Blogs

[Report] All computers with a smartcard reader

Hi everyone, and sorry for my bad english :)

Recently i developed a method that extract all the pc in K1000 inventory that has a smart card reader and i've published it on GitHub.
We use a script, a custom invetory rule and finally we generate the report. 

How it works

  1. The vbs script executes a WMI query over the target device(s) and saves an output file named smartcard.txt (see below in the Setup section)
  2. The vbs script is scheduled and deployed to the target device(s) via K1000 Online KScript
  3. A K1000 Custom Inventory Rule reads the output file for every inventoried device and stores the information in the database
  4. A scheduled Report (choose your favorite format between HTML, CSV, PDF or Excel) returns only PCs with a smart card reader installed

Setup

The KScript

  1. Edit the script line 4 with the path where you want to save the output file. In our environment every PC has a “C:\Tools”directory for service purpose, so I decided to save the output there.
Set f = log.CreateTextFile("C:\Tools\smartcard.txt", 2)
  1. Go to your K1000 Dashboard, then go to Scripting and create a New Script (Choose Action / New)

  2. Name the script as your wish (for example: Check Smart Card Reader) and follow these steps:

Script Basic Settings

  • Type: Online KScript
  • Enabled: Yes
  • Deploy: one or some devices, all devices or to a Device Label, according to your needs in your environment
  • Windows Run As: Local System
  • Upload the smartcard.vbs as New Dependecy

Tasks

We want the script to run once in every PC, so we'll use a “checkmark” (the smartcard.txt) to verify that...

  • Verify: Verify a file exists...
    • C:\Tools\smartcard.txt
  • Remediation: Launch a program...
    • Directory: $(KACE_SYS_DIR)
    • File: cscript.exe $(KACE_DEPENDENCY_DIR)\smartcard.vbs
    • Wait for completion: Yes
  • On Remediation Success: Upload a file... (note: this step is not necessary and only for archiving purpose)
    • Directory: C:\Tools
    • File: smartcard.txt

...and Save your brand new script.

cIpcrH.png

The Custom Inventory Rule

  1. In the K100 Dashboard, now go to Inventory section, then go to Software and create a new Software entry (Choose Action / New)

  2. Name the rule as your wish (for example: IT Dep — Check Smart Card Reader) and follow these steps:

  • Publisher: IT Department (it's useful for further searches into the Software Inventory)
  • Supported Operating Systems: All the Windows OSs in your Inventory
  • Custom Inventory Rule: ShellCommandTextReturn(cmd /c type C:\Tools\smartcard.txt)

...and Save your new Custom Inventory Rule.

Rqposa.png

Now we need all our devices complete their inventory. The new Custom Inventory Rule creates a new entry in every device record managed by the K1000.

If a smart card reader has been discovered we'll have at least one “DeviceClass: SMARTCARDREADER” text iside the Custom Inventory Fields section into every device record in Inventory / Devices

Screenhot 3

Otherwise, if a smart card reader has not been discovered, we'll have no text

When all your devices has been inventoried and you're ready, jump to the next section

The Report

In the K100 Dashboard, now go to Reporting section, then in Reports and create a new Report (Choose Action / New)

Name the Report as your wish (for example: PCs with Smart Card Reader) and follow these steps:

Title and Topic

  • Category: Inventory
  • Topic: Device

Fields to Display

  • Device: System Name
  • Operating System Info: Name
  • User Information: User Name
  • Manufacturer and BIOS: System Model

Feel free to add and modify any other field, according to your needings.

Filters

Delete the default filter and create this:

Filter

Save your new report and try it.


Be the first to comment

Get Ready for GDPR Compliance

GDPR Compliance is Required by May, 2018 - Are You Ready?

GDPR is coming and it affects everyone. The fines for non-compliance are brutal.  Learn more about it from this wiki page and/or download the PDF datasheet:

Be the first to comment

Disable "Windows Welcome Experience" dialog during OS deployments

Recently I talked with Timokirch about a cosmetic issue when deploying new Windows 10 boxes with Quest KACE SDA/K2000:

Since the Windows 10 Creators Update (1703) a user is shown a pop up "Windows Welcome Experience"-window when she/he logs in for the first time (so when there is no user profile present yet).

This should not have any functional impact when deploying a new Windows 10 computer, but it hides other windows like the KACE SDA progress screen:



The ways of disabling this dialog are well documented here https://winaero.com/blog/disable-welcome-page-windows-10/ and here https://docs.microsoft.com/en-us/windows/configuration/windows-spotlight
I will focus on the way by setting the registry value of "SubscribedContent-310093Enabled" in the key "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" to 0.
This works well but if you want to disable that for the very first user login like for the KACE SDA post installation sequence user account that is used during OS deployment, you need to set this before any user logs on at all: before the first boot of Windows.

You can disable the "Windows Welcome Experience"-window by setting the mentioned registry value in the default user profile. The default users registry is completely stored in the file NTUSER.DAT that is normally located in C:\Users\Default\ in standard Windows setups.
Nevertheless, you can also apply this to your running PCs as well, not only in OS deployment.

In your KACE SDA/K2000 create a new midlevel task, this runs in KBE/WinPE mode after Windows setup or image application but before the reboot of the machine into the freshly installed Windows.

  1. Go to your library and create a new Post installation task of type "BAT Script".

  2. Be sure you switch the Runtime Environment to "SDA Boot Environment (Windows)".

  3. Enter this script in the "BAT Script" text box (you may need to alter the path to NTUSER.DAT if you have a different drive letter for Windows) :
    REG LOAD HKLM\TempHive "C:\Users\Default\NTUSER.DAT"
    REG ADD "HKLM\TempHive\SOFTWARE\Microsoft\Windows\CurrentVersion\ContentDeliveryManager" /v SubscribedContent-310093Enabled /t REG_DWORD /d 00000000 /f
    REG UNLOAD HKLM\TempHive

  4. Do NOT check "Reboot required", save your work and implement this mid level task to your scripted installation or image deployment.
    It's OK to place it anywhere in the midlevel sequence.

Of course, this method may be used to configure any other registry setting inside the default users profile as well.

A big thanks to Timokirch for testing this!

If you have any questions just leave a comment below.

Be the first to comment

How to Fix KACE labels have unwanted machines as members

Where I work we use labels with associated LDAP labels to choose machines and users on which to perform actions.  During testing of various LDAP lookups, and the fact that when we obsolete computers we don't let them check in one final time, over time the labels end up acquiring machines that shouldn't be there.  For example, while attempting to learn how to make an LDAP lookup for computers and users I ended up with 442 computers in labels that should have had 10 or less.  Not good!

The problem comes because we have a lot of machines that aren't on all the time, or are permanently offline.  Even if I correct the LDAP label the machines that aren't on will not get removed from the label because they never check in.  There are two ways I've found, with the help of Support, to deal with this.  The first, which they gave me, is to delete machines individually from the group.  You can do this by the following procedure:

  1. Go to Inventory, look up the machine, and click it to open its details.
  2. Scroll down to Activities, and then open Labels, then click the Manage Associated Labels button.
  3. Remove the label and save.
  4. Wait until the page refreshes (30-60 seconds).

If there are a LOT of computers you have to remove from a label then this is not a time-efficient task.  The solution is to delete and recreate the label.  Ready?  Here we go.

How to Rebuild a Kace Label

  1. Open four tabs or four web browser pages, log in to the K1000 on each tab/page, and go to the following locations (one per tab/page):  Labels, LDAP Labels, Inventory, and Scripts
  2. Create a Test label.
  3. Examine the label and note any scripts that are assigned to it and whether an LDAP label is assigned to it.
  4. Assign the associated LDAP label to the Test label.

  5. Go to Inventory, Devices, and use the View By, Label, and choose the label.

  6. Select all the devices, then click the Choose Action drop-down and click on “Remove Labels”.

  7. Select the label (there may be more than one, only remove this one) you wish to remove, then click the Remove Labels button.

  8. If any scripts are assigned to the label, go to scripts, find the script associated with the label and remove the label from it – then wait a minute for the database to catch up.

  9. Delete the label.

  10. Recreate the label.

  11. Go to the Test LDAP label and assign it to the recreated label.

  12. Re-assign the label to the script.

Comments and questions welcome.


Be the first to comment

Redshift Renderer for 3dsMax

I am adding this for two reasons:
1) Redshift's installer is complete shite.
2) There appears to be NO information out there on how to install Redshift silently.

https://www.redshift3d.com/

This is for version 2.5.51.

Specifically I run a render farm where this product is being used within 3dsMax 2018.
We use floating licenses.

The installation itself is simple enough:
installer_name.exe /S
xcopy "\\server\share\Redshift Renderer\redshift-licenseFile.lic" C:\ProgramData\Redshift\* /Q /Y /C /R

However this does not actually install any of the needed files with 3dsMax 2018.

copy /Y C:\ProgramData\Redshift\Plugins\3dsMax\2018\nt-x86-64\redshift4max.dlr "c:\Program Files\Autodesk\3ds Max 2018\Plugins\"
copy /Y C:\ProgramData\Redshift\Plugins\3dsMax\scripts\startup\* "C:\Program Files\Autodesk\3ds Max 2018\scripts\startup\"
copy /Y C:\ProgramData\Redshift\bin\redshift-core-vc100.dll "C:\Program Files\Autodesk\3ds Max 2018\"
copy /Y C:\ProgramData\Redshift\bin\OpenImageIO-1.6.17-vc100.dll "C:\Program Files\Autodesk\3ds Max 2018\"

This copies the required files into the proper locations.

Note that Redshift is only compatible with nVidia cards, so you need to limit your deployment to them.
Also if the nvidia driver is not new enough, this does not figure that out for you.
The jobs will fail.
And on those the only way I have found to figure that out if via running the install manually.

Tested on Windows 7 x64 machines exclusively.

Regards.
Mike Kirda

View comments (1)
Showing 1 - 5 of 3158 results