Webcast: Building Intelligent Packages - Transcript

company JJB
JJ Bateman|Updated May 12, 2021
building intelligent packages
building intelligent packages
    No Data

    Lex, Kelly, Jake, Jordan

    Lex  00:00  Everybody, Lex from pdq.com. We're talking about intelligent packages today. Maybe that's ironic that I'm doing it. But you know, that Jordan helped me out today. So we're gonna jump in and talk a little bit about what makes a package intelligent.

    Kelly  00:16  And we're actually going to start with that question, We do have a question to kick off the show today. And it is from our good friend Marcel. He would simply like to know, what is an intelligent package? And does it have AI?

    Lex  00:33   I'm gonna definitively answer that. Yes. There's a lot of a and I know, I don't know, Jordan, 

    Jordan  00:40   I was looking into it, and I did find this. Skynet.exe. I'll try. I'm sure there'll be no consequences. But it seems to be working great. 

    Lex  00:47  Ai Skynet. I love it. Let's go with that. So Alright, so couple of things that are involved in obviously intelligent packages one conditions, right. So some good ways to see conditions, we have a lot of our pre built packages, say 7-zip, have got conditions at the package level or at the step level. Again, if you grab a step here, you go to conditions, you'll notice, we're doing a step to install a 32 bit version of 7 zip, and right here, it's only going to install that 32 bit on a 32 bit machine. So that's a version of intelligence, which I kind of like I mean, it makes it very, very usable and very dynamic. from that aspect. The other thing you can do is, again, you can reference in your own packages collections that you made. So you have logic there, Jordan thoughts, 

    Jordan  01:44  the best intelligence is the one that we don't have to come up with. So we've built a lot into it by default, that will remove a lot of the questions you have on making sure you're hitting the right targets. 

    Lex  01:54  Absolutely. And a good example of that is let's just take a look at our windows 10 cumulative updates. In this case, I got the one that does the 64 bit version of 2004 2009. And you'll notice that runtime on these installs, each of these steps, actually goes and checks the registry key right here for the pattern there. So again, if you accidentally send this out, this package is smart enough, it's not going to install on like 1909 1903. So that's part of what we're gonna do today is take this a step further. Okay, so these are tools at your disposal, Jordan and I in a moment of brilliance, and it was a short one, came up with a way to do a package that actually interacts with your end user. So what we're going to show you today is how you can send a deployment out, ask an end user if they want to delay it, and then have it run again later. Jordan any additions to that? 

    Jordan  02:51  My my first thought was Jordan Nye, who I believe you said, Hey, do you think you could do this in PowerShell? And then I wrote it? 

    Lex  02:58  Yeah, you've never. The thing I love about that question is he never says no, I can't do it.

    Jordan  03:04  But as far as the reasoning, this might come in handy, like in the case of 7-zip  the first step it does is it kills the process of 7-zip. So if that was critical to their job, and you don't know if they're working on it or not, you don't want to kill it. This will give the user a chance to say not right now try again later. 

    Lex  03:19  Or just delay it because they're in the middle of doing something important.

    Jordan  03:22   So in this case, we'll give him five tries, and then we'll just do it anyway.

    Lex  03:26   Is that we're gonna do 

    Jordan  03:27  I think so. 

    Lex  03:27  You're much nicer than me. All right. prebuilt, this because obviously, you guys have seen me type. And honestly, that is too much typing for me. So what we're going to start off is we've got a PowerShell script. And here's kind of the outline of what it's going to do. It's going to ask the end user, do you want to have this installation Now? If they say no, it's going to put a file on that machine with a count in it. And then the scheduler kicks this off? Again, I'll show you how to build the schedule. But ultimately, this gives them a certain number of times to say no, before we just force it down their throat, right. 

    Jordan  04:04  Yeah, I mean, at a certain point, they just say no, because they don't want to not because they can't

    Lex  04:08   Yeah. All right. So just how this breaks down right now guys, we're calling this countdown, ps1, Jordan will explain all the details of that towards the end. He's got a parameter here for a timeout. So we're gonna give them 10 seconds to answer if they don't answer, it's gonna automatically kick off. You may want to give them a little more time than that. But for the web show today, this is what we'll do. And then we're gonna have three attempts. Okay, they get three delays. Now, what we are going to do is I'm going to add a nested package step here, which is let's do that install 7 zip. Install 7 zip, any manway just like that one, because it's easy. 

    Jordan  04:47  Yeah. One thing to think of is, I mean, if this works, or if you want to multiple installs all in one, you could do multiple, nested but the reason we prioritize that to change it there is if you have multiple bits of To do at different times, you can recreate that package and just change the parameters in that package itself without have to modify the PowerShell. script. 

    Lex  05:07  Absolutely. So at this point, I should probably rename this right? the delay test was a very descriptive dash, maybe 7-zip, we know there's a possible delay of 7 zip. All right, with this, we'll save that, I need to make a schedule for this to run now, we're going to delay this an hour, right, so they can delay it up to an hour. So the schedule for this to make this work the way I want it, because we're going to get 7-zip out to all the machines that need it, we're going to do a new schedule. I am going to preface this with delay. So we know that there's a possible delay on this. for 7-zip, zup, zip, there we go. Now triggers on this, we're gonna run this on an interval, we're going to do it, we'll say once an hour, and I want this to run on the hour. So again, pick an hour that it's going to start running on and then run every 60 minutes. So I think 11 o'clock is good at this point, because it gives me an hour to try and get through this before it kicks off on its own. But Alright, targets. Pretty simple. Again, we're going after machines that don't have 7-zip. So I'm going to go to the inventory collection, I'm going to go pull the machines that don't have 7-zip installed at that point. Now, any other caveats or thoughts in regards to the scheduling of this? Well, you do want to make sure that you have checked the stop if it was successful. That way, if something does go wrong, you're not going to try to install it multiple times. Okay. The other thing, it's taking a minute for this to load our collections in the cache, is we are also going to build a scanner so that we can tell which machines have had the opportunity and have delayed actually running the install.

    Jordan  06:54  were using this collection for an example. But we did not remove the one we built in our dry run. So I don't think there are any machines that don't have it installed.

    Lex  07:04  I hope I hope we're good here. We'll find out momentarily. Let's see. 7-zip, second, pull the collection up and find it. But Alright, so there's my schedule, right? Delay 7-zip stop playing targets once they succeed, thumbs up? We'll give that an Okay. All right. Now, on the other side here, let's go and build that scanner. Now. This PowerShell scanner is pretty easy. So I will explain this one because it's just not a lot to it. Basically, what we're going to go look for is, you know, when the end user does click that they want to delay it, they say no, we are going to build the countdown. txt file and temp path here, it's going to go if that file exists, get the name of it the last right time and how many attempts are left in there. So that's that. So to build that we go to scan profiles. We'll do a new scanner, we'll call this because it is PowerShell PS, delay. In this case, we'll say 7-zip just because it's very descriptive for what it is. All right, Jordan, when you built this any any thoughts or?

    Jordan  08:16  Well, for our example, they're hard coded the location of the file in there. In the one that I have up on the GitHub, it is just a variable. So you only have to change it in one spot if you don't want to use the C temp. So it is a little bit I guess, more intelligently designed now. 

    Lex  08:36  Okay. Now the other thing, right, we've got that schedule running on the hour, you can schedule your scanners to run and we're going to do just that, we're going to schedule this scanner to run on an interval interval, it's also going to run every hour, but we are going to have it run 10 minutes prior to the schedule kicking off. So we get some pretty decent information in regards to you know, what's going on. Now, if you got big environments, probably want to make maybe even 15 minutes. But again, 

    Jordan  09:07  it's a very fast scan, it really is if this file is here, then look at information within it. There's no deep dive, there's not a lot. So it goes very fast. But something may be tested a few times in your environment to make sure you're leaving enough of a buffer within the 10 minutes. 

    Lex  09:21  Absolutely. And the other thing to do to minimize the number of machines that we are actually going to hit with this. We're going to go after the specific 7-zip not installed machines in this case. So again, it's going to run and it's going to limit it not to the entire network, just the ones we're concerned about at this point. So give that an Okay. And I'm going to kick that off. Because we did actually do a little pre work. So we had something to show you guys. So I'll go and scan a collection. I'm just going to run that against all the machines 

    Jordan  09:52  gonna be disappointed. 

    Lex  09:53  Am I going to be disappointed 

    Jordan  09:54  it successfully ran when we're in the pre show? So

    Lex  09:57   did it really

    Jordan  09:58   yeah. So everything that we had set up is removed because that doesn't need to file it was done. We don't want to leave a trace. 

    Lex  10:04  Are you kidding me? So all that work we did? Well, let's find out because I'm now going to build a report to find out that it ran and because we didn't delete it. So in this case, again, when you build a PowerShell scanner, you're going to have a new table. Right? new report base report. I want the computers where he Yeah, did, didn't it? 

    Jordan  10:23  Yeah.

    Lex  10:23   Oh, man. Where the new PowerShell table 7 delayed, we're going to have the don't necessarily need the name because I know the name of the file, but I want the last edit. And I also want the current count. You know, you're right, Jordan, this is something to show you guys. But okay,

    Jordan  10:45   if we successfully hit no one any of those then that one would have something but 

    Lex  10:49  Deeley 7-zip. So we're having a bad dealee today. But what we'll do is we'll run this after we actually try and run this one Oh, check it out. I stopped it in time. 

    Jordan  10:59  Alright.

    Lex  11:02  So this is what it looks like. Obviously, yesterday, guys, they ran this at 147. And said everybody had to, but these are the machines that say that did in actuality, said no to that deployment. So lucky us. 

    Jordan  11:15  All right, we did it.

    Lex  11:17  Alright, any? Should we take a question before we actually start attempting to run this and see what happens?

    Kelly  11:23  Hey, guys, wondering if there are plans to add the ability to remove steps from the package library packages, for instance, I want EDG to always be up to date, but all the steps are grayed out, J back.

    Lex  11:37  So j, let's say you're doing edge or chrome either way, right. Any of the ones you download from us, they are going to if you open them up, be grayed out. That's because their auto download packages, okay? Again, probably know this, if you want to change these steps, you're going to have to go into the properties, options, and convert standard package. Now it will give you this warning that says it's not going to be an auto download package anymore. But now I can edit this, modify it. Okay, my suggestion if there are things you want to do and keep that auto download feature on that, either hit it with pre conditions or post set pre steps or post steps. So that you know, let's say you want to undo the fact that we disable the auto update, but you still want to get the latest version. Just reverse that in the post step. Jordan thoughts.

    Jordan  12:30  That was the only thing I could think of, once we make it editable like that. We can account for it if it's downloaded the new one. So it's Yeah, that's what I mean, the post apps do work great. It's just one extra step to add. And it will maintain that step through the updates

    Lex  12:44   that it will then will we have another question?

    Kelly  12:50  Dear Lex and Jordan would it be any advantage or disadvantage to using a registry key instead of file to keep up with a number of attempts? Thanks, JVC. 

    Lex  13:01  You know, I think that's mostly a preference. tattoo and a registry. I believe the only time I want to put something in the registry is if it's significant. I'm not going to delete it. That's my personal preference. So I try not to do that unless it's something I want to stay there permanently Jordan. 

    Jordan  13:20  Either one's gonna work fine.

    Lex  13:21   It will.

    Jordan  13:22   Either way it's creating an entry and then modifying as it goes. Yeah. So whether you read a file or read the registry, it's up to you. So if you'd rather do registry, it wouldn't take a whole lot of change to make that work for the script. 

    Lex  13:34  Absolutely. All right. Should we do a drum roll and see if our stuff works?

    Jordan  13:40   I'm actually pretty confident

    Lex  13:42   are you pretty confident.

    Jordan  13:43  It's the new feeling for me. I'm liking it.

    Lex  13:45   Oh, Alrighty. Alright, so I brought up Bugs Bunny, we are going to be deploying our super cool delay 7-zip to Bugs Bunny. No, run the reports, we can see what that looks like afterwards, actually scan and then the report. So we're going to simulate the actual steps that are going to happen in regards to the timing and your schedule. So off to the races we go so we'll minimize this. I will go to delay 7-zip. We will deploy this once to Bugs Bunny. I actually typed that right. So win for me right off to the races it goes. So it should pop up a message. There it is. We're going to install the update, install some software you're ready. If you select No you'll be asked to get in an hour. You can delay the install three more times. And it disappeared. There's that 10 second timeout, apparently I need to read faster. So at this point it did the if you ignore it,

    Jordan  14:48   it's installing it. 

    Lex  14:50  It's installing 7-zip. So while that's finishing, there it is installing 7-zip. I'm gonna go all through this. We're gonna change that to that first step, we'll change that deleted 15 seconds. How does that sound? Oh, it sounds good to me. 

    Jordan  15:08  15 seconds, 

    Lex  15:09  you think I can read in 15 seconds? 

    Jordan  15:11  I think at this point where you're showcasing I think I have the default set in there for six minutes.

    Lex  15:15   Oh, that's okay.

    Jordan  15:16   Yeah, just 15 or 10 is not enough. You want the user to be able to see it and have time to interact with it, otherwise, it's going to run and they will be upset

    Lex  15:24  . Yeah. All right. So this actually succeeded. This time, I'm gonna read faster, we're gonna do the same thing. So just redeploy this again to 7-zip, it should come out and ask us again. Here we go. And we should have the same number of attempts, because it already deleted that file, right. So here we go. gonna install 7-zip, blah, blah, blah, you have three more installs, I'm going to hit No, this time, I beat the 15 seconds.  All right,  I did have to blah, blah, blah, to get there. But at this point, we'll come back and look, and you'll notice it has failed. Okay. And there's a reason for that failure, we go and look at the PowerShell script returning an error code of 654. And then obviously stopped the rest of the deployment. Jordan, the significance of 654, 

    Jordan  16:13  I did a lot of market research on the best way to randomly hit the keypad. And that's what I came up with.

    Lex  16:20  You just boom, that's the new error code. Now, as long as that error code is not in your success codes right here in our deployment, the only success code is a zero at this point, it's gonna air out. And we do have the option set to stop deployment with an error. Also, on this step, a key thing, you must make sure you run the message as the logged in user, otherwise, you will be popping up that message system as the deployment and the person will never see it. It'll wait to delay and then do the install. So a couple important steps there. All right. Should we try this again?

    Jordan  16:57   Let's see if we can follow it to its conclusion. 

    Lex  16:59  All right. So at this point, this should be we're going to redeploy it again. 

    Jordan  17:03  If it doesn't say to then things aren't working. 

    Lex  17:06  If we are math not working. All right, you can delay the install two more times. I'm going to give it a no. Again, we should see this deployment fail again, it did fail with a 654. I'm glad you spent a lot of time googling that. 

    Jordan  17:24  Well, if you don't do without market research, is that appointed to it? 

    Lex  17:28  Yeah, you're right. Oh, you know what, let's do this. Let's say the schedule. Let's do that scan parts, we can see the scanner actually work. So I'm gonna go to Bugs Bunny, and we'll run that. Seven, that 7-zip delay, and then we'll kick that report off real quick and see that it actually is showing up there with how many more options we got left. So we actually/... reports. Teach. Tell me, I saved my report. 

    Jordan  17:56  I don't think you did.

    Lex  17:57   Dang it. Well, it's easy enough to build. You'd have to trust me on the show. Just rebuild it real quick.

    Jordan  18:02   Let's do it. 

    Lex  18:03  Okay. Report, remind me to hit save this time basic report. Again, this is super simple. computer name. We want that PowerShell seven. And we will do this twice. We want the last Edit and then the count. Current count dee-lay All right. I'm going to save it before we run it, we should now hopefully see that. We run this against everybody out here. Bugs Bunny has run this is the timer and we got two attempts left at this point, or it's marked it too. So. So yeah, we're getting the info we need. Let's, let's do it again. I'm not gonna walk through that process again, when we will just take it to fruition at this point. So back to deploy. Let us go and redeploy this again. Hit deploy, go to Bugs Bunny message comes up, it should say one attempt left. Nope, we don't want to do it. I'm going to close this error thing. And we already saw. 

    Jordan  19:12  But this is a very stubborn user. 

    Lex  19:14  Yeah, well, you're not don't want to install it. So let's say it's delayed another hour. Now the schedules kicked off. Once again, it deploys and comes up on mystery, the bunny. You're out of delays. We're now installing. Now whether or not I hit okay. It's going to install at this point, same timeout, 

    Jordan  19:36  the timeout the okay or the x is going to it's going to get into the install. 

    Lex  19:40  So at this point, so here's the hurdle, right? I mean, we showed you that the hurdle between getting to the end user and back is that PowerShell and you're gonna have to be able to query that file that's on the machine, get that information back and forth between deploying the end user using the PowerShell. Want to do another question for bring Jordan Up to explain how all the magic on the back end works. 

    Kelly  20:04  Sure. Hey guys love the idea of users being able to choose whether or not they want the installation to occur. Is there any way to make the pop up they get look more like a legitimate message not just a generic message they usually ignore with icons or images? Thanks, guys love the webcasts, Chris s. 

    Lex  20:25  Now I'm very domain, we use PowerShell to do the Jordan thoughts. 

    Jordan  20:29  So I mean, the way that I did it in PowerShell, I did a very basic one, just because I could finish it in a single line for you can make it far more complex, you can make it dominate the screen no matter what make it or change the icon up top. So it's an error or whatever you want. You could even do a customized which is just customizing that script instead of doing the quick one liner that I have. But anything you can have pop up with PowerShell you can have pop up in that script. 

    Lex  20:58  Absolutely. Absolutely. One another one I should let Jordan appear to show the magic. Let's do one more.

    Kelly  21:06  Hey, guys reading the script. Now. Have you thought about adding another parameter like attempts slash timeouts? to name the software? That way the user knows what is being updated? Thanks, Evan. Yes, absolutely. I thought that I was gonna showcase in the script. 

    Lex  21:22  So we're gonna take it out  the way so you can see it

    Kelly  21:28  trying to steal Jordan's Thunder there.

    Jordan  21:36  Alright, that is an excellent question. So in PowerShell, adding to another parameter isn't a big deal at all, you're just going to want to add a comma after the timeout, and we'll specify this one as a string. And then we're saying correctly. And that one, I don't really have a default in there. The reason I didn't add this is because without a default, if you have that variable within the package, it's going to put up something. So I guess you could put, I guess, in there would just for now, test. And then just down here on the message line on 16. We're going to install an update, and then you do a dollar sign package here. And then the last part change would be 

    Lex  22:27  like the grammar you left, we're gonna install package some package,

    Jordan  22:31   some package. And then just if you wanted to have that customized within the script itself, just after the countdown, here, you just come and do the dash package, and then whatever you want to name it, Firefox or whatever. So it is actually possible to do as a quick add it just without having a default software to put in there, I didn't want to include the variable within the message itself as I didn't have that one. But it is very easy to add. As far as how the rest of it goes. After we create these parameters, it's, it's gonna come down and test if the countdown file already exists. If it doesn't exist, it's going to create it. If not, it's going to subtract one. So we're making sure we're getting the right number of attempts. And then basically, if attempts are greater than zero, then it's going to give them the option to hit No. And this is where we're doing the W script shell. The reason I did this one over a dotnet. One is the second line here, the dollar sign timeout, the timeout window is built into that one where you don't have to do any extra code where if I do with a dotnet, you have to add the timer in is a lot more lines to add. And I just was looking for a quick one. But if you are looking for a different version to make it more professional Anyway, you can still add the timeout just a little bit extra steps on that one. And then it's the name of the window. And we're gonna want to undo that. For is the yes no option and that does graph x, they can't hit X, they can only hit yes or no or have a timeout. And then if it isn't zero being interactive attempts, that's where the zero is just the OK button. And then after that it's just a switch statement. If you are going to do the dotnet one, we're talking about a little more complex the results that if they click Yes, it's going to respond with Yes, where on this one, if they click Yes, it's going to respond with the number six. So you're gonna want to make sure you update the switch statement to what the actual response is. But basically, it's just one means that they've hit zero, which means they had the okay or X button. Six means they hit yes, it's going to go through. If it has the file, remove it. The reason we do the test is if it hit yes on the first install, then there's gonna be no file and we just don't want to have that error. So it's if the file is there, then deleted. 7-means they hit no and that's where we change the countdown from the file or create the file and we specify our highly researched exit code and negative one is Is the timeout period elapsed. So, I mean, it's, there's not a whole lot to this one, it's just kind of a quick pop up for the user. And then based on the results, it's going to create things and the registry works fine. We just did the file for this one. Alright. And then as far as the scanner, I have the path on this one the same as the package. If you change the package, you want to make sure you change the scanner as well, which is why on the get download, it's more, it's just a variable that you can put in there, instead of having to update all those lines. 

    Lex  25:34  What if I wanted to put that file in a different place instead of C temp, 

    Jordan  25:40  you come to the top of the script here to find out the name of the parameter, and we see its countdown file. So we just be in here, we could do a countdown file with the proper spelling. And then it is possible at this point, if you have a specific location per package, you can create a custom variable and that will import that into there. At this point, I think instead of

    Lex  26:05   intelligence,

    Jordan  26:06  yeah, instead of C temp, it's now c temp, temp, file temp temp  I think that's what I made the variable. So that's pretty much everything for that one is not super complex, but you can customize it, you can have multiple packages for different or, you know, for different installers to be able to dive through it. And then, as far as the reason on the scanner, we grabbed the last update as well just pull up the report here. You could create a question based on this one where basically if this is over an hour old, that means they have found a way around the logic somehow. And it's not even attempting anymore. So it's something where you could create a collection to basically if the date here, that's not there we go the date there is over an hour, then you can either call and have a conversation or my personal favorite, send it anyway, 

    Lex  26:57  force it. Full, contact it.

    Jordan  27:00   But do we have any more questions? Okay.

    Kelly  27:05  Hey, guys, what if the local user does not have the admin rights to install apps? Thanks, Marcel L. 

    Jordan  27:13  So we're running it as the login user. But it still has your permissions

    Lex  27:17   if you look at each step. So the step for the message is run as the logged on user. But the step for the install is in this case, Quintana, who is set up as a domain admin so you can set that per step. 

    Jordan  27:29  So this is just the pop up boxes, there's everything else will be whatever you set.

    Kelly  27:36  Dear Jordan and Lex, is it possible to allow a package from the library to continue instead of stopping if an installation failed? This would be useful for multi nested package installations. Thanks, Robert C

    Jordan  27:52  Let's see if I can find 

    Lex  27:53   do this. Add another nested... Yeah, right there. Perfect.

    Jordan  27:57   Yeah. So in August, we go to the nested package. And it's when you can come in here and error mode right now it stopped appointment with error. But if there is an error, you can come in and say continue or stop with success. And that'll give you a little bit more control if you want to continue anyway. And then it will in that one let you know which steps failed, you might have to go and rerun those.

    Kelly  28:20  Guys, is it practical to scan a target during a deployment step because a later step in the package may be dependent on collection membership, just trying to build more smarts into the package. Thanks, John B.

    Jordan  28:34  For that one, you can actually put in a scan step. So we'll say after the first one runs here, where we have the PowerShell. The next one, we can come into a scan where it scans as the default but our

    Lex  28:47   delay 7-Yeah, 

    Jordan  28:49  so that way. After that one runs, you would want to then put on the step one where the options on air continue. So it's still gonna give the air but then we'll go down to this next one, where it will scan and then on this one you would want it to after the scan still fails so it doesn't go down to the install. 

    Lex  29:05  You'd have some issues there. Obviously I would do this, I'd scan the step and let it continue because the scan is gonna run and then put conditions on the Install step whether or not to run off of whatever dynamic collection you built from that scanner. If that makes sense. 

    Jordan  29:21  Yeah, and that way after the scan even without that you could have like a file step where it looks like the file is being there file exists that means it didn't end 

    Lex  29:31  there you go

    Kelly  29:35  Hey, guys speaking about pre built packages. Do you know why Google Chrome enterprise installs in the program files location instead of Program Files x86 even if your computer is 64 bit thanks, German P.

    Lex  29:50  I don't know what I'm gonna go with. Yeah, I don't know.

    Jordan  29:56  that does time inconvenient, though. Yeah. to track down, I'm not sure why Google has that one, or whatever we have is just from the installer that they provide. Yeah, it's

    Lex  30:06   kind of stumped us there. 

    Jordan  30:07  Yep.

    Kelly  30:11  Hi, I love PDQ. But my organization is getting big . Is there any way I can assign a group of users to just deploy software, I will need some traceability as well, thanks GDP, German P.

    Jordan  30:30  The best thing I can think of is if you have the central server setup, you can set accounts that can open up that console for the deploy, but you can't really limit what they can do. 

    Lex  30:39   you can determine who can use it. But once they can use it, they can do everything. Now as for seeing what's done if you go to inventory, or First, let's pop open deploy Jordan, and go look at deployments. So if you look, there we go deployments, you can go grab any one of those deployments, anyone. Yep. And you can see, it was Bugs Bunny, as you scroll to the right, you can see who actually ran that Quintana on it. That's the deploy user. So there's some accountability there. It is also an inventory, you can look at all the deployments per machine, what was deployed, when it was deployed, and who deployed it. So there is some tracking there, but as for locking people down to certain, you know, you can deploy it and you can build packages. Now, there's not that

    Jordan  31:26   if there's certain ones you want to trust users to use, but not yours, you can have the main credentials go in there, where you have a hidden file or hidden folder where you can put those in there where other users can't see it. And unless you move out of that folder, oh, yeah, if you are in central server mode, everybody who has that has a private folder. And as long as it's in your private folder, only you can access that. So that one, the more sensitive are the ones that you don't trust them for, you can put that into your private folder, everyone else that can see what's not in there. And so they're kind of limited what they can run on that one, but they could still build. 

    Lex  31:57  That's a good point.

    Kelly  32:02  Gentlemen, we have a large system 10,700 plus computers, is their server hardware recommended limit, as well as best practices for the number of installs and scans at one time to get through scans and deployments without dragging down the system. Thanks, Jake Ah,

    Lex  32:22  you know, I just shot a video last week, I think Jake finished editing it, it was on inventory best practices. And so here's the thing, I will say this in regards to where to install, it definitely installed on a server because servers can handle more network connections. I like putting it on VMs. So you can ratchet up and down your memory and your CPU kind of finds that sweet spot. And then if you watch that best practices video, it takes you through all the settings that will allow you to and I go through how to calculate the best options. And again, each network is a little bit different. So you know, I'll give you some parameters, get it in this area, and you should see some pretty good results. 

    Jordan  33:03  With that many devices. That's where intelligence becomes even more important, because you only want to target specifically looking for if everything's just kind of scattershot, you're probably going to get a call from a network admin wondering what's going on. So yeah, follow links is video, fine tune, use best practices, and then just make sure you really hone in what you're scanning and deploy and to only hit exactly what you're looking for.

    Jake  33:28  Alright, two more questions.

    Kelly  33:30  Dear Lex, and Jordan, any chance you'll ever add the ability for us to make our own custom packages that work like yours do where a new version automatically updates, any computers that have a previous version without having to mess with schedules and such?

    Jordan  33:46  So we have a webcast that covers most of this.

    Lex  33:50   Actually, it does, it covers almost all of it short of grabbing the new file and bringing it down.

    Jordan  33:55   Yeah, so basically, it goes through and it just based on folder structure, it will go through and update the package and your variables on both devices, you know, and handle all the same, you just have to basically provide the new installer and give it the folder with the name and the version. I think at some point, 

    Lex  34:11  Colby just popped in the there's a video, it's automating packages that aren't in our package library. So that's the video and just see, you know, Jordan and I, and I'm just gonna say, Tim, thank you, Tim, for the script you sent us. We're gonna update that because Tim showed us how to actually go out and auto pull that stuff down.

    Jordan  34:30   So basically do a web scrape and we'll pull it down for you as updates, and then that should be able to almost completely replicate. 

    Lex  34:36  Yeah, that one that's gonna be a future webcast. Guys look for that one. The only thing that's going to be missing is the testing. So every time new installs come out, for instance, in our package library, we test to make sure the install was supposed to on this one, if something changed, that installer is just gonna break and we don't have a way to test for that. That's the only thing you still have to account for. 

    Jake  34:55  Okay, actually two more now.

    Kelly  34:57   Yeah. Two more questions. Hey, y'all, can we create Create a package for fonts in PDQ, which will be installed by install step instead of creating script via CMD or PowerShell. Thanks div.

    Jordan  35:11  Installing fonts is something that I'm familiar with. 

    Lex  35:13  I think it depends on, you know, the font installer probably I mean, I mean, I don't use a lot of fonts. I can't even type Come on.

    Jordan  35:23   Yeah, I do know that they don't always work the way you're expecting on the install. 

    Lex  35:28   it really depends 

    Jordan  35:30   so it depends on if you if there's one font package you're looking specifically for, if you hit up support, I bet they can help you work through that and get that working

    Kelly  35:40  Our final question comes from the talented Deron be, is there any intelligence for failover with central server?

    Jordan  35:49  So if your central server fails over does it

    Lex  35:51    your server fails? It rolls to the next one. 

    Jordan  35:55  We don't we don't have anything like I 

    Lex  35:57  you could do this, right. I mean, let's say you've got central server one and central server two, you could have a script that just repoints your clients. I mean, I don't know if that's a failover but it makes it easier.

    Jordan  36:07   You'd have to have something that then updated both of them that you're doubling your updates per thing. 

    Lex  36:11  Yeah, that's a good point

    Jordan  36:12  work, but we don't have a way to

    Lex  36:14   there is a there's a lot of moving parts here.

    Jordan  36:16  Yeah. Not not natively that I can think of Yeah. Okay. All right, everyone, thanks for tuning in. Hopefully, this gives you a good feel for intelligence means you know, hit the targets you want to fine tune based on the ever changing environment. If you follow the collections, the scanners, and hopefully the PowerShell is useful. You can get your entire environment automated without having to touch it. For PDQ.com I'm Jordan.

    Kelly  36:43  Thanks for joining our webcast today. Congratulations Robert C and J PE winners of PDQ swag. Send us your info and webcast at PDQ. Thanks again for joining us and we'll see you back here next week.

    company JJB
    JJ Bateman

    JJ is a technical creative. He finds joy in programming, automation, and in participating in the artistic sides of things. You'll often find him drinking on Thursdays on the PDQ webcast, rambling and raging remotely at the Bermuda Triangle/heisenbug-tier tech at the studio in SLC.

    Related articles