As the saying goes, “Ya know, you don’t know what you don’t know”. Instead of delving into the tautology of that statement, let’s just start right out describing seven features of PDQ Inventory that may have been lost in the cracks, fallen through the weeds, been forgotten, are brand new, or have otherwise gotten lost in another mixed metaphor. 
Invoke-Command and Remote Variables
Would you like to see PowerShell in action and ask questions live? Join us for our brand new PowerShell Live! webcasts starting on Tuesday, July 18th at 10:00 AM, MDT. Can’t join this Tuesday? You are in luck, we will be having these the 1st and 3rd Tuesday of every month. I’m looking forward to seeing you there!
Now, onto the topic at hand…
When using remote PowerShell, have you ever run into problems with variables having the correct value? If you have, then you are probably running into one of the most common problems that people run into with PowerShell: remote variables.
Deploy Packages using Slack
For those of you who don’t know, Slack is a team communication application and platform.
Conversations are organized into channels where team members can chat, call, and share files. But one of the coolest features of Slack is their support for third party integrations, which is exactly what we’re going to use today to build a custom slash command to deploy packages directly from Slack!
Disclaimer: This project is not production ready, it’s just for funsies.
Vaccinating All Your Network Machines Against NotPetya
As we and everyone else predicted, a variant of the WannaCry/WannCrypt has been released into the wild: NotPetya (early virus scans marked it as last year’s Petya, but it’s not).
We’ve been keeping a close eye on this throughout the day, and have come up with a package that could possibly prevent NotPetya infection. No, this isn’t a guarantee, and while it’s been confirmed by reliable sources (Amit Serper, Hacker Fantastic, Reddit’s /r/netsec), that doesn’t really mean it’s a sure thing, magic bullet, safe unicorn.
From what we’ve been able to gather from the sources above, the NotPetya ransomware looks for a file called perfc in the C:\Windows directory using a wildcard, perfc.* when installing itself. Note: you can create a perfc.dll, perfc.dat, and perfc.bin, etc. if you want to be super thorough, but no evidence suggests this provides any added benefit. (more…)
Inventory 13 now has Central Server!
Inventory 13 is available for download and now includes the Central Server!
If you’ve been using Central Server for Deploy 13 and you’ve been waiting for Inventory to get the same functionality, the wait is now over.
Enterprise customers can now concurrently connect multiple PDQ Inventory consoles to a single PDQ Inventory server. The number of concurrent connections is based on the number of licenses held. This allows all consoles to connect to the same database and share custom Collections, Reports, Scan Profiles, Custom Fields, Custom Variables, and even custom Tools.
To read more about how Central Server works in PDQ Deploy, see our previous blog on the topic.
Central Server Modes
Central Server is an optional mode of operation and not a component or feature. PDQ Inventory now offers three modes in which it can run. All components installed on that computer (console, CLI, and background service) operate in that same mode and it can only be in one mode at a time. The modes are as follows:
(more…)
Using PDQ Deploy to address Microsoft’s Security Advisory – June 2017
Security advisory? Didn’t we just go through this with WannaCrypt/WannaCry?! It just goes to show you, the job of a SysAdmin is never done.
Although not related to WannaCrypt, Microsoft has just announced a Security Advisory related to vulnerabilities that are at heightened risk of exploitation. For supported operating systems, the patches for these vulnerabilities are already included in our PDQ Deploy Package Library with the Monthly Rollup, Security-only Updates, and Cumulative updates packages. However, PDQ.com no longer supports Windows XP, Windows Vista, Windows 8, or Server 2003 and we no longer create packages for them. But, you didn’t think we’d leave you in a lurch, did you?
Adding Custom Fields to Multiple Computers with PowerShell
Here’s a quick demo of how to quickly update all your computers in PDQ Inventory to have a new Custom Field. We’re going to look at adding Custom Fields to multiple computers with PowerShell and the PDQ Inventory Custom Fields Import Wizard. (Pro or Enterprise mode required for Custom Fields.)
Normally, the Custom Fields Import Wizard is used within PDQ Inventory itself (more info here); but, fortunately, the PDQ products have command line interface (CLI) utilities to help us do this with PowerShell as well.
Because PowerShell.
(more…)
How to Use WinDirStat to Remotely Keep Tabs On Disk Usage
Much like the humble hamburger, WinDirStat is one of those life-changing events that walks into your life and you love it freely. When you combine the power of WinDirStat and PDQ Inventory, you can create an awesome tool combo.
Mmm, hamburger WinDirStat.
Although you may not realize it, WinDirStat can be called from the command line.
So, what does this mean? And, why is that important to you?
Well, that means that you can specify a remote target for WinDirStat to start scanning.
Furthermore, it means we can create a tool in PDQ Inventory to scan all the things! (Custom Tools require Pro or Enterprise mode.)
Managing offline computers with Heartbeat Trigger
Much like our own heartbeat, the heartbeat trigger feature in PDQ Deploy and PDQ Inventory can really save your bacon. In fact, the heartbeat trigger helps solve some common issues that system administrators often run into:
- Staying late to get software installed.
- Dealing with laptops that come and go.
- Handling machines that get turned off over the night or weekend.
Now, there’s an easier way to manage all of these situations (and more!) with an easy-to-use feature that is in both PDQ Deploy and PDQ Inventory.
Disable SMBv1, Considerations and Execution
This post begins with a warning about disabling SMBv1, a scary warning that should cause cold, bone-chilled sweats and nightmares of a post-apocalyptic future fit for neither man nor beast; and you should read this dire warning right after reading this sentence you are now reading.
Warning, Achtung, Mise en Garde, Peligro, Pericolo
Disabling SMBv1 without thoroughly testing for SMBv1 traffic in your environment can have unintended consequences, up to and including a complete suspension of all network services, denied access to all resources, and remote authentication failures (like LDAP).
We simply cannot stress enough, even when using BOLD UNDERLINE ALL-CAPS WARNINGS that disabling SMBv1 in certain scenarios can lead to an almost biblical level of devastation and probably an exercise in résumé writing. Recovery will most likely require a physical visit to each machine in your organization, remote or local. There is no “undo” switch, no command in which to recover from a loss of authentication due to SMBv1 disablement (except maybe something like setting up a scheduled task to undo the change locally should things go terribly awry).
What could possibly go wrong with disabling a communication protocol that’s been around for 30 years? Here’s an incomplete list (note: some vendors are actively working on resolutions to this, so if you see this in the list, confirm with the vendor and update your application/appliance as appropriate). But first, another warning from Ned Pyle, master of the SMB over at Microsoft. He had this to add after someone asked him why he didn’t provide a script to remove SMBv1 after he authored a scathing article about how SMB1 was evil.
“Because if I gave out a widespread removal script, it would be like throwing a bomb over my shoulder. People would simply run it without thought because it came from MS. You must always approach protocol removal with caution when you are responsible for 2 billion computers. That’s why I provided all the necessary info on how in 2696547 and leave it to IT pros to decide how they want to do it with their umpteen hundred methodologies and 3rd parties. 12% of all SMB communication worldwide is still SMB1. [emphasis ours]” -Ned Pyle Quote (direct link)