This document outlines a function script designed to deny specific patches present in the plugin_proval_denied_patches table, as referenced in the Deny Patches in Default Policy From Centralized ITGlue KBIDs - Flexible Asset. It details the process, variables, and dependencies involved in executing this function effectively.

This document describes a script designed to install the KB5005394 Out of Band Patch if it is not already installed. It includes prerequisite verification and may require multiple reboots during the installation process. The script ensures that the system is ready for the update and logs the outcomes of each step.

This document outlines the purpose and functionality of the internal monitor designed to detect Windows and Macintosh machines that are missing the Huntress Agent and have deployment enabled. It includes details on dependencies, client-level, location-level, and computer-level EDFs, as well as the alert template for deploying the Huntress Agent.

This document provides a comprehensive guide on installing the Huntress Agent on Windows and Macintosh machines. It includes details on ticket creation for installation failures, sample runs, dependencies, user parameters, and EDF configurations for effective deployment.

This document provides a comprehensive guide on installing the QuickPass Agent on Windows machines, detailing the necessary prerequisites, parameters, and configuration settings required for a successful installation.

This document outlines the creation of a dynamic group for machines eligible for Threatlocker deployment that do not currently have Threatlocker installed. It details the criteria for both Windows and Mac systems, ensuring proper identification and grouping for deployment.

This monitor detects both Mac and Windows agents that are missing Threatlocker agents.

Vulscan Discovery Agent Installation Script for macOS via NinjaRMM.

Triggers the auto-deployment script for Vulscan Discovery Agent on Macintosh machines where deployment is enabled.

Installs and configures the VulScan Discovery Agent on a Windows machine.

Triggers the auto-deployment script for Vulscan Discovery Agent on Windows servers where deployment is enabled.

Triggers the auto-deployment script for Vulscan Discovery Agent on Windows workstations where deployment is enabled.

This procedure outlines the steps to uninstall the old version of Malwarebytes and install the latest version on machines. It includes checks for the necessary installation token and provides detailed logs of the procedure execution.

This document explains how to create an RDP shortcut on the desktop of each user on a Windows computer, utilizing the target computer’s address or name from the Target parameter. It includes user parameters, output details, and sample run images.

This script gathers frequently logged-in domain users on workstations and associates the detected user as a contact in ConnectWise Automate. It analyzes the lsass.exe file to identify users, determines the most frequent user over a specified period, and updates the computer contact information accordingly.

This document provides a detailed overview of a script used to disable the Authenticode verification on Windows machines. It includes an example of the agent procedure log demonstrating the execution and results of the script, along with the necessary reboot for changes to take effect.

This document provides a script that disables BitLocker on all drives, ensuring that data encryption is turned off and allowing for easier access to the drives. It includes a reference to the content location for further details.

This document outlines a solution for detecting and disabling Internet Explorer on Windows computers. It includes associated content such as roles, internal monitors, scripts, and alert templates necessary for implementation.

This document provides a script that disables the NTLMv1.1 protocol on target Windows machines, specifically designed for use on Domain Controllers. It includes a sample run and output log details.

This document explains a script designed to check if Remote Desktop Protocol (RDP) is enabled on a Windows machine and disable it by modifying the relevant Registry value. It provides a detailed log of actions taken during the execution of the script, along with sample outputs and processes involved.

The script disables the RDP access on windows machines.

This document provides an overview of a script that disables the Sign-In option for all user accounts, ensuring users are not required to log in again after their screens lock. It includes a sample run image and details about the script output.

This document provides a PowerShell script to disable the SMB1 protocol on Windows operating systems, applicable for versions below and above 6.3. It includes sample run output and logging details.

This document outlines the process to disable the SMB1 protocol on a target machine, including script creation, implementation steps, and deployment instructions. It is crucial for enhancing security on Windows systems by preventing vulnerabilities associated with SMB1.

This document outlines a script that disables SQL Spy for all users in a ConnectWise Automate environment. It executes a query against the Automate server to modify user settings, ensuring that the change takes effect upon the next user login.

This document provides a script to disable Windows Defender Credential Guard by modifying the registry settings as outlined in a referenced article. It includes a sample run, dependencies, and variable descriptions, ensuring a comprehensive understanding of the script operation and its output.

Documentation for the Disable-PowerShellVersion2 command to disable the Windows PowerShell v2 feature if a newer version is installed.

This document outlines the procedure to display the enabled TLS versions on Managed Windows computers within the environment. It includes associated content links for remote monitors and dataviews to facilitate the gathering and display of TLS client and server versions.

This document provides a detailed overview of a script that automates the process of joining a target machine to a domain. It includes user parameters, process explanation, and expected outputs, highlighting the time saved by automation.

This document provides a detailed guide on how to join a non-domain joined computer to a domain using a specific script within ConnectWise RMM. It includes user parameters, task creation steps, and sample run images to assist users in the implementation process.

This document outlines the implementation and details of a monitor that generates a ticket when the trust relationship between a domain and a workstation is broken. It includes suggested settings, dependencies, and ticketing information for effective management.

This document provides an overview of a monitor designed to detect "SMART Failure" on drives that exceed the manufacturer-recommended thresholds based on SMART errors. It is intended for use on all Windows machines to ensure drive health and prevent data loss.

This document outlines the procedure for installing and upgrading Duo for Windows, including detailed logs of the execution steps and their statuses. It provides insights into the commands used, the success of each step, and the overall effectiveness of the installation process.

This document outlines a monitoring setup designed to identify computers with outdated versions of the DUO Authentication Proxy application installed. It includes specific details on check actions, server address, check types, and execution commands necessary for effective monitoring.

This document provides detailed information about the custom fields used in the DUO Auth Proxy Deployment Solution, including dependencies, field types, and step-by-step instructions for creating custom fields within the system.

This document outlines the devices where the DUO Security Authentication Proxy application deployment failed, providing details for auditing purposes and instructions for creating a dynamic group in ConnectWise RMM to track these failures.

This document provides a summary and settings for detecting the installation of the Duo Authentication app on various operating systems, including Windows and Mac. It includes a detection string and applicable settings for monitoring the presence of the application.

This document outlines a monitor designed to detect online Windows agents with outdated DUO Authentication for Windows Logon. It also identifies agents with specific client EDF settings and exclusions not applied at the location or computer level.

This document outlines a solution for managing the installation and updating of the DUO application, ensuring it remains patched and up-to-date against vulnerabilities like CVE-2024-20292. It includes associated monitors and scripts for detecting the latest version and implementing updates automatically.

This document outlines the required custom fields for deploying Duo Authentication for Windows Logon, detailing their configurations, dependencies, and steps to create them within the system.

This solution is designed to configure the automatic deployment of the Duo Auth application on Windows and Macintosh machines that are missing the agent, using the NinjaOne platform.

Installs and configures the latest version of Duo Two-Factor Authentication for macOS.

Triggers the auto-deployment script for Duo on Macintosh machines where deployment is enabled.

This script will install or update DUO if the currently installed instance is older than the latest released version. It matches the hash of the installer from the official website before deploying it.

Triggers the auto-deployment script for Duo on Windows servers where deployment is enabled.

Triggers the auto-deployment script for Duo on Windows workstations where deployment is enabled.

This script performs the installation/upgrade of the DUO Desktop to the latest version.

This solution contains the content for the auto-deployment/on demand execution of the DUO Desktop application

This document provides a comprehensive guide on how to install or update DUO for Windows Login. The script checks if the currently installed version is older than the latest release, verifies the installer hash, and downloads the latest installer from the official DUO site before deploying it.

This document outlines the implementation of a monitor that creates a ticket when duplicate passwords are detected on a domain controller. It includes dependencies, target specifications, and step-by-step implementation instructions.

This document provides an overview of how to include the PowerShell version in a serial key. It outlines the detection string used, the comparator, and the applicable operating systems for this method.

This document outlines the execution of the Lock Stolen System script against machines marked with the Mark System As Stolen EDF, along with the process of monitoring these systems through Automate.

This document explains how to enable Advanced Windows Security Auditing in Microsoft Windows to monitor and record security-related events. It details the setup of alerts and the necessary scripts to ensure comprehensive security monitoring on managed Windows servers and workstations.

This document outlines a script designed to fully enable Advanced Windows Security Auditing on a computer system. It configures security settings to capture all security events and can create a ticket for failures to alert system administrators.

This document provides a detailed guide on enabling Authenticode Verification on Windows machines. It includes an example agent procedure log that demonstrates the successful execution of the script and the necessary reboot to apply changes.

This document provides instructions for enabling Bitlocker on Windows endpoints that meet specific requirements such as running Pro or Premium versions of the Windows OS, having hardware TPM, and adhering to group policy settings. It also outlines the email notification process for failures and informs about the script location in ProVal VSA.

This document details the process of initializing TPM as part of the provisioning process for a Trusted Platform Module (TPM). It includes user parameters, task creation steps, and sample runs for successful implementation within ConnectWise RMM.

This document provides a detailed guide on how to enable Windows Update access by overwriting the DisableWindowsUpdateAccess registry key at the computer and user levels. It includes sample runs, task creation steps, and the PowerShell script necessary for implementation.

Documentation for the Enable-TPM command to initialize and provision a Trusted Platform Module (TPM).

This document provides details about the Client Level SentinelOne Management Server, including its dependencies, field details, and screenshots for reference. It is updated by the SentinelOne Management Console Validation task and outlines editable fields for user interaction.

This document provides an overview of the Computer Level SentinelOne Management Server, detailing its dependencies, editable fields, and includes screenshots for better understanding. It is updated by the SentinelOne Management Console Validation task, ensuring accuracy and relevance.

This document outlines how to exclude a machine from Threatlocker Deployment by setting a custom field to "Yes". It includes details on dependencies, field specifications, and a screenshot for reference.

This document provides information on the FastBoot Disabled Indicator, detailing its functionality, default values, and editable status. It includes a summary of the indicator, a detailed table of its fields, and screenshots for visual reference.

This document outlines the storage of the TPM status of a machine, detailing its dependencies, field definitions, and providing visual examples through screenshots. The information is updated by the Get TPM Status task within ConnectWise RMM.

This document details the configuration of a VPN on endpoints using Managed Variable data, addressing various use cases such as additional connection gateways, Split Tunneling, and credential memory. It also outlines the creation of a desktop shortcut for user convenience.

Enforces Bitlocker encryption method. If a machine is found to be out of compliance, this task will decrypt the drive and re-encrypt it with the target method using a recovery password as the key protector. If a previous recovery password is detected, it will be used for the new encryption.

This document provides a detailed procedure for enabling Windows Firewall on an endpoint, including example logs and steps taken during the process. It ensures that the firewall is activated and logs the actions for review.

This script disables the Windows PowerShell v2 feature, ensuring that a newer version is installed beforehand. It checks for the presence of a PowerShell version greater than v2, installs it if necessary, and then disables v2. The process includes logging and error handling to ensure successful execution.

This document outlines the process to ensure that the screen saver settings are enabled and configured to a specified timeout. It includes sample runs, dependencies, global and user parameters, and expected output files.

This document outlines a script for creating snapshots of virtual machines hosted on an ESXi server using the VMware PowerCLI module. It includes prerequisites, dependencies, user parameters, and alerting mechanisms for successful and failed executions.

This document provides a method to check the eventlog database table for specific event IDs (5827, 5828, 5829) related to the Netlogon vulnerability identified in CVE-2020-1472. It is essential for maintaining the security of domain controllers.

This document provides a detailed overview of a script that checks security events related to admin memberships, helping to ensure proper access control and security compliance within your organization.

This document outlines the process of deploying Evo Agent from CW Automate.

This ticket template is used to manage the CW Manage ticket generation settings for the Excessive Logon Attempts Alert Condition

This document outlines the steps to create a monitor that checks for security event log event ID 4625 where the count of occurrences exceeds a specified threshold in the last 60 minutes. It includes implementation details, dependencies, and ticketing information for alerts related to possible brute force attacks on endpoints.

This document outlines a solution for monitoring domain controllers for excessive logon failures within a one-hour window, which may indicate a potential brute force attack. It includes details on custom fields, dynamic groups, tasks, and monitoring setup necessary for effective security management.

Detects and summarizes failed logon attempts (Event ID 4625) from the Windows Security event log within a specified time window.

The condition runs the automation once per hour and generates a ticket with the script’s results if any monitored event log is detected.

This will Detect and summarize failed logon attempts (Event ID 4625) from the Windows Security event log within a specified time window.

This document provides a detailed guide on resolving the stuck email issue in Microsoft Exchange. It outlines the necessary steps to verify the impacted version, remove existing engines, update to the latest engine, and verify the engine update information to ensure smooth email transport.

This document outlines a script designed to detect recent vulnerabilities associated with Exchange Server, specifically targeting CVEs related to the Zero Day vulnerability. It checks for the presence of necessary patches and can create tickets for unresolved vulnerabilities, improving response times and security management.

This document provides a guide on how to create a custom field that allows you to exclude a site from Huntress Deployment, which is useful for managing device groups in ConnectWise RMM.

This document outlines the configuration and requirements for the automated internal monitor that runs the HP iLO Health Report script weekly. It details how to properly store credentials, the execution process, and adjustments for update frequency, ensuring consistent data collection without manual scheduling.

This document outlines the execution of the WebP Vulnerability Report script on managed Windows computers, detailing its dependencies and alert template setup for monitoring vulnerabilities weekly.

This document outlines a solution that alerts administrators if a computer or multiple computers have an incorrect Webroot Keycode assigned. It includes dependencies and target information for effective implementation.

This document outlines the process for executing the Winget App Audit script weekly on Windows machines, including dependencies and target settings for effective monitoring and management.

This document outlines a script designed to automatically generate and distribute a report on the Multi-Factor Authentication (MFA) status of Office 365 users for a specified ClientID. It details the requirements, setup process, and sample runs of the script, as well as the necessary configurations for Office 365 integration.

This document outlines a procedure to check if endpoints are domain-joined and reports on the detection of external DNS. It includes associated content for custom fields and agent procedures that facilitate this check.

This document outlines a procedure to verify if a machine is domain-joined and to check its DNS settings. It includes an example agent procedure log detailing the actions taken during the check and the outcomes of each action.

This document provides a comprehensive overview of the Extradatafields (EDF), including their details, usage, and values within the system. It lists various attributes of the EDFs, such as ID, name, type, level, and associated values, along with notes on their usage status.

This document provides a detailed guide on disabling fast boot in Windows through registry modifications. It includes sample runs, processes involved, and output logs to ensure successful execution.

This document provides details on setting a custom flag to exclude an endpoint from SentinelOne deployment. It includes information on dependencies, field names, and editable options to ensure proper configuration.

This solution shows the folder redirection auditing of the active user folders on the computer

This document provides an overview of the Folder Redirection Audit, detailing the information displayed related to folder redirection on endpoints, including dependencies, columns, and their descriptions.

This script performs the folder redirection audit for the redirected folders of all users of the Windows machines. The folders which are used for audit are (Desktop, Document, Download, My Picture, My Video, My Pictures, Local AppData, History, Cookies, Cache, AppData, Favorites, Fonts, CD Burning, Administrative Tools, NetHood, Personal, PrintHood, Programs, Recent, SentTo, Start Menu, StartUp, Templates)

This document provides a script designed to create or remove shared folders on a Windows device, detailing parameters, dependencies, and expected outputs for users.

This document provides a detailed overview of a script that enables users to create or modify multiple registry keys, including their names, values, and types. It includes sample runs, user parameters, output details, and frequently asked questions regarding registry properties.

Exports a detailed report of all domain users to a CSV file from a Windows Domain Controller. (Path: C:\ProgramData\_Automation\Script\Get-DomainUsers\DomainUsers.csv)

This document outlines the implementation of the agnostic script for collecting data on Firefox extensions within ConnectWise Automate. It details the dependencies, process steps, and the expected output including script logs and a custom table.

This document provides a detailed guide on how to fetch the TPM Status of a machine and store it in a custom field within ConnectWise RMM. It includes sample runs, task creation steps, and the required PowerShell script to execute the task successfully.

Documentation for the User-Audit to retrieve specific or multiple users auditing for information username, sids, and status using the string pattern match

Downloads and executes a user profile collection script, exporting local user profile data to CSV. (Path: C:\ProgramData\_Automation\Script\Get-UserProfiles\UserProfiles.csv)

Documentation for the Get-ADBitlockerStore command to return objects from Active Directory representing backed up Bitlocker key protectors.

Documentation for the Get-BitLockerState command to check and report the BitLocker encryption status of drives on a Windows system.

This document provides an overview of a PowerShell script designed to rebuild the WMI repository, including its requirements, process, usage, and parameters. The script ensures proper handling of user permissions and service states while attempting repairs on the WMI service.

Documentation for the Get-GroupMembers command to return all groups and their members for a local system, Active Directory, or Azure Active Directory.

Documentation for the Get-NewDomainAdmin command to get domain users that have been granted elevated permissions since the last run of the script.

Documentation for the Get-NewLocalAdmin command to get user accounts that have been granted elevated permissions since the last run of the script.

Documentation for the Get-NewLocalUser command to get newly added local users since the last run of the script.

Documentation for the Get-UserChildItem command to query the C:\\users folder for all users, find the relative subfolder you provide, and return the file properties you would find by running "Get-ChildItem".

Documentation for the Get-UserProfiles command to gather information about user profiles on a Windows system.

Documentation for the Get-UserRegistryValue command to obtain specific registry values for all users.

This document provides an overview of the Kaseya Onboarding Audit script, which performs an extensive audit of Kaseya VSA configurations and outputs the results to an Excel spreadsheet. It details the requirements, process, parameters, and output locations for the audit results, ensuring users can effectively utilize the script for auditing purposes.

This document outlines a script that removes the "Automate Agent Deployment" group policy from the Domain Controller server, saving approximately 10 minutes of manual effort. It includes a sample run, process details, and expected output.

This document provides a PowerShell script that modifies the properties of the default password policy for a domain. It includes parameters for lockout duration, threshold, observation window, password complexity, encryption, and age settings. The script aims to enhance security by enforcing stricter password policies and is designed to save time by automating the process.

This document details a script that configures the screen lock timeout for Windows Domain Controllers using global variables. By default, the timeout is set to 900 seconds, but it can be adjusted according to your organization's best practices. The script includes parameters for applying the settings to the entire domain and logs the output for review.

This document provides a detailed overview of the default password policy in a domain, including its key components and dependencies. It outlines the various settings that govern password complexity, length, history, and account lockout procedures, ensuring a comprehensive understanding of the security measures in place.

This document provides a comprehensive overview of the GPO Audit Dataview, detailing information about Group Policy Objects (GPOs), their applied policies, and their linkage within Active Directory environments. It outlines the dependencies required for implementation and describes the columns used to present the data effectively.

This document provides an overview of a dataview that displays information related to Group Policy Objects (GPOs) in Active Directory, focusing on security policies. It outlines dependencies, columns, and details necessary for auditing GPOs effectively.

This document outlines the best practices for hardening ConnectWise Automate, including user accounts, group policy edits, internet access considerations, and critical passwords. It also covers firewall settings and TLS configurations to enhance security.

This document outlines the best practices for hardening ConnectWise ScreenConnect, including user accounts, group policy edits, internet access considerations, and critical passwords. It also covers firewall settings and TLS configurations to enhance security.

This document outlines the implementation of a monitor that creates a ticket in ProVal's AutoTask Portal when fewer heartbeats than expected are detected from machines checking in within the environment. It includes dependencies, target settings, and ticketing details for alerts.

This document describes a script that modifies the host file on a machine by taking user-defined parameters for DNS names and IP addresses. It includes a sample run, dependencies, user parameters, and the process for execution, ensuring proper management of DNS entries.

This document provides a summary of the Host File Audit Dataview, detailing the uncommented content of the host file fetched by the EPM - Windows Configuration script. It includes important columns such as Client Name, Location Name, Computer Name, and more, along with their descriptions.

This document provides a comprehensive guide on how to retrieve an iLO health report using a PowerShell script. It includes requirements, client-level password entry instructions, sample runs, dependencies, and ticketing capabilities for failures encountered during execution.

This document provides an overview of the dataview that presents information about iLO-enabled HP Servers where the password entry for the iLO Automation Password is not stored in the client-level password tab. It assists in identifying clients and servers for which the HP iLO Credential Missing Detection script will generate a ticket, along with instructions on how to exclude certain computers from monitoring.

This document outlines a script designed to manage the installation and uninstallation of the Huntress application on target machines, detailing action parameters, processes, and expected outputs.

Reset Huntress Managed Microsoft Defender and reset Microsoft Defender to defaults

This document provides a detailed guide on installing the Huntress agent on Windows machines, including prerequisites, dependencies, and step-by-step instructions for script creation and deployment within ConnectWise Automate.

This document provides a detailed guide on how to re-register the Huntress Agent in the portal for the endpoint using a custom script. It includes step-by-step instructions for creating the script, setting up variables, and handling script execution and logging.

This document provides a comprehensive guide for reinstalling the Huntress Agent using a PowerShell script. It includes detailed steps for setting up the required variables, downloading the necessary script, and executing the installation process, along with error handling and logging mechanisms.

This document outlines the process for creating a PowerShell script to repair the Huntress Agent. It includes detailed steps for setting up the necessary variables, downloading the repair script, and logging the output of the operation.

This document provides a detailed overview of a script that downloads and installs the Huntress Agent silently on a Windows machine, saving significant time through automation. It includes global parameters, process steps, and sample output.

This document provides a detailed report on the installation status of Sentinel One and Huntress for various locations. It includes information on whether the installations are allowed, the count of agents installed, and the count of missing agents for both Sentinel One and Huntress at each location.

This document outlines the CW RMM task for installing the Huntress Agent, detailing the custom field used to track installation failures. It provides guidance on creating the custom field necessary for monitoring and ticket creation based on installation results.

This document outlines the process of applying the IISCrypto BestPractice Template to remediate the SWEET32 Vulnerability. It details the requirements for the setup, user parameters for reboot options, and the expected output after execution. A mandatory reboot is necessary to validate the changes made by the template.

This document outlines the steps to manage the ProVal - Production - Security - Excessive Failed Logins monitor in your environment, including the removal of existing instances, refreshing group status, executing SQL queries for monitor setup, and implementing alert templates for effective monitoring.

This document provides a comprehensive guide on implementing SMB1 vulnerability management in your system. It includes SQL insert queries for setting up extra fields, sensor checks, remote monitors, and group configurations necessary for effective vulnerability management and monitoring.

This document outlines the installation process for populating a MySQL database with a list of potential Log4Shell affected software. It includes instructions for both on-prem and hosted partners, detailing necessary parameters, dependencies, and expected outputs.

This document provides a step-by-step guide on how to enable the Bitlocker feature for specific groups using SQL queries in ConnectWise Automate. It includes instructions on obtaining group IDs, modifying the SQL query, and executing it to apply the remote monitor settings.

This document provides a step-by-step guide to setting up a remote monitor for security event logs in ConnectWise Automate. It includes obtaining group IDs, constructing SQL queries, and applying alert templates for effective monitoring.

This document provides a step-by-step guide on how to set up a remote monitor for checking TLS versions within specified groups in your database. It includes obtaining group IDs, modifying SQL queries, and executing them to establish the monitor.

Documentation for the Import-LMCertificate command to import a certificate to one or more local machine stores.

This document outlines the process to create a dynamic group in ConnectWise RMM that filters Infrastructure Masters where the Recycle Bin is not enabled. It includes criteria for the group and dependencies for enabling the AD Recycle Bin.

Documentation for the Initialize-BitLockerVolume command to encrypt a drive with BitLocker disk encryption.

This document outlines a script that manages the installation of approved patches on a machine, including user interaction for reboot scheduling and notifications for pending actions. It handles scenarios where the user is logged in or not, provides prompts for reboot timing, and ensures that users are informed of available patches and any installation failures.

This document provides a comprehensive guide on a PowerShell script that checks for Windows updates and installs all available updates, including drivers, with a focus on PC staging to ensure a new machine is fully updated. The script includes parameters for ticketing and system properties management.

This document provides a script that installs a certificate to a specified location on Windows and MAC machines. It explains how to use the User parameter to provide a direct download URL for the certificate and details the sample run for both environments.

Detects windows machines where Evo Agent deployment is enabled and application is not installed.

This script installs the Evo Credential Provider on a Windows machine using the arguments set into the client-level EDFs.

This document details a modified script for the Webroot Plugin installation, enabling automatic deployment through ConnectWise Automate. It outlines the script functionality, dependencies, variables, and process for both installed and non-installed software scenarios.

Documentation for the Install-CiscoSecureClient command to install the Cisco Secure Client and selected modules.

This document outlines a script that disables Internet Explorer on a Windows machine, detailing the process, dependencies, and variables involved in the execution. It includes information on user prompts, reboot options, and the expected outcomes of the script.

This document provides a detailed overview of the audit script that reflects the TLS and SSL settings enabled in Internet Explorer. It includes dependencies, a summary of the data view, and the columns used in the report.

This script allows users to enable or disable various SSL and TLS protocols based on user input. It modifies the machine-level registry settings for Internet Explorer to set the desired security protocols, providing a flexible solution for managing secure connections.

This document provides detailed information on the SSL and TLS settings configured for Internet Explorer on the machine, including dependencies, columns, and descriptions relevant to the advanced security configurations.

This document outlines a monitoring solution that detects online machines with Internet Explorer installed by checking if the "Internet Explorer Installed" role is enabled. It includes an alert template for autofixing the issue and provides SQL query details for limiting the target to relevant computers.

This document outlines the process for determining whether a Windows machine is enrolled in Intune, including the necessary detection string and implementation steps for importing the role into the system.

Retrieves and/or applies IISCrypto current details on the system

Documentation for the Invoke-UserLogout command to log a specified user or users out of the system.

This document outlines the steps to identify machines where IPv6 is enabled on any network adapter. It includes a detection string, comparator, and applicable operating systems for effective implementation.

This document outlines the process to validate whether a computer is a primary domain controller. It details the dependencies and provides sample values for the custom field used in the ConnectWise RMM platform.

This document provides a detailed overview of a script designed to check Kaseya endpoints for vulnerabilities related to the REvil attack. It includes information on dependencies, process flow, and expected outputs, aimed at enhancing endpoint security.

This document provides details about a script that performs a vulnerability scan on a Kaseya VSA server, logging the output to a dependent dataview. It includes a summary of the script functionality, sample run images, dependencies, and the processes involved in detecting vulnerabilities.

This document provides a script for updating the Windows Recovery Environment (WinRE) to address a BitLocker security bypass vulnerability (CVE-2022-41099) in Windows 10 and 11. It includes details on supported OS versions, variables used in the script, sample run outputs, and references for further information.

This document describes a script that automates the updating of WinRE images on supported Windows operating systems to address security vulnerabilities identified in CVE-2024-20666. It provides an overview of the process, dependencies, global parameters, and expected output.

This document explains how to determine the value of the KrbtgtFullPacSignature registry key for Domain Controllers. It includes details on the role of the registry key in managing Kerberos protocol changes and provides a detection string for implementation.

This document provides a streamlined script for resetting the KRBTGT Active Directory account. It includes a sample run, dependencies, and output details, while emphasizing the need for caution when executing the script.

This document provides a detailed guide for implementing the KRBTGT Account Reset Keys task in an RMM system. It includes setup instructions, user parameters, and sample runs to ensure the successful execution of the task, while emphasizing the importance of manual verification.

This report evaluates BIOS versions against a list of known vulnerable versions, providing a comprehensive analysis for system administrators to ensure their devices are secure. It includes detailed report parts, filtering options, and a sample report for reference.

This document outlines the internal monitor that detects Windows computers where the local admin group cleanup process is enabled but has not been executed in the past 7 days. It provides details on dependencies and alert templates for effective monitoring.

Cleans up and manages the local Administrators group based on approved users from the custom field "cPVAL Approved Local Admins".

This document outlines the steps for implementing the Local Admin Group Cleanup solution to manage members in the local admin group on Windows machines from Ninja One.

This document outlines the steps for implementing the Local Admin Group Cleanup solution to manage members in the local admin group on Windows machines. It includes update notices, associated content, and detailed implementation instructions.

This document details a script designed to manage local admin group members by removing unauthorized users and adding approved members. It includes execution guidelines, dependencies, and configuration details for effective use in a Windows environment.

Triggers the Local Admin Group Cleanup automation on Windows Servers where cleanup is enabled.

Triggers the Local Admin Group Cleanup automation on Windows Workstations where cleanup is enabled.

This document outlines a script that facilitates the setup of local overrides on machines to prevent them from being patched. It details the process of checking for existing policies, creating new ones if necessary, and logging the actions taken. The script aims to save time by automating the management of patch policies.

This document outlines a monitoring solution that detects local users who have not logged in for the last 90 days on Windows servers. It includes dependencies and targets for effective user management.

This document provides a detailed overview of a script designed to track and lock down stolen systems. It outlines the script functionality, sample runs, variables, global parameters, and the ticketing process for reporting stolen devices.

This document provides a comprehensive guide to configuring lockdown settings for browsers within a ConnectWise Automate environment. It includes steps for importing client, location, and computer level Extra Data Fields (EDFs), creating searches and groups, and setting up remote monitors to ensure effective management of browser lockdown features.

This document provides a step-by-step guide for implementing the Lockdown Browsers Autofill solution, including SQL queries for creating and configuring necessary components such as EDFs, searches, groups, and remote monitors.

This document describes a script that disables the password manager and autofill features for Edge, Chrome, Brave, and Firefox browsers. It also provides instructions on how to clear saved passwords and disable Edge Wallet, ensuring enhanced security and privacy for users.

This document describes a task that disables the password manager and autofill features for Edge, Chrome, Brave, and Firefox browsers. It also provides instructions on how to clear saved passwords and disable Edge Wallet, ensuring enhanced security and privacy for users.

This document outlines the procedure for disabling the Password Manager in web browsers such as Google Chrome, Mozilla Firefox, Microsoft Edge, and Brave, including necessary registry changes and the implications of such actions on Autofill features.

The Lockdown Browsers Password Manager and Autofill solution enhances web browser security by disabling features that could expose sensitive user information, specifically targeting credit card and address autofill functionalities in Chromium-based browsers.

This document explains how to disable the Autofilling feature for addresses in Chromium-based browsers such as Google Chrome, Microsoft Edge, and Brave by modifying the computer registry settings. It includes details on affected settings, dependencies, and implementation steps.

This document outlines the process for disabling the Autofilling feature for credit cards in Chromium-based browsers including Google Chrome, Microsoft Edge, and Brave by modifying registry settings. It includes details on affected settings, implementation suggestions, and dependencies for effective monitoring.

This document provides a comprehensive overview of the EDFs filled by the SEC - Endpoint Protection - Script - Log4J (Log4Shell) File Scan, detailing vulnerability information related to the Log4J/Log4Shell exploit and the results of the scans conducted.

This document provides a comprehensive report on potential Log4J/Log4Shell vulnerabilities, detailing affected applications based on a curated list from GitHub. It includes dependencies for endpoint protection and outlines the relevant columns for tracking vulnerabilities.

This document provides an overview of the Log4Shell Vulnerability Scan Script, detailing its functionality, dependencies, and the output it generates. The script is designed to identify vulnerabilities in target systems and save relevant information to EDFs for comprehensive reporting.

This document outlines a script that effectively removes residuals left by the Log4J (Log4Shell) File Scan script, including the cleanup of the Everything service. It provides a summary, sample run, and dependencies for successful execution.

This document outlines the steps to export the Log4J Scan & Mitigation procedure from the Shared > PVAL Content Source and import it into the client environment. It includes instructions on editing the procedure to update the email global variable to reflect the client’s primary contact and logging the deployment in the specified tracker.

This document discusses the use of the revised Datto Scrip, credited to Stephen Nix, for scanning endpoints for attacks and potential vulnerabilities. It outlines the requirement for an email to be specified in the script and explains the notification process for detected threats.

This document provides an overview of potential Log4Shell vulnerabilities and the associated risks to Automate agents. It includes links to various resources such as custom tables, dataviews, and scripts that facilitate the identification and remediation of these vulnerabilities.

This document provides a method to run auditpol.exe to check if logon success and failure auditing is enabled on Windows Active Directory Controllers. It includes the necessary detection string and applicable operating system information.

This document explains the managed variable used to store the partner Microsoft M365 tenant ID, which is essential for configuring various OneDrive group policies. It provides guidance on how partners can obtain their tenant ID and outlines the associated managed variable details.

This document explains how to add ComputerIDs into the result field for tracking machines, specifically for cases involving stolen or missing systems. It provides insights on the global target and its implications for asset management.

This document describes an internal monitor designed to detect Windows machines that are likely experiencing stalled patching processes, ensuring timely updates and security compliance.

This document outlines the steps to create a dynamic group that filters Windows machines with the Huntress Agent installed. It includes criteria for software installation and group management instructions.

This script will block the MSRT patches to be enrolled to the Windows and also provides feature to Uninstall it completely.

This script disables and uninstalls the MSRT from the endpoint and provided option to creates ticket if failure detected.

This document outlines a script that downloads and executes the latest version of the Microsoft Malicious Software Removal Tool Scanner. It logs the results and sends an email with the outcome to specified addresses, and it also includes an option for automatic infection resolution.

This script performs the endpoint scanning using the MSRT and provided option to creates ticket if failure detected.

This group includes the endpoint where the MSRT scanning required to be enable.

This group includes the endpoint where the MSRT needed to be uninstalled and disabled.

This document describes a script that downloads an uninstaller tool from the Malwarebytes webpage and automates the uninstallation process of Malwarebytes from a target machine, saving time and ensuring successful removal.

This document outlines two agent procedures, ISO Mount Disable and ISO Mount Enable, designed to manage end-user access to mounting ISOs in Windows environments. It includes example logs and a detailed process for modifying registry settings to enable or disable ISO mounting capabilities.

This document provides a detailed overview of an Automate implementation for the agnostic solution to remove McAfee products from Windows machines. It includes a summary of the script, sample run visuals, dependencies, process steps, and expected output logs.

This document provides details on detecting Azure AD joined machines using a specific PowerShell command. It includes the detection string, the comparator used, and the applicable operating systems. Understanding this detection mechanism is essential for managing Azure AD environments effectively.

This document provides a role definition for tracking machines that are joined to a domain. It includes a detection string that checks the Azure AD and Enterprise join status to confirm if a machine is domain joined.

This document provides a method to use dsregcmd.exe to query the system and determine the domain and Azure domain join status. It includes a detection string and applicable OS information for implementation.

This document provides a detailed overview of a script designed to enforce the installation of specified extensions in the Chromium version of the Microsoft Edge browser. It outlines the dependencies, variables, user parameters, and the process involved in executing the script, ensuring a seamless installation experience for users.

This document outlines a script designed to remove the enforcement of the installation of specified extensions in the Chromium version of the Microsoft Edge browser. The process includes details on dependencies, variables, and the overall operation of the script, ensuring users can effectively manage their browser extensions.

This document provides details on a script designed to remove enforced homepage settings in the Edge browser by scanning and modifying the Windows registry. It includes sample runs, dependencies, and output information to assist users in executing the script effectively.

This document outlines a script that adds a registry policy to enforce a specific homepage in Microsoft Edge (Chromium). It details the necessary dependencies, user parameters, and the process for executing the script, along with sample output and logs.

This document outlines an internal monitor designed to detect machines running outdated versions of Microsoft Edge. It is intended for use on all Windows machines to ensure that users are utilizing the latest browser updates for security and performance.

This document describes a script designed to run the Exchange on-premise mitigation tool provided by Microsoft Exchange. It detects the Hafnium CVE, creates a ticket if found, and executes a full scan to implement the necessary mitigation. The script is intended for use on Windows Exchange servers only, saving approximately 30 minutes of manual effort.

This document provides a detailed implementation guide for redirecting Windows known folders such as Desktop, Documents, Pictures, Screenshots, and Camera Roll to Microsoft OneDrive using group policies. It includes dependencies, usage instructions, and customization options for partners.

This document provides a comprehensive overview of the workaround for the Microsoft Support Diagnostic Tool (MSDT) vulnerability, detailing its dependencies, tracking progress, and the status of associated registry keys.

This document outlines the Internal Monitor designed to remediate the CVE-2022-30190 MSDT vulnerability by detecting machines with the MS-MSDT Registry Key role. It includes details on dependencies and the target environment for effective implementation.

This document provides an overview of how to check the Windows registry for the stored credentials flag related to WDigest. It explains the implications of the flag being set or not and highlights potential vulnerabilities associated with it, including references to Mimikatz.

This document outlines the method for tracking devices vulnerable to Mimikatz using a registry-based detection string. It includes the necessary settings and applicable operating systems for effective monitoring.

This document provides an overview of an autofix script designed to disable the MimiKatz registry setting if a monitor detects it is enabled. The script is integrated with ticketing to manage service requests and logs its actions for review.

This document outlines a solution for creating a dataview that provides a breakdown of machines at the client level that are missing a specified number of patches. It includes associated scripts and views necessary for implementation.

This document details a script that adds a registry policy to enforce a specific homepage in Mozilla Firefox. It includes information on dependencies, user parameters, and the output generated by the script, which helps manage browser settings efficiently.

This document outlines a method to detect the presence of the HKEY_CLASSES_ROOT/ms-msdt Registry Key, which is crucial for temporarily remediating the CVE-2022-30190 MSDT vulnerability on Windows systems.

This document provides a detailed guide on creating a custom fields for the MSRT(Malicious Software Removal Tool) in ConnectWise RMM. It includes instructions on how to set up the field, its properties, and its importance in associating MSRT with their respective organizations.

This document outlines a solution for performing MSRT scanning, including optional auto-fix features for detected infections and data storage for auditing purposes. It includes associated scripts, monitors, and dataviews necessary for implementation.

This document provides information about the MSRT scanner status dataview, which stores the results of the Malicious Software Removal Tool scanner and disabling. It outlines the dependencies, columns, and descriptions related to the agent status in the RMM system.

This document provides a detailed overview of the MSRT Scanner Monitor, which detects online Windows-supported agents and ensures compliance with the client EDF settings for the Malicious Software Removal Tool. It outlines the dependencies, target systems, and ticketing information for effective reporting and monitoring.

This document provides a detailed overview of a monitor designed to alert users when two or more antivirus products are present on a Windows machine. It outlines the requirements, setup instructions, and potential FAQs related to the functionality of the monitor.

This document describes a script that gathers all users in the database and grants the necessary permissions for the agentdeploymentreadinesscheck table for both Hosted and On-Prem Clients. The script is designed to save time by automating the permission assignment process and should be scheduled to run every 12-24 hours.

This document provides a script designed to insert the latest version of the SEC - Windows Patching - Custom Table plugin, ensuring your systems are updated with the most recent Windows versions and their support status.

This document explains the process of creating the plugin_proval_v_monitoraudit View, which is essential for populating data in the Automate Monitor Audit dataview. It includes steps for dropping the existing view, creating a new one, and assigning permissions to users.

This document provides a detailed overview of the process for importing the plugin_proval_v_patching_metrics_overview view into the database, including steps to drop the existing view, create a new one, and assign permissions to Automate users.

This document outlines the process of dropping an existing view and recreating it, followed by executing a script to update user permissions for ProVal custom tables in ConnectWise Automate. The automation aims to enhance efficiency by saving time in user permission management.

This document details a script that generates compliance views named `pvl_cu_compliance` and `pvl_cu_compliance_clients` and grants access permissions to all currently active Automate users. The script can be run on any computer to create the views, after which it should be removed from the environment.

This document outlines a script designed to create views named `pvl_patch_cu_compliance` and `pvl_patch_cu_compliance_clients` within ConnectWise Automate, and to grant access permissions to all active users. The script can be executed on any computer to implement the views, followed by the removal of the script from the environment.

This document outlines a script designed to create a view named `pvl_Scheduled_Scripts` and to grant access permissions to all currently active users in ConnectWise Automate. It provides guidance on running the script and removing it post-execution.

This document outlines a script used for importing the SEC - Windows Patching - MySQL View, specifically pvl_v_windows_version_metrics. It is intended for a one-time run and can be removed after confirming the view's presence.

This document provides a comprehensive guide on implementing and removing the Network Firewall solution, detailing the steps required for installation and removal, as well as the processes involved in monitoring network firewall statuses. It includes important notes and troubleshooting tips for effective management of the firewall solution.

This document outlines the process to create an audit dataview for Domain Controllers focusing on the Netlogon RequireSeal registry key. It provides details on the registry key storage in the Serial Number column and includes settings for detection strings applicable to Windows operating systems.

This document outlines the role used to detect servers that have the Network Device Enrollment Service feature installed, including the settings and detection strings required for effective identification.

This document outlines the process for creating remote monitors that identify new or elevated domain administrators on Windows domain controllers. It details the necessary steps, system properties, and Extra Data Fields (EDFs) required for effective monitoring and alerting.

This document provides details about the custom field used to store and display results from the CW RMM - Task - New Domain Admins task, including dependencies, field descriptions, and sample values.

This document outlines the steps to create a monitor set that generates alerts for the infrastructure master when a new domain admin is detected. It includes dependencies, detailed instructions, and screenshots for each step of the process.

This document outlines the implementation of a PowerShell script for retrieving information about newly created domain administrators and users added to administrative groups on domain controllers. It includes scheduling instructions, dependencies, and a detailed step-by-step guide for setting up the task effectively.

This document outlines a solution to monitor for newly created or promoted domain admins within an Active Directory environment and generate alerts accordingly. It includes associated content and implementation steps to ensure proper setup and functionality.

This document outlines an internal monitor designed to detect when a new Super Admin permission is provisioned to a user, ensuring better oversight and security in user management.

This document outlines the functionality of an internal monitor that detects machines with zero available patches in the patch inventory, ensuring better management of system updates and security.

This document outlines a PowerShell script that detects machines that are not joined to a domain. It includes a detection string and settings relevant for Windows operating systems, providing a clear method to verify domain status.

This document outlines the process to detect and disable the NTLMv1.1 protocol, including associated content and implementation steps to ensure proper security measures are in place.

This document provides a detailed guide on checking whether NTLMv1.1 is enabled on managed Windows machines. It includes suggested configurations for alerts, dependencies, and import instructions for remote monitoring.

This document outlines a dataview designed to check the status of NTLMv1.1 on endpoints, highlighting the security risks associated with its use and providing implementation steps for monitoring. It emphasizes the importance of disabling NTLMv1.1 to protect sensitive information from unauthorized access.

This document details a script that utilizes O365 admin credentials to connect to O365 and audit users into a custom table. It highlights the requirements, process, and output of the script, which is designed for integration with the ProVal Dashboard for enhanced reporting capabilities.

This document provides a script to enable or disable Modern authentication for Office 2013 based on user input. It outlines the process, variables, and expected output, ensuring users can manage authentication settings effectively.

This document provides details on how to identify whether an agent has an Office 365 Update Channel set in the registry, including the detection string and applicable operating systems.

This document provides an overview of the Kaseya Onboarding Audit script, which performs an extensive audit of Kaseya VSA configurations and outputs the results to an Excel spreadsheet. It details the requirements, process, parameters, and output locations for the audit results, ensuring users can effectively utilize the script for auditing purposes.

This document outlines the procedure to disallow OneDrive from being used on endpoints through Local Security Policy. It includes a sample run log, the process used to achieve this, and the expected output from the agent procedure.

This document outlines the detection of machines with OneDrive User Folder redirection enabled, detailing the relevant settings and detection strings used to identify this configuration.

This document outlines the detection of a role on an agent where OneDrive folder redirection is enabled at a system policy level, including the necessary settings and detection strings.

This document outlines a method to detect servers that have the Online Responder Feature installed using a PowerShell command. It provides a summary of the detection process and the applicable operating systems.

This document describes a script that updates the Outlook options on a computer to open hyperlinks in the Default Browser. It modifies specific Windows registry values related to Outlook settings to ensure that hyperlinks within Outlook open using the Default Browser instead of Microsoft Edge.

This document outlines the role used to view the status of FileVault on Mac agents, including detection strings and applicable operating systems.

This document describes a Custom RAWSQL monitor that detects users whose passwords are set to expire within a week. It includes details on the alert template and necessary dependencies for proper configuration.

This document provides a comprehensive guide on creating professional patch management reports that clients can trust. It covers the purpose, example reports, included reports, associated content, dependencies, implementation steps, FAQs, and potential problems related to patch compliance reporting based on cumulative updates.

This document outlines a script that counts the number of patches that have not been actioned in any approval policy within a client environment. It highlights the time saved by automation and provides details on global parameters and the process involved in executing the script.

This document provides a detailed dataview of each KB, including its title, the operating system versions it impacts, and various statuses such as when it was added to the patch manager, approval settings, and the number of patch policies affected.

This document provides a detailed overview of a comprehensive patching report dataview, including essential columns such as patching configuration, patch status, and compliance metrics for effective machine management.

This document outlines the process of auditing locked-out user accounts, detailing the necessary dependencies, table structures, and SQL commands required to manage and retrieve information on both domain and local user accounts that have been locked out.

This document provides information about BitLocker key protectors that have been backed up to Active Directory. It includes details about the data gathered by the associated audit script, as well as the structure of the database table used to store this information.

This document provides detailed information about the Group Policy Object (GPO) security filtering for each GPO utilized in the Group Policy Audit script. It outlines the necessary dependencies and presents a table that describes the structure and components involved in the security filtering process.

This document outlines the structure and purpose of the Active Directory Weak Passwords Report, detailing the results from the RSM scripts that test for weak credentials in Active Directory environments. It includes information on dependencies, table structures, and SQL commands for creating the necessary database tables.

This document presents information on auto-approve category details related to approval policies. It is intended for use in creating a dataview called Approval Policy - Auto Approve/Ignore/Deny Audit, and outlines dependencies, views, and characteristics examined in the audit process.

This document outlines the process for storing the BitLocker recovery key retrieved from the associated script. It includes details on the dependencies, the structure of the data table, and explanations of the relevant columns related to the recovery key storage.

This document provides details on how to store and audit BitLocker configuration information on target machines, including the various parameters and statuses related to BitLocker encryption.

This document provides detailed information about the critical data collected from disk drives using the EPM Disk Agnostic Get-CriticalDiskInfo script. It outlines the dependencies, structure of the data tables, and the specific attributes recorded for each disk, ensuring effective monitoring and management of disk health and performance.

This document outlines the SSL Certificate Audit Solution, detailing the structure of the database table used to gather information on SSL Certificates for auditing and monitoring purposes. It provides an overview of the dependencies, table structure, and the specific columns included in the plugin_proval_certs table.

This document provides detailed information about the ConnectWise Control User Audit script, including its purpose, dependencies, and the structure of the data it stores regarding existing ConnectWise Control users.

This document provides a detailed overview of the denied patch table used for Windows patching, including its purpose, dependencies, and structure. It is essential for managing patches that should not be applied, ensuring system stability and security.

This document outlines the process of storing GPResult information gathered from the Group Policy. It details the dependencies required for the script, the database table structure, and the significance of each column in the context of Group Policy Objects (GPO).

This document stores information about applications that may be affected by Log4J vulnerabilities, including supplier details, product names, affected versions, current status, and relevant links for further information.

This document outlines the purpose and structure of a script that stores baseline information about Office 365 users. It details the dependencies and the schema of the database table used to store user data, including columns for ClientID, DisplayName, Email, IsLicensed, 2FAStatus, and ContactID.

This document provides detailed information about Windows restore points, including their storage, dependencies, and the structure of the data table that captures key attributes such as ComputerID, RestorePointDate, RestorePointDescription, and SequenceNumber.

This document outlines the structure and purpose of the database table used to store results from internet speed tests conducted by the EPM Network script. It details the dependencies, the columns in the database table, and their explanations to facilitate understanding and usage of the stored data.

This document outlines the purpose and structure of the super admin audit information used to monitor changes in super admin status. It details the dependencies and the database table structure for tracking super admin additions.

This document provides a detailed overview of the Bitlocker TPM Audit Table populated by the SEC - Encryption - Script - Bitlocker - Audit script. It outlines the structure and dependencies of the table, including the various properties captured from the Get-TPM command related to TPM management.

This document outlines the purpose and dependencies for the EPM - Data Collection solution that updates table data specific to the Unifi Controller. It includes detailed information about the relevant database tables and their structure.

This document outlines the structure and purpose of the Child of Solution, which holds network data for each Unifi Controller. It includes essential dependencies and a detailed table of the data fields associated with the Unifi wireless networks.

This document outlines the purpose and structure of storing Windows user profile information, detailing dependencies, and providing a schema for the user profiles table including user attributes and audit timestamps.

This document provides an overview of the structure and dependencies of the Windows Server Backup data storage table, detailing the various columns and their explanations for effective backup management.

This script checks the specified registry entries to determine if Point And Print is detected and whether it is set to a safe value. If the registry values are not set or are equal to zero, it reports that no action is required, ensuring system safety.

This document outlines a script that checks for necessary environmental conditions before executing other scripts. It verifies Admin Approval Mode, UAC settings, environmental path variables, and PowerShell version to ensure that the target machine meets the required criteria for successful script execution.

This document details a script that prevents browsers from prompting to save passwords by modifying the registry settings for Internet Explorer, Chrome, Firefox, and Edge. It includes options to enable password saving and remove currently saved passwords, along with sample runs and variable descriptions.

This document outlines a PowerShell script designed to lock password saving features in Internet Explorer, Chrome, Firefox, and Edge by modifying the Windows registry. It includes options to enable password saving and to remove saved passwords, with detailed instructions and a sample run for user guidance.

This document provides a comprehensive overview of the PrintNightMare vulnerability, detailing its dependencies, relevant CVEs, and a dataview that summarizes key information about affected clients and systems.

This document provides a detailed overview of the dataview that lists probe-detected machines with port 139 open, which may be missing the Automate agent. It includes information on the columns available, their descriptions, and the necessary dependencies for accurate data retrieval.

This document provides a detailed overview of a script designed to manage exclusions in thresholds for targets within a ConnectWise Automate solution. It explains how to implement global and computer-level parameters, including the ability to overwrite existing values. Sample runs and user parameters are included for clarity.

This document provides a comprehensive guide on using the Protect Screen Lock script to set a specified .scr file as the default screensaver for all users, manage lockscreen timeout settings, and handle domain exceptions using Strapper. It includes user parameters, task creation steps, and sample runs for effective implementation.

Documentation for the Protect-ScreenLock command to ensure screen saver settings are enabled and set to a specified timeout.

This document outlines a method to determine the maximum software version for various browsers, including Google Chrome, Microsoft Edge, Brave, and Opera, while excluding MacOS versions. It also provides guidance on selecting online computers that have been idle for over 1800 seconds and suggests using this with the Autofix running the Chromium Browser Update script.

This internal monitor is built to upgrade the DUO Desktop every month if a newer version is released. It also provides an option to install the application with the upgrade.

This monitor is designed to fetch the latest version of the DUO Desktop every month and store it in the system property DUO_Desktop_Latest_Version.

This monitor detects the online Windows 10/11 where the MSRT disable/uninstall EDF is checked and exclusions are not checked and ignores the agent where the disable/uninstall was already done.

This document provides a detailed overview of the configurable removal of potentially unwanted applications (PUAs) using an agnostic script. It includes sample run logs, variable descriptions, and the overall process for executing the script effectively.

This document outlines the CU Compliance Metrics Dataview designed for Windows computers with managed patch policies. It details the SQL query utilized, dependencies, and the structure of the data stored, focusing on computers that have been online in Automate within the past 30 days and are part of production patching groups.

This document outlines the SQL query view designed for the CU compliance metrics, focusing on Windows computers with managed patch policies. It details the data structure, dependencies, and the metrics calculated for clients based on their compliance with cumulative updates over a specified timeframe.

This table is build to store the folder redirection of users of the computers obtained from the script

This document provides details about the User login/logout data table, including its purpose, dependencies, and the structure of the pvl_login_logout_audit table with descriptions of each column.

This document provides a detailed overview of the patch configuration data table, including the structure, dependencies, and the specific columns used to store Windows Update settings. It outlines the types and explanations of each column, which include service startup types and branch readiness levels, as well as the data collection methodology from the Windows registry.

This document explores advanced techniques for script usage in PowerShell, including the use of variables, functions, and error handling to create efficient and robust scripts for various tasks.

This document provides details about the audit data collected for the removal of potentially unwanted applications (PUAs) using a specific script in ConnectWise Automate. It includes information on dependencies and the structure of the audit data table.

This document outlines the SQL query view designed to store and execute the schedules of scripts in ConnectWise Automate that may be improperly configured. It identifies recurring schedules running at excessive frequencies and highlights potential issues with script execution.

This document outlines the purpose and details of the Built-In Scripts Permissions, including the GUID and user class assignments for script access and editing. It also highlights dependencies and provides a table detailing the structure of the pvl_scripts_permissions table.

This document outlines the structure of the data table used for the Threatlocker Set Learning Mode script, detailing the key fields such as computer ID, learning mode duration, timestamps, user information, and status logs.

This document outlines the purpose and structure of a custom table designed to store data fetched by the WebP Vulnerability Report script. It includes details on dependencies and the schema of the table for managing vulnerable applications.

Identifies Windows machines where RDP is enabled or not completely disabled.

This document provides a detailed guide on how to re-register the Huntress Agent on Windows machines using a PowerShell script. It includes file hashes, dependencies, variables, client-level and location-level EDFs, as well as sample run images and output logs.

This script allows you to reboot a machine only if it falls within a specified time window, which is not configured by default. It ensures that reboots occur at appropriate times to minimize disruption.

This document details a script that reboots a machine only if it falls within a preconfigured time window. It includes setup requirements, process steps, and output logging information.

This document outlines the process to register a specified extension for the Firefox browser, specifically focusing on the N-Able Passportal extension. It includes sample runs, user parameters, dependencies, and output details to ensure a successful installation and protection from deletion.

This document provides a detailed guide on how to reinstall the Huntress Agent on Windows machines, including necessary dependencies, variables, and client-level and location-level EDFs required for the process.

This document describes a script that sends a popup message to the currently logged-in user, requesting them to leave their machine online for necessary patching and maintenance. The script helps ensure that systems remain available for updates, enhancing overall security and performance.

This script sends a popup message to the logged-in user, reminding them to reboot their machine if it has not been rebooted in the last 30 days. It is ideal for monitors that check machine uptime and require user action to maintain performance.

This document details the procedure to disable removable storage devices on endpoints, ensuring enhanced security by preventing unauthorized access to removable media. It includes notes on reboot requirements, example agent procedure logs, and the registry modifications necessary for implementation.

This document outlines the procedure to enable removable storage devices on endpoints. It includes a detailed agent procedure log example, the process of modifying registry settings, and expected output after execution.

This document provides an overview of a script designed to facilitate the removal of specified software packages from a computer system, including functionality for uninstalling bloatware. It outlines the necessary precautions, command execution steps, sample runs, dependencies, and user parameters for effective usage.

This document provides a detailed overview of a script designed to remove Automate Server Monitoring content from the environment, including options to remove the ProSyncClient Plugin. It includes user parameters, process steps, and warnings about the script’s potential destructiveness.

This document outlines the implementation of the agnostic Remove-BitdefenderEndpointSecurity script, detailing its dependencies, process, and expected output for removing Bitdefender Endpoint Security from target systems.

This document outlines a script designed to remove Intel L1TF and Intel Meltdown vulnerabilities from the Automate environment, detailing the process and expected output.

This document describes a process for removing roles that are still listed on machines but are no longer detected. The automation saves approximately 5 minutes of manual effort by running a SQL query to delete these outdated roles from the database.

This script uninstalls the SentinelOne agent from a Windows system. It dynamically detects the installation directory of the SentinelOne agent and executes the uninstallation process.

This document provides a detailed guide on how to delete a user profile and remove the associated user account in ConnectWise RMM. It includes sample runs, user parameters, task creation steps, and a PowerShell script implementation for the task.

This document provides a comprehensive guide on how to implement a script that removes a specified Wifi profile from a system using ConnectWise RMM. It includes dependencies, user parameters, task creation steps, and complete script details.

Documentation for the Remove-BitDefenderEndpointSecurity command to remove all Bitdefender Endpoint Security products from an endpoint.

Documentation for the Remove-McAfeeSoftware command to remove all McAfee products from an endpoint.

Documentation for the Remove-SentinelOne command to uninstall the SentinelOne agent from a Windows system.

Documentation for the Remove-Sophos command to completely remove the Sophos Agent Endpoint from the system.

Documentation for the Remove-UserProfile command to delete a user profile and remove the user account if local.

Documentation for the Remove-UserRegistryValue command to remove specific registry values for all users.

This document provides a detailed guide on using a script to repair the Huntress Agent on Windows machines, including file hashes, dependencies, variables, and client-level EDFs.

This document provides a detailed guide on how to run a PowerShell equivalent of chkdsk on any or all drives, with the option to repair if desired. It includes implementation steps for ConnectWise RMM users, user parameters, task creation instructions, and sample runs.

This document provides a detailed overview of the parameters required to clear overrides and reprocess policies in a SQL environment. It outlines the necessary credentials and server information needed for successful execution.

This document describes a remote monitor that checks Active Directory user login password age settings. It identifies users with passwords set to never expire and changes their settings to ensure compliance with a 90-day expiration policy. It also provides details on alerting and ticketing for failed password resets.

This document outlines a remote monitor designed to check the login password age of local users on Windows machines. If the password age is set to unlimited, the monitor will change it to expire and adjust the default user policy password age to 90 days. It provides output on users whose password age is set to Never Expire and details any failures in changing the password age.

Documentation for the Reset-KrbtgtKeys command to reset the KRBTGT Active Directory account password.

This document outlines a monitor that triggers a script to restore the key on Windows computers where the required patches for the Microsoft Support Diagnostic Tool vulnerability are installed. It includes dependencies and target information for effective implementation.

This document provides a detailed overview of a role that checks whether the Restore Point feature is enabled in the Windows registry. If enabled, the role applies the necessary settings to the machine in the ConnectWise Automate database, ensuring proper system restore functionality.

This document provides an overview of a RAWSQL monitor designed to detect machines where the restore point is currently disabled. It includes necessary dependencies and target specifications for effective monitoring.

This document outlines the process to restrict vendor access to clients in Automate, including the necessary configurations and steps to implement the solution effectively.

This document provides a detailed guide on removing the scheduled task that attempts to restart the VSA Agent every 15 minutes. This helps prevent VSA agents from going offline without notification, ensuring better management and performance of your VSA environment.

This document details the procedure for setting the screen lock timeout on an endpoint using the ProVal Agnostic Protect-ScreenLock script. It includes example logs, dependencies, and the process of implementation, ensuring proper configuration and execution.

This document details a script designed to set the "Vendor Restricted" custom property in the CW Control Portal, allowing for the restriction of machine access based on vendor settings. It outlines the necessary system properties, user parameters, and dependencies required for successful execution.

This document provides a detailed overview of a PowerShell script that creates a scheduled task to enable the screensaver for a specified number of seconds for all users. The settings will be applied at the next logon, ensuring a consistent user experience across the system.

This document provides a PowerShell script that sets a custom text as a screensaver on a Windows machine, including parameters for timeout and login prompts. It details the process of creating a scheduled task to apply the screensaver settings at the next user logon.

This document provides an overview of the dataview that lists all scripts in the environment, detailing their script folders, types, permissions, and other relevant attributes. It includes a summary of the columns available, such as script name, folder paths, permissions for viewing and editing, and additional script characteristics.

This document outlines a script designed for managing view and edit permissions for scripts within specific folders. It details the necessary system properties, user classes, and implementation steps to ensure secure access control.

This Component checks if secure boot is enabled or not.

This document outlines how to monitor for security event log event ID 4625, specifically checking for failed logon attempts where the occurrence count exceeds a specified threshold within the last 60 minutes. It includes details on modifying thresholds, alerting, and dependencies for effective monitoring.

This document outlines a monitor designed to detect potential threats from MimiKatz based on agent roles. It includes information on dependencies and the target environment, specifically focusing on Windows agents.

This document outlines a method to detect Windows computers where the BitLocker audit script has not executed in the past month and initiates its execution. It also details the necessary roles for Windows servers to support BitLocker and provides links to related SQL scripts for role import in Automate.

This document provides an overview of a dataview that enables auditing of TLS versions on endpoints. It highlights the importance of understanding which versions of TLS are enabled for secure communication between machines and servers. The document also outlines dependencies and provides a detailed description of the columns in the dataview.

This document outlines the setup and configuration of a Remote Monitor that alerts users when security events, specifically event 1102, are deleted or cleared within the last 15 minutes. It includes implementation details, dependencies, and ticketing information for effective monitoring.

This document provides a comprehensive guide on how to obtain the site key and URL associated with a target endpoint in ConnectWise Automate, and compare it to the value set in the Client-level EDF named "SentinelOne SITE_TOKEN". It includes variables, parameters, configuration, and output details.

This document outlines the process for verifying that computers are using the correct Sentinel Agent associated with their respective clients. It includes implementation steps, associated scripts, and monitors for effective management.

This document provides a comprehensive guide for deploying the SentinelOne agent, detailing the use of agent tokens at various levels, implementation instructions, and process steps to ensure successful installation and configuration.

This document provides a comprehensive guide on deploying the SentinelOne agent across Windows, Linux, and Mac machines, detailing the necessary tasks, scripts, and configurations required for successful installation and management of the agent.

This script automates the deployment of the Todyl Agent on Windows machines by downloading the latest installer, running the installation silently, and validating that the agent has been successfully installed.

This document provides a step-by-step guide to create a monitor in ConnectWise RMM that generates tickets when the SentinelOne Deployment task fails to install on machines. It includes details on dependencies, monitor setup, and configuration steps.

This document provides an overview of the custom field at the site level for storing the Sentinel Group Key, which is essential for grouping and managing endpoints according to logical criteria such as departments or security policies. It also includes details on dependencies, field specifications, and a visual reference.

This document provides a comprehensive guide on validating the SentinelOne Management Server against the settings configured for the Client in ConnectWise RMM. It outlines the task creation process, dependencies, and implementation steps to ensure proper configuration and monitoring of SentinelOne installations.

This document outlines a solution to identify computers where the installed SentinelOne Management server differs from the configuration set for the Client in ConnectWise RMM. It provides details on associated custom fields, dynamic groups, and implementation steps necessary to validate and manage SentinelOne installations effectively.

This document explains the configuration of the SentinelOne Site Key at the company level, which is essential for organizing and managing endpoints based on their network location. It includes details on dependencies, field specifications, and a screenshot for reference.

This script uninstall the Sentinel using the agnostic "Remove-SentinelOne.ps1" script.

This document provides a detailed overview of a script that configures the start type for specified services in Windows. It includes parameters, available start types, file hash information, sample run output, and variable descriptions for effective implementation.

This document describes a script that downloads Autologon.exe from the Sysinternals website and configures it to enable automatic user login after system reboot. It includes user parameters, process details, and expected output.

This document details the implementation of the agnostic script Set-LastLoggedOnUser for ConnectWise Automate, which manages the last logged-in user information displayed on the Windows login screen. It covers usage notes, sample runs, variables, user parameters, and output expectations.

This document provides a comprehensive guide on implementing a script to manage the last logged-in user information displayed on the Windows login screen. It covers parameters for clearing user data, setting a new last logged-in user, and options for rebooting the computer to apply changes.

This document provides a detailed overview of a script that configures logon auditing for success and failure events using auditpol.exe. The script is designed to run on a domain controller and ensures that logon auditing is enabled, facilitating better security monitoring and compliance.

This document provides a detailed overview of how to change the service login account for a target service in a Windows environment. It includes sample runs, dependencies, user parameters, and expected output files.

This document details a script designed to remove unnecessary registry values from the Windows Update settings and ensure specific keys are set correctly for optimal patching and rebooting behavior in ConnectWise RMM.

This document provides a detailed guide on setting registry values for Windows Update to ensure proper patching and rebooting functionality through ConnectWise RMM. It includes steps for removing unnecessary registry entries and ensuring required values are set correctly.

This document provides a script that removes any registry entries that may be preventing Windows updates and restores the default Windows Update settings, ensuring that updates are fully re-enabled for the user.

Documentation for the Set-LastLoggedOnUser command to set the last logged-on user in Windows.

This document provides a summary and details on a remote monitor that sets PSGallery as a trusted PowerShell repository if it is not already configured. It highlights the changes made to the systems, the target environment, and implementation steps, ensuring that users can effectively manage their PowerShell repositories.

Documentation for the Set-ServiceLogin command to change the service login account for a target service.

This document explains a script that removes the current LTCache on the Probe for a specific location, creates necessary credentials if they do not exist, and sets up a new LTCache. It also includes details on dependencies, variables used in the script, and the overall process, ensuring efficient management of LTCache settings.

This document outlines a script that records data related to Shadow Copy for individual systems into a custom table. It details the dependencies, system properties, process, and output of the script, including instructions for ensuring compatibility with blocking applications.

This document details a PowerShell script that enables shadow copies on the system drive by creating a scheduled task through Task Scheduler. It provides configuration parameters and outlines the process for setting up the script to automate shadow copy tasks at specified times.

This document outlines the process for downloading and installing the ShadowControl client on a target machine. It includes automatic subscription to the ProVal ShadowControl server and ensures the downloaded installer is deleted after completion. Note that this script is specifically designed for ProVal Shadow Control instances.

This document describes a script that collects detailed information about shared folder access, including share names, paths, types, user permissions, and access rights. The automation of this process saves approximately 10 minutes of manual work.

This document explains how to use the custom field to exclude all machines under a specific site from Threatlocker deployment. It provides details on the field name, type, default value, and editable status, along with a screenshot for reference.

This document explains how to mark a custom field to exclude a site from the Winget Update All Task creation, specifically for Windows 10 and 11 computers. It details the implications of marking this field and provides a description of the custom field settings.

This document outlines the process to monitor and disable SMB1, providing detailed steps for implementing associated tasks and monitors within the ConnectWise RMM platform. It includes links to custom fields and tasks that facilitate the detection and disabling of SMB1 on target machines.

This document outlines a role designed to check if SMB1 is enabled on endpoints. It highlights the importance of disabling SMB1 for security purposes and provides details on how to view the status of SMB1 across devices using a specific dataview.

This document outlines a dataview for detecting whether SMB1 is enabled on endpoints. SMB1 is deprecated and poses security risks, so it is essential to ensure that it is disabled on all machines. The dataview includes necessary columns for monitoring and implementation steps for effective management.

This document outlines the SMB1 Server Auditing Remote Monitor, which activates auditing for SMB1 connections and reviews event logs for client connection attempts. It serves to identify environments still using the SMB1 protocol before disabling it.

This document provides an overview of the Global Dataview that displays every Windows machine in the environment and indicates whether the Umbrella_RC service is installed, suggesting that OpenDNS is being utilized. It aims to assist Managed Service Providers (MSPs) in optimizing their licensing and deployment of the Umbrella agent based on the machines’ connectivity and requirements.

This document provides a dataview to identify machines with Open DNS (Umbrella Agent) installed and checks for the presence of a wireless network card. It aims to help in finding devices unnecessarily using Open DNS when configured at the router/firewall level. By identifying endpoints without wireless capabilities, organizations can reduce costs associated with the Open DNS solution.

This document provides a comprehensive overview of well-known remote access software installed on systems. It includes detection capabilities for various popular remote access tools, along with a detailed column description of the data collected.

This document outlines an internal monitor designed to check machines for installed antivirus software, specifically excluding those where the Webroot plugin is set to auto-deploy. It includes prerequisites and target deployment information.

This document outlines a solution for deploying Webroot and auditing keycode status for partners experiencing issues with the Webroot plugin. It includes associated scripts, monitors, and dataviews necessary for effective implementation and management of Webroot security.

This document describes a script that reboots a Windows machine into safe mode and modifies the registry keys related to tamper protection for systems with Sophos Tamper Protection enabled, ultimately streamlining the process of disabling this feature.

This document provides a detailed overview of a script designed to uninstall the Sophos endpoint from a Windows-based device, including prerequisites, processes, and expected outcomes. The script verifies the status of Sophos Tamper Protection and ensures a clean uninstallation process, followed by a system reboot.

This document provides a comprehensive guide on removing the Sophos Endpoint Agent from an endpoint, including example logs, dependencies, and the process involved in the uninstallation. It details the use of SophosZap and necessary configurations for successful removal.

This document outlines a monitor designed to track Windows agents with Bitlocker enabled, specifically focusing on those where key data has not been gathered for over 30 days. It includes dependencies for script execution and custom table integration for effective key retrieval.

This document outlines a monitor that runs on BitLocker-enabled machines to check if the key retrieval date is older than 30 days, ensuring compliance and security for your systems.

Sync Passwords from ConnectWise Automate to ITGlue

This document provides a comprehensive guide for technicians on how to detect and lockdown machines marked as stolen within a ConnectWise Automate environment. It includes implementation steps, associated scripts, and internal monitors to effectively manage stolen systems.

This document provides a comprehensive guide on installing Cisco AnyConnect along with its desired components using an agnostic script. It includes argument options, implementation steps, sample runs, dependencies, user parameters, and the overall process of execution.

This document outlines the process for installing the Symantec Agent on a Windows machine using a script. It includes details on dependencies, the installation process, and the expected output, highlighting the time saved by automation.

This document provides a PowerShell script designed to uninstall Symantec Endpoint Protection from a target machine, detailing the process, dependencies, and expected output.

This document outlines a PowerShell script that sets firewall rules for Microsoft Teams users, excluding public users and specific administrative accounts. The script checks the PowerShell version, executes the necessary commands, and logs the results for review. It aims to streamline the process and save time in user management.

Documentation for the Test-WeakCredentials command to identify users with potentially compromised passwords by querying known password hashes.

This document outlines a script that retrieves API keys from the client password tab to enable learning mode for ThreatLocker. It includes details on dependencies, variables, parameters, and instructions for use, ensuring secure handling of API keys.

This document outlines the process of setting ThreatLocker to learning mode using an API, including auditing details such as duration, status, and user information. It provides implementation steps, associated scripts, and FAQs for effective usage.

This script installs the ThreatLocker agent on Windows and Mac operating systems.

The Purpose of this solution is to deploy a threatlocker agent on both Windows and Mac machines.

This script will check for ThreatLocker and attempt to install if not present on Windows Machines. It matches the organization to the client name. If no match is found, it will create the company in the Threatlocker Portal. By default, servers will be installed into the Servers group, and workstations will be installed into the Workstations group

This document outlines the process for deploying the Threatlocker agent on both Windows and Mac operating systems. It includes necessary custom fields, device group creation, and task deployment steps to ensure successful implementation.

Triggers the auto-deployment script for Threatlocker on Macintosh machines where deployment is enabled

Triggers the auto-deployment script for Threatlocker on Windows machines where deployment is enabled

This script deploys threatlocker agent on Mac machines

This solution is designed to configure the automatic deployment of the Threatlocker Agent on Windows and Macintosh machines that are missing the agent, using the NinjaOne platform.

This document provides a detailed overview of a script designed for creating tickets based on missing patches in a ProVal environment. It outlines the dependencies, process, and an example of a generated ticket, emphasizing that the script should be monitor-driven and not manually executed.

This document outlines how to check if an agent has TLS 1.0 enabled, including the necessary detection string and applicable operating systems. It provides a clear overview of the settings required for proper verification.

This document outlines a role that detects machines with TLS 1.1 enabled, providing necessary settings and detection strings for system administrators.

This document provides a method to determine if the endpoint is using TLS version 1.2. It includes details on how to access the relevant data in the dataview under @Security - TLS Status, along with the necessary detection string settings for verification.

This document provides a method to check the Windows registry for the TLS 1.3 Client settings. It outlines how to determine if the TLS 1.3 protocol is enabled by checking the registry value and includes related roles, scripts, and dataviews for comprehensive management of TLS settings.

This document outlines the purpose and details of a remote monitor designed to check and return the Enabled TLS Client version on Windows computers. It includes guidelines for usage, target systems, and import instructions.

This document outlines the setup and usage of a remote monitor designed to check and return the enabled TLS server version on a computer. It details the requirements, cautionary notes against alerting, and suggestions for implementation in managed Windows environments.

This document provides an overview of a script designed to retrieve detailed information about the Trusted Platform Module (TPM) configuration on an endpoint. It outlines the script’s functionality, dependencies, variables, and the expected output, including sample runs and process descriptions.

This document provides detailed information about the TPM configuration on endpoints, including the status of TPM readiness, presence, and various security levels associated with the TPM on each client machine.

This document outlines the detection of User Account Control (UAC) settings on Windows 10 systems through specific registry checks performed by agents. It includes the detection string, comparator, result, and applicable operating systems.

This document provides an overview of how to determine if an agent has the Unified Writer Filter enabled, including the necessary detection string and applicable settings for Windows operating systems.

This document provides a comprehensive guide on running the Remove-Sophos.ps1 script on Automate managed devices, detailing prerequisites, parameters, and expected outcomes for successful execution.

This document outlines the purpose and dependencies of the Windows Duo Agent Exclusion Monitor, which is designed to detect Windows machines with Duo installed and manage exclusions based on client, location, or computer-level settings.

This script uninstalls the Evo Credential Provider from Windows machines.

This document provides a detailed overview of a script designed to uninstall the Huntress Agent from both Windows and Macintosh machines, including dependencies, variables, and sample run output.

This document provides a detailed guide on uninstalling the SentinelOne agent from Windows machines, including requirements for Tamper Protection or a passphrase, and handling reboot scenarios based on the uninstallation status.

This document provides a detailed guide on how to identify and uninstall the SentinelOne agent using a script. It explains the requirements for uninstallation, including the use of a passphrase and the necessary steps to disable tamper protection if needed.

This document provides a comprehensive guide on how to uninstall the SentinelOne agent from a Windows system, including steps for handling Anti-Tamper features. It outlines the requirements, process, and payload usage for executing the uninstallation successfully.

This document provides a script for uninstalling Sophos Endpoint Protection from both Mac and Windows computers. It requires disabling tamper protection on the machine prior to execution. The document includes details on sample runs and output logs.

This document provides an overview of a script designed to install specified patches on Windows machines, detailing parameters for rebooting, sample runs, and expected output logs.

This script identifies unknown user-profiles and generates a ticket containing their details. If the computer’s domain trust relationship is broken, the script will create a ticket indicating the broken trust relationship instead of listing unknown user profiles. Note that PowerShell 5 is required to run this script, and domain controllers are excluded from its scope.

This document provides an overview of the internal monitor that identifies machines with unknown user profiles. It details the dependencies required for functionality, the target audience, and the alert template for ticket creation when unknown user profiles are detected.

Enabling this custom field will activate the detection of Unknown or Cached user profiles for the company.

The group manages the supported computers for companies that have enabled the Unknown User Profiles Detection custom field.

The solution is designed to detect and manage unknown or cached user profiles. These unknown user profiles can occupy significant disk space on the computer. The primary objective of this solution is to identify these profiles to free up unnecessarily used drive space.

This document provides detailed instructions on how to disable Bitlocker protection on one or all volumes. It includes sample runs, dependencies, user parameters, task creation steps, and script execution details.

This document outlines a monitor set designed to identify services with unquoted paths on Windows machines. It checks for spaces in the service path and ensures proper quoting to enhance security. An Autofix script is provided to automatically correct these paths.

This document outlines a script designed to detect and fix unquoted service paths on a machine. It details the process of running a PowerShell script to properly quote service paths, ensuring system security and stability. The script is intended to be called by the ProVal monitor set for effective service management.

Documentation for the Unregister-FirefoxExtension command to remove and optionally block the reinstallation of a Firefox extension.

This document outlines the implementation of a monitor designed to detect if a Huntress Agent has become orphaned, meaning it has not communicated with the Huntress portal for over 30 days. It includes details on suggested alert settings, implementation steps, and ticketing information for unresponsive agents.

This document provides a summary of Extradatafields that have either never been populated with data or have never been modified from their default values. It includes a detailed description of each column associated with the Extradatafields, outlining their properties and functionalities.

This document outlines a script designed to transfer members of the Restricted Machines group in ConnectWise Automate to an equivalent permission set in ConnectWise Control, including manual setup requirements and detailed variable documentation.

This document describes a monitor that renames the reboot file used by the Windows Update Orchestrator to prevent unwanted reboots. It also ensures that the UsoSvc service is enabled and running, providing a safeguard against interruptions caused by automatic updates.

This document outlines the purpose and steps to update and audit the PowerShell version for older operating systems, ensuring compliance and security by detecting outdated versions and facilitating updates.

This document provides a comprehensive guide on how to install or update the PowerShellGet module to the latest version available in the PowerShell Gallery, including sample runs, dependencies, task creation steps, and script execution details.

This document outlines a script that launches the Get-UnifiController.ps1 file from the registry to filter and populate data into various tables related to the Unifi Controller. It includes sample runs, dependencies, variables, process steps, and output logs.

This document outlines a monitoring solution that detects online Windows machines based on specific operating system criteria. It ensures that only supported versions are monitored and provides details on ticketing for failures related to updating the WinRE partition.

Documentation for the Update-VeeamVulnerabilitiesPatch command to patch Veeam vulnerabilities in Versions 11 and 11a.

This document provides an overview of the Update Veeam Vulnerabilities Patch, detailing the requirements, process, payload usage, and output locations for effectively patching vulnerabilities in Veeam versions 11 and 11a.

This document provides an overview of the process to update monitoring exclusions for agents in VSA using automation. It details the requirements for the VSAAPI module, the parameters for executing the script, and examples of how to use the script for on-demand and scheduled updates. The payload usage section illustrates how to manage exclusion settings for agents, groups, and organizations effectively.

This document provides detailed instructions on updating the WinRE partition on deployed devices to address security vulnerabilities identified in CVE-2024-20666 by pushing the KB5034957 update. It includes associated scripts, dataviews, and monitors necessary for implementation.

This document provides a comprehensive overview of the User Login/Logout Audit DataView, detailing user activity related to login and logout events. It includes dependencies, a description of the columns present in the DataView, and insights into user interactions with the system.

This document provides details on a script that audits locked accounts, captures relevant data from security event logs, and stores this information for future reference. It includes sample runs, dependencies, variable documentation, and process descriptions.

This document details a script that retrieves user profile information at the machine level, including user type, admin status, password status, profile size, last logon time, and audit timestamps. It outlines the dependencies, process, and output of the script, as well as the time saved through automation.

This document provides an overview of the Get User Profiles script, which gathers information about user profiles and stores the data in a custom table. The script is not supported on Windows Domain Controllers or deprecated versions of Windows, and it includes details on file hashes, sample runs, dependencies, and output generated by the script.

This document describes a script that deletes a user profile and removes the local user account. It emphasizes the destructive nature of the script and provides information on the necessary parameters and dependencies for successful execution.

This document provides a detailed overview of a script that removes a user profile from an endpoint. It includes prompts for user confirmation and the username to remove, along with an example agent procedure log demonstrating the script in action.

This document provides a summary of the User Prompt for Reboot solution, detailing its dependencies, the columns tracked in the dataview, and the specific attributes related to computer reboot prompts. It covers critical information such as the number of prompts sent, last reboot time, and system properties that govern the behavior of the reboot prompts.

This document outlines a script that creates the SQL table “@plugin_proval_usersessions” if it does not exist, audits the current active sessions on a target machine using PowerShell, and updates the details in the custom table. It includes a summary, sample run, dependencies, variables, process steps, and output details.

Documentation for the User-Audit command to retrieve specific or multiple users auditing for information username, sids, and status

This document provides a detailed guide on restoring profiles for active users within the ConnectWise Automate environment. It outlines the steps necessary to ensure a smooth restoration process and maintain user productivity.

This document outlines a script designed to place virtual machines hosted on a Hyper-V Host into Maintenance mode for a duration of 60 minutes. During this period, alerts will be suppressed, and script execution will be limited on the affected virtual machines, ensuring a smooth maintenance process.

This document outlines the necessary parameters required for using VSAToolbox, a set of tools designed to interact with a Kaseya VSA server API. It includes details on dependencies, example data, and the correct format for API arguments.

This document outlines the process of pushing custom fields to targeted machines or endpoints from the organization’s custom field set within Kaseya VSA. It includes details on updating machine records for patching, antivirus, monitoring, and third-party fields, along with the required parameters for executing the update.

This document provides a guide on how to update the PVALOrgAgentCounts table for reporting purposes. It includes parameters such as server address, username, and password required for SQL access.

This solution is designed to configure the automatic deployment of the Vulscan Discovery Agent application on Windows and Macintosh machines that are missing the agent, using the NinjaOne platform.

This document provides a detailed overview of a script that tests hashed credentials in Active Directory against known compromised or weak lists. It outlines dependencies, user parameters, global parameters, and the expected output, ensuring users can effectively utilize the script for auditing purposes.

This document outlines the process of utilizing the Test-WeakCredentials script to assess hashed credentials in Active Directory against known compromised or weak password lists. It includes setup instructions, user parameters, and implementation guidelines for effective password security audits.

This document outlines a solution for detecting users with potentially compromised passwords by querying known password hashes. It includes details on custom fields, device groups, monitors, and tasks necessary for implementation in ConnectWise RMM.

This document provides a detailed guide on implementing a monitor that creates a ticket when accounts with weak passwords are detected on domain controllers. It includes dependencies, target specifications, and step-by-step implementation instructions.

This document provides a dataview of the installed web browsers on machines, detailing the status of Internet Explorer and listing various browsers under auditing, including Firefox, Chrome, and others.

This document outlines the dataview for presenting critical information regarding vulnerable applications sourced from the custom table pvl_webp_vulnerable_apps. It details the dependencies, columns, and data collection processes related to the WebP Vulnerability Report script.

This document outlines a script that compares installed applications against a JSON file containing known vulnerabilities in Electron applications. It retrieves the application name and version, along with vulnerability status, and presents this information in a dataview titled WebP Vulnerability Report. The accuracy of the data may vary, and human judgment is advised for interpretation.

This document outlines the process for identifying computers with vulnerable applications installed, based on a JSON file. It includes warnings about the accuracy of the data and provides associated content for implementation. Human judgment is advised when interpreting the results.

This document provides a detailed overview of a script designed to boot a machine in safe mode and completely remove Webroot from the target machine. It includes a summary of the process, a sample run, and the expected output, ensuring users can effectively utilize the script for uninstallation.

This document outlines the steps required to uninstall the Webroot application from endpoints using Kaseya VSA. It includes implementation details, required dependencies, and expected output logs for both successful and failed uninstallation attempts.

This guide provides step-by-step instructions on how to log in to the Webroot Portal and manage entities, including creating custom groups and obtaining necessary codes for Webroot agent deployment.

This document outlines a solution for auditing Webroot KeyCodes and monitoring for mismatches. It includes associated scripts, dataviews, and monitors to ensure compliance and alert on discrepancies.

This document provides a comprehensive guide on the updated script for managing Wi-Fi profiles, including features for adding, removing, and auditing profiles on end machines. It highlights the necessary updates, implementation steps, and associated content to ensure effective management of Wi-Fi profiles while enhancing security.

This document provides a comprehensive guide on a script designed to enable or disable the administrator account on Windows machines, excluding domain controllers. It outlines the necessary parameters, process flow, and troubleshooting steps to effectively manage admin account settings across client workstations.

This document provides a detailed overview of the Set Admin Account script, which creates or updates a target admin user on a domain controller or local machine and saves the credentials to the passwords list for the Automate client. It includes usage instructions, parameter details, update notices, and sample runs.

This document outlines a script that automates the creation of tickets or sending email notifications when a client-level Local Admin password is updated. It ensures partners can manually update their password management tools as notifications are received. The document also includes update notifications, system properties, and sample output details.

This document outlines a dataview that displays the eligibility status of machines for implementing Bitlocker, including whether it is enabled and the necessary dependencies for proper functionality.

This document provides a summary of a dataview that displays Bitlocker recovery keys collected by the Bitlocker - Key Retrieval script. It outlines dependencies, the columns included in the dataview, and their descriptions, helping users to understand the data presented.

This document provides a comprehensive overview of how a computer is domain joined, detailing the different types of domain join statuses including Azure AD, Hybrid, DRS Joined, On-Prem, and Not Joined. It includes dependencies and a detailed column description for better understanding.

This document outlines a script used to create and set a local Administrator password for a client, detailing the variables, parameters, and process involved. It highlights time savings achieved through automation and provides a sample run for reference.

This document provides a detailed dataview that shows whether RDP is enabled or disabled on agents, based on their dependent roles. It includes important information such as client name, location name, computer name, operating system, agent status, and RDP status. Note that the dataview reflects role-dependent changes and may not show immediate status updates.

This document outlines the detection of Remote Desktop Protocol (RDP) enabled on agents. It provides the detection string, comparator, result, and applicable operating systems for effective monitoring and management.

This document provides an overview of the Restore Point status for workstations, detailing the dependencies, columns, and descriptions related to the Restore Point functionality.

This document provides a detailed dataview displaying information about the latest Windows rollup update that has been installed on various machines, including details such as client name, location, computer name, agent type, operating system, Windows version, latest rollup patch, and last contact with Automate.

This document provides a comprehensive overview of the latest rollup installation details on domain controllers, including dependencies, columns of data collected, and the significance of the information gathered.

This document provides a detailed guide on how to set the active desktop wallpaper for all users from a local path or a URL. It includes options for enforcing the wallpaper on user login and resetting to previous wallpapers, along with user parameters and expected output.

This document describes a script that enables or disables various versions of TLS (v1.0, v1.1, v1.2, v1.3) by updating the Windows registry. It includes user parameters for configuration and a sample run demonstrating the script in action.

This document provides a detailed overview of a dataview that helps you audit User Account Control (UAC) status on machines using a specific script. It outlines the dependencies, columns, and descriptions necessary for effective auditing.

This document provides a comprehensive guide on implementing a script to set the active desktop wallpaper for all users from a local path or a URL. It includes options for enforcing the wallpaper on login and resetting to previous wallpapers.

This document provides a detailed overview of a Dataview that displays the number of Windows 10 and Windows 11 machines categorized by their build number (ReleaseID) along with calculated percentages of machines on each version compared to the total. It includes filters, summary rows, and insights into Microsoft support status for various Windows versions.

This document outlines the process for initiating a Windows 10 feature upgrade on a target endpoint without forcing a reboot. It includes a summary of the procedure, sample run logs, and the expected output, while highlighting the importance of data loss during the upgrade process.

This document provides a detailed guide on how to install Windows 11 from a target ZIP file or ISO, including sample runs and user parameters. It covers necessary dependencies and provides download links for the required files.

This document outlines a method to determine if Windows Defender Advanced Threat Protection (ATP) is enabled on a device. It includes settings and detection strings necessary for the evaluation.

This document outlines a monitor set designed to identify Domain Controllers missing the designated Domain admin account and those with outdated passwords. It provides customization options through system properties and client-level Extra Data Fields (EDFs), enhancing adaptability to various requirements.

This document outlines a solution for establishing a centralized domain admin for each domain, implementing a password rotation mechanism, and enhancing security and management of domain admin credentials.

This document outlines the process for categorizing Windows 11 computers where the Feature Update Install with Tracking script has failed due to a Compatibility Check Error. It includes criteria for selection and steps for creating a dynamic group in ConnectWise RMM.

This document provides a detailed overview of a script designed to disable the Windows Firewall for all profiles, including public, domain, and private. It outlines the process of executing the script, sample run visuals, and expected output logs.

This document provides a script that enables the Windows firewall for all profiles, including public, domain, and private. It outlines the process, expected output, and time saved by automation, enhancing system security efficiently.

This document outlines a method to detect if the Domain profile of the Windows Firewall is enabled on a Windows operating system. It includes the detection string, comparator, and applicable operating systems.

This document provides a detailed guide on enabling Windows Firewall for both Public and Private Networks, including example logs and process explanations.

This document provides a detailed overview of a script designed to disable firewall notifications for all users on a Windows system, streamlining user experience and enhancing system management.

This document outlines a role for detecting whether the Private firewall is enabled on a machine. If the firewall is active, the role is applied to the machine within the ConnectWise Automate database. It includes specific detection strings and settings for implementation.

This document outlines the process to determine if the Windows Firewall is enabled to the "public" setting. The data can be accessed through the dataview: @Windows - Firewall Status, providing insights into the firewall configuration for security purposes.

This document provides a method to check if the Firewall service (mpssvc) is running on online computers, ensuring that the necessary security measures are in place for both servers and workstations.

This document outlines a script that disables Windows Hello for Business by modifying the registry key to prevent its use. The automation process is designed to save approximately 10 minutes of manual effort, streamlining the configuration for users and administrators.

This document outlines the purpose and functionality of a monitor set designed to identify Windows machines that lack a designated local admin account or have outdated passwords. It details the customizable UserName and Password age parameters, dependencies, and the alert template for executing necessary scripts.

This document outlines a solution for establishing a centralized local admin user for each client or computer, implementing a password rotation mechanism to enhance security, facilitate management, and mitigate risks associated with static local admin credentials. It includes implementation steps, update notices, and FAQs.

This document outlines a role that utilizes PowerShell to retrieve the Windows Product key and verify its format, ensuring it adheres to the specified regex pattern. It includes detailed settings and applicable operating systems for effective implementation.

This document outlines how to determine if an agent is functioning as an RDS Gateway server, including the necessary detection string and applicable settings for Windows operating systems.

This document provides a detailed procedure for disabling Windows Update through registry modifications. It includes example logs from the agent procedure, outlining the steps taken to change registry settings and verify success.

This document provides a comprehensive overview of Windows Update history for agents, detailing the various columns of information such as client name, operating system, patch details, and installation status. It also lists dependencies for effective auditing and management of Windows updates.

This document details a dataview that displays the number of Windows 10 and Windows 11 machines categorized by their build number (ReleaseID), along with calculated percentages of machines on each version against the total number of Windows devices for each client. It includes filters and summarized rows for better insights into Windows OS support status.

This document provides a detailed overview of how to audit local admin group members using a script. It includes dependencies, a summary of the functionality, and a description of the columns used in the dataview for effective local group management.

This document outlines a procedure for collecting WinSAT scores on endpoints using custom fields and PowerShell commands. It includes detailed logs of actions taken and results obtained during the execution of the procedure, providing insights into the performance of system components such as CPU, memory, graphics, and disk.

This document provides a detailed overview of a script that allows users to perform a factory reset on their Windows machine. It includes options for user prompts and forceful resets, along with variable definitions and expected outputs. Use this script with caution as it will erase all data.

This document provides an overview of an Internal Monitor that detects machines with the Search-MS Registry Key role, which is essential for remediating the CVE-2022-30190 MSDT vulnerability. It outlines dependencies and the target environment for the monitor.

This document provides a summary of endpoints with a valid Azure AD Connect Version and outlines dependencies, view filters, and export attachment details for auditing purposes.

This document provides a summary of all endpoints that have executed the Windows 10 Feature Upgrade (NoReboot) script and have not yet rebooted. It includes a detailed view of the filters applied to this report for better analysis.

This document provides a comprehensive audit of all Firefox extensions installed on endpoints, detailing the necessary dependencies and the structure of the data collected.