ProVal Tech reviews with you the new best practice from ConnectWise. Pushing out a PowerShell scriptlet on a schedule and through the RMM is the best, most accurate, method to alerting. This is how we can achieve this through Automate.
Step by Step:
Today I wanted to go over just a quick thing you can do with remote PowerShell monitors and a good way to basically utilize PowerShell in a remote monitor sense rather than requiring the internal monitor set. This does remove the database component it is now the recommended best practice moving forward from ConnectWise and also ProVal as well.
Let’s get into it, so a quick thing I can do is I would recommend doing this on a test group but, in this case, you can open up your managed 24x7 group.
The monitor that I’m going to be making is actually looking at domain controllers so it’s recommended that you filter this out which you can do is I would put it probably on your service plan group just so you have them all down here.
But what I can do is I can click add and in this case, I want to monitor the results of an executable. This really doesn’t matter too much because it’s going to be a little tricky, but if you copy and paste in this full command here (and it does look a little strange) but I’ll put it on screen here I’m just basically navigating to PowerShell’s directory.
I can actually execute this executable and then start passing through my commands so in this case I’m bypassing for this one-time run and then Dash command and then inside of here is going to be whatever PowerShell I need to run or want to run, and this can be almost as long as you want it. (Although it does get a little tricky it may crash out depending on how long or how many lines things like that so it might take some testing on your end)
In this case, what I’m going to be doing is copying in here and I’m actually going to run a get 80 user, and basically what I want is enabled to be default equals false and then I want to be able to format that as a list and then just select the name variable.
So that’s going to be the command I want to run, and, in this case, it should be really easy I’m going to use the missing component.
So, if no data comes back then the monitor counts as a success. If some data comes back it counts as an error or flag it for a ticket or whatever the action template is this gets a little tricky depending on how you are monitoring.
So maybe you want to do something like greater than or equal to or even like a regex match or does not regex match that kind of thing just to be a little more specific.
So in this case, I’m just going to hit next, I’m going to Target this group, and then five minutes is probably fine, you probably don’t even need it to run that often. In this case, I’m just going to leave it at that.
This is the screen you would say default, create ticket, and then you can say how many times you want it to fail before making a ticket so that’s always good in this case I wouldn’t leave it as do nothing I can always make that adjustment later.
Leave all of those the same and don’t forget the last step here: disabled accounts on domain controllers. This is going to be your monitor name I know it’s not super obvious but don’t forget it because it does look kind of strange if it comes down here as Agent name.
So once this is done here it didn’t let me do it through the wizard but we’re going to do is then say limit to search.
What we’re going to do is limit to search here so I did have to refresh for it to show and then right under the monitor name up here I can say limit two – now there are lots of searches in here but there should be one that has something like Microsoft roles or something like that.
We’re looking for domain controllers so it is server roles, server role hyphen, domain controllers that should give me what I need and I want to make sure I hit update because that will only apply that monitor where that limit two is selected so we’re not just looking at every server that’s in this group only those things and we also can see that if I scroll over to the right here limit two so all is everything in this group and this is like a sub search for what we’re actually wanting to apply the monitor for highly recommend that and the reason I like to do it on 24x7 is when I know where to come for a remote monitor if I’m going back and doing like an audit or something like that I definitely like to see everything here that just keeps everything kind of tidy as you’re managing the system itself.
So now if I double-click to open that monitor it does take some time for it to flush out to push out the actual install.
I will check-in once that comes up we should see some error result either success or fail and then it should have some data in there that we could then make tickets off of.
All right so I’ve got my monitor here the more astute of you may have noticed previously that I had entered the information incorrectly, so the above command here is the proper thing I forgot the hyphen filter before passing through an object here.
So, in this case, I am getting an error because I forgot the filter here so let me fix that.
So, on the configuration, if I test it now, this will come back as an error because this is the error that I’m getting. So, to fix that all I have to do is come back into the group, copy and paste this above line here, and actually make sure to include the dash filter, and then that should fix it, and then I just have to wait for it to resend out.
As I’m testing this, I should be able to pull back an error here so it should be failed but not for this reason, it should be pulling back like a guest account and things like that that you can then filter out via like regex match and things like that.
So, if that ever happens, I just closed out all the windows here all you have to do is come over to select your monitor, come over to details, and here just copy and paste the new things so making sure that its Dash filter, hit update, and that will update the command that’s running.
So, if I scroll this way out here, I can see that it did append that so now I just have to wait for it to flush down, flush down to the monitor itself and that takes you know sometimes five minutes so give it some time here, but it will update.
If you are impatient or you are just testing like a single script itself you can come in here and hit paste and then test and if I let that come back to this should be the new version once it does flush down the result here should say failed and then there’s a couple of accounts – the guest account and the KRBTGT account and so, in this case, it would make a ticket this would be the stuff inside the ticket which is super handy especially if you are trying to track down disabled accounts and things something like that.
But of course, this can be applied to tons of other PowerShell things that you want to run, this is just a good example of here’s how to basically audit your active directory in a remote-based manner so you are more or less doing a scheduled task but through an RMM system that can run on a schedule and then pull the data back and make tickets for you.