K1000 Scripts to Update Labels/Notes or use of Registry to track scripting commands
I'm looking to use KACE to automate some tasks like windows update reboots for users who haven't rebooted in a long time (we use both KACE and WSUS to manage windows updates). I have a PS script picked out that want to use. I want to either use the read/write registry features to track the scripting that has been done or Labels/Dynamic Labels. This way I can run scripts against a group and either use registry filters to control the action or use Labels to manage the actual application of the scheduled script. I've done a bit of searching and reviewing the documentation, but not seen anyone trying to accomplish either of these two tasks.
Read Add Remove registry seems pretty straight forward and possible, but not sure of any examples of this to prevent making any mistakes.
Alternatively, would be nice if I could use Script success/failure to add/remove a device from labels or maybe update notes so that dynamic labels could update.
Is there any way to accomplish either of these in KACE scripts?
Answers (3)
Top Answer
This all sounds like custom inventory and labels to me, so if you can see in the registry that a reboot is required, for example, setup a custom inventory item so that it is displayed in Inventory and therefore the device can be placed in a smart label based on the custom inventory field.
You can then target that label with the script to reboot.
Now if you also include a “breadcrumb” in you script, just the creation of a custom registry key or text file, then you can also setup a label based on that using another custom inventory field and again you can add machines to a label that ran the script successfully, so you can monitor the results of the script.
I agree with Hobbsy in that custom inventory rules (CIR) are a great way to manage what you have done to what systems. You then make labels that search your CIR for you keywords. I use the same key for all of the Kace work so I can make one rule pull that key.
Inventory\Software\KACE_Breadcrumbs
Gets the registry key breadcrumbs left by scripts.
ShellCommandTextReturn(C:\WINDOWS\System32\cmd.exe /C REG QUERY "HKLM\SOFTWARE\Kace\KBot Configuration\Uninstall0" /reg:32)
This is just a query so it can't do harm to the reg.
This shows up in the device entries under Software\Custom Inventory Fields.
[key value/name] [type] [data].
You can make the new CIR and then run the command on your device to check in and run just the custom items....for speed's sake.
"C:\ProgramFiles (x86)\Quest\KACE\kdeploy.exe" -custominventory
Then when you look in the device entry you will see the CIR and also if you go into the Inventory\Software you can search for your new CIR and see what devices have been touched by it.
I then make smart labels that pull needed text from the CIR. Keep in mind that what is displayed in Kace is not necessarily the actual text of the output. Kace truncates spaces and tabs in the web portal. If you are having issues where testing you label does not give you the results that you want, run the command on a sample device and get you text for the search from that device.
As an added bonus, add reg writes and reads to your scripts to give you feed back and process going forward. Set reg keys at the end of a remediation that verify will look for and you do not have to worry about running the same script twice in a cycle (until you change the breadcrumb).
Thank you both for your time. I'd mark you both with best answer if I could. Have a great one.