Webcast: How to stand up PDQ Deploy & Inventory From Scratch - Transcript

company JJB
JJ Bateman|Updated May 12, 2021
image (3)
image (3)
    No Data



    SPEAKERS Lex, JJ, Jake, Jordan

    Lex  00:00 ---  Hey, everybody, it's Lex from PDQ.com today. April Fool's Day. We're gonna be installing PDQ from scratch. So, you know in case you happen to blow up the machine that's on you just get tired and want to install it again or install it for the first time. We're going to take you through that today. So Jordan, April Fool's Day things are going well.

    Jordan  00:20 ---  No, I don't have an April Fool's. I just want to say I appreciate you taking the camera for like five webcasts in a row. So I wrote you a little something on the desktop to show appreciation for all your hard work.

    Lex  00:32 ---  Lex is great. We'll sell both. I love it.

    Jordan  00:35 ---  It's all for you. Okay. Oh, no,

    Lex  00:40 ---  I didn't even read No, I didn't read it. We talked. Yeah, I know. I read in the PowerShell... Okay, so what's it gonna do? I don't know. We'll have to find this your fault you Dumbo killing inventory stopping?

    JJ  00:53 ---  Hey, can you center that so we can read it?

    Lex  00:54 ---  She can read it. What's going on? Did you uninstall?  No, we did you uninstall you need like the what? salted Earth version of uninstaller.

    Jordan  01:05 ---  I don't appreciate your effort at all. It was all just a lie to get you to click on it.

    Lex  01:09 ---  Yeah. Thanks. I think

    Jordan  01:15 ---  all right. 

    JJ  01:16 ---  so natural.

    Jordan  01:20 ---  There's nothing planned here.

    JJ  01:21 ---  Great thing, great banter.

    Jordan  01:22 ---  You like that?

    Lex  01:23 ---  You like that? Alright, installing. Gotta have the executables. We'll start with the deploy the deploy the deploy. So when you install, obviously double click on the XC. And then there we go preparing the install. Would you like me to read this to everybody? I can barely read my own. So I'm going to take next on that.

    Jordan  01:46 ---  We're gonna go ahead and trust our

    JJ  01:47 ---  I mean, this will be a great April Fool's. If you just went through this, and this was the show. There, you

    Lex  01:54 ---  just sit there and read 

    JJ  01:56 ---  if you could read. 

    Lex  01:58 ---  know, I resemble that remark. But I will say this somewhere here. I asked them to put that if you agree to this, you're going to be my towel boy forever. So

    JJ  02:06 ---  now serious question. Do we have any? Is there an Easter egg in there? I've never checked.

    Lex  02:11 ---  I don't know. I? I honestly don't know. I've only been mostly not read

    JJ  02:16 ---  it. But post in the chat whether or not if our lawyers are watching your watch if you stuck in an Easter egg, let us know.

    Lex  02:22 ---  Okay. Thank you guys for derailing. Alright, again, I'm going to take just the destination folder for the installed Program Files x86 Next, and then install pretty tough stuff, guys. That's why they let me do it. Alright, we'll finish and launch PDQ Deploy.

    Jordan  02:41 ---  Alright, so I'm just gonna, I'm going to take a while guys here. And after you deploy, you're going to install inventory.

    Lex  02:48 ---  Well, yes, yes, I am.

    Jordan  02:49 ---  I don't want to spoil it for everybody.

    Lex  02:51 ---  All right. Okay. Again, just trying to keep this real easy, guys. Okay, when you first start up, it is going to walk you through getting set up your licensing and your credentials. Here comes Do you think I can do this without showing our license? I'm going to put this down in the corner. Go browse for the license, which I did happen to put on the desktop. In the secrets of life folder. Deploy? You put it okay. And from here, it's two tabs and an enter tab tab. Enter. 

    Jordan  03:24 ---  I just wanted to show everyone the license that we're using. Okay. Yeah,

    Lex  03:27 ---  you know, it was a big thing yesterday when we're doing this. So without having a blacklisted blacklister license. Okay, you're gonna put that in there. Okay, you can run this in free mode. Licensing is way better guys, because it unlocked all the features. Now at this point, there needs to be decisions made, whether you're going to run local, or as a server. In this case, I think we're going to take the server install Jordan server install

    Jordan  03:52 ---  , I think that's probably the best way to go about it. 

    Lex  03:54 ---  And this has a few more questions that need to be answered. So click this, it's going to come up and give you the default ports for running the central server. Again. If you look up PDQ firewall ports. It's a great article here, written for it. Mr. Berg wrote it. These are the ports we use. You'll notice there's the port for the central server. And there's the port for inventory. JJ, I am failing at art class also. But okay. So again, this is what we're going to use to obviously open the ports so that we can do deployments and inventory. The other nice thing is we give you a really cool Group Policy Object to open that internally. So there it is, if you need it. Okay. Again, at this point, we're going to now need to put in the background service credentials now your background service needs to be at the very minimum local admin on all the machines Did you want to run deployments or inventory against this case, this is domain admin for us.

    Jordan  05:09 ---  While you're doing that, in the chat, Ryan says he starts with inventory over deploy, so he can do the network scanning while he's installing deploy.

    Lex  05:15 ---  What makes sense, it

    Jordan  05:17 ---  doesn't have inefficiency. Dang.

    Lex  05:21 ---  Oh, maybe we should get him up here. Alright, once that happens, it's gonna finish and we should have Deploy central server mode come up, and we should see it running since the remote. There we go. And it does designate his central server. Okay, now I will install inventory. And then we'll go through and set up some, we'll go through the options, make sure we got the most optimized for our network. And we'll talk about how you can optimize for your networks. inventory, very similar, going to double click on that exe. And we're going to take the defaults once again.

    Jordan  06:03 ---  So while you're doing that, and since a lot of it is similar, if you want to take a question, while you're going through that, just to kind of move it along, and you can move past the parts we've basically done with the boy, 

    Lex  06:16 ---  you know what, already done. Now in the time it took you to do that short of this popping up and walking through the 

    Jordan  06:21 ---  shows what I know, 

    Lex  06:23 ---  credentials in that. So again, it's pretty quick, pretty slick. Next, again, we're going to attempt to put our licensing without showing it to everybody browse. Once again, the secret life, inventory, two tabs, and then enter. You twice I did it twice.

    Jordan  06:45 ---  You got it all done.

    Lex  06:46 ---  It was so much more difficult yesterday, I don't know why it's not today. But now if you do put deploy in central server mark, you have to have inventory and central server mode for them to talk. So gotta match. We're gonna match server mode. Again, default. If you did want to scope this down to only listen to specific IPS coming in, this is where you would do that, or I guess you'll alter the firewall rule. But again, oh, the other thing, you want to match your background service credentials, it just works better. So in this case, it's pulled when I'm logged in as what was your password that we typed in the chat? I'm just kidding. Oh, 8675309. Jenny, Jenny, 

    JJ  07:35 ---  (impersonating Forrest Gump) Jenny.

    Jordan  07:38 ---  I actually have officially removed that from everything. So I could give the password if you wanted. No, no, we're good.

    Lex  07:43 ---  We're good. Alright, inventory is going to pop up. Okay, there it is. Beautiful. Let's just start in inventory. Because you know, network scan is going to take some time and, and that so first thing I want to do is go under options.

    JJ  07:56 ---  Wait, wait. First thing you want to do is recenter. Right?

    Lex  07:59 ---  Oh, that's what I meant. The first thing I want to do, because we have a new install is center this so JJ will leave me alone. Alright. So options, preferences, and Active Directory, we'll just start at the top, we're gonna go sync from Active Directory. 

    JJ  08:20 ---  And one more time.

    Lex  08:22 ---   One more center. That's right, bang, there it is. You know, it's not like I don't do this all the time. That's the thing I don't do. 

    JJ  08:31 ---  You don't do it ever.

    Lex  08:32 ---  ever. Alright, things to know, first of all auto sync, we're gonna set that I'm going to set it for seven days, because my lab does not change that often. If you have machines coming to go on a lot and your Active Directory, you may want to do that a little more aggressively, you know, maybe every couple of days, whatever. What you do want is this in the Delete mode, okay, we have imported mix sync and full sync, okay? import only means you import from, you know, Active Directory stuff in but if you want it out, you have to delete it. Okay. Now mix sync, you're gonna want to use mix sync, if you got workgroup machines, things that are not in Active Directory that you add by hand or you know from a list, okay. And in my case, Everything I have is from Active Directory, so I'm going to go full sync, in this case, that point we're going to include the container, I'm just going to grab at the top level, give it an okay, if you had multiple domains, you add this, you go back and change your domain, add the next domain. And you can get more than just one domain added to your sync. So there it is. I save at this point, seven days, it's going to kick that sink off. And it just added 58 machines as you can see right here. While it's doing that, I'm gonna go over to alerts. Now you notice our sign up for the webcast at the very top right here.

    JJ  09:53 ---   It's the show you're watching now,

    Jordan  09:55 ---  if you click on that,

    Lex  09:57 ---  well I'm gonna go and take that Okay, now, again, if you want to see those alerts, it's great. We try to keep them very, what minimal. We show the webcast. And then if there's any, like CNN moments that you need to know, we'll, we'll put some things there too.

    JJ  10:13 ---  So yeah, we had one about Adobe when it was end of life. Yeah, that was that was of note

    Lex  10:19 ---  Now the other thing here, I, this is a production machine for me. So I'm going to leave it in the release channel, as opposed to the beta channel, the beta channel, you may get updates very frequently, the release is only the ones that have been, you know, officially tested and ready for production. Should we take a question now? Should I move on any further?

    Jordan  10:42 ---  Yeah, all right.

    Jake  10:42 ---  Is there a best practice or must do for a new installation? I am not coming from scratch, but feel that I may have missed something. When we set up my newest client. This comes from hot toddy. Hey, Todd.

    Lex  10:57 ---  You know, we're walking through these right now. So these are the things you're going to want to look for, for performance, and that I'll explain a few of them along the way. So let's just keep going through the inventory. Preferences right now,

    Jordan  11:12 ---  Jordan, thoughts you can, it can vary based on the size of your environment. Since our lab isn't very large, we do a lot of time saving things where it cuts down on time, but uses more resources. But if ever larger environment, it might look a little bit different. So

    Lex  11:26 ---  very true. And I'll point this out, as we're going through. Let's jump down to logging. Okay, sending anonymous exception data back to PDQ. When this way, if you leave this tag, if anonymous, you know, you have problems and that we get some information to make the product better if you don't want to do that. untag it,

    JJ  11:47 ---  okay? It helps us fix bugs, it does in a lot of bugs that we fixed based on

    Lex  11:51 ---  also your event log, if you've got problems going on, you can put it in debug mode, just to understand it's going to produce a lot of logging in that case. Mail Server, if you're going to email reports, you need to set up your SMTP relay. I'm not going to do that today. But networking, this is the first place talking about optimizing things. If you've got a very large environment, a our heartbeat, that's what goes out and pings a machine to determine whether it's online or offline is default set to 300 seconds. If you start doing the math, you start getting over 3000 4000 machines. Okay, Mac is five minutes, yeah, it's gonna take more than that five minutes to cycle through all those pings. Right. So what will happen is before it finishes pinging all the machines, it's gonna start again. So instead of having this constant ping cycle, you're gonna probably want to do a little bit, I think we do 32 or 64 pings at a time, you know, and assuming the worst case, we can wait up to two seconds. So do a little math, figure out what you need to put that up. You know, I just double it if you get over three or 4000. Not as aggressive as finding other machines on but it's not pinging the crap out of your network.

    JJ  13:00 ---  Hey, Jordan, here's a here's a harebrained feature, not really a feature more of a PowerShell idea. A ping interval, or heartbeat interval calculator in PowerShell. If you have this many machines, here's what we recommend the interval will be set to

    Jordan  13:17 ---  it's not a bad idea, we'd have to, I guess, see how much resource to take. And someone in the chat said their DNS guys have asked them to lower their requests. So down to doing that, who can block your access, you might want to meet their needs as well as your

    Lex  13:35 ---  that is a very, very good point. All right, PDQ Deploy cleanup deployments older than this will keep your database clean, okay, if you leave that blank, it's just gonna retain them until you know, your database gets to a size that you want to clean it up, okay, 190 days, so you got a little bit history of what's been deployed to machines. I like cleaning that up. Again, your performance is going to perform, your performance is going to perform. That's right, the redundancy it's going to be your database will perform better when it's compact when it's smaller when it's clean. So that being the case, you know, that's one of the places you can affect performance. Now, if you go to performance, which is the next one, okay, computer scan times out WiFi timeouts and concurrent scans. If you've got really big environments, you may want to bump your concurrent scans so far, I found 32 seems to be a pretty good sweet spot until you get over 10,000 machines on a console. So again, you can play with this, just understand if you put that at three or 400 those scans, you'll start noticing your machine, you know, having some performance that we can't give you a guarantee if this number machines this will work because there's just so many factors. Kind of harder, you're where you have it on how's your network, that kind of thing. So for the most part I'd say that's pretty solid. But I will say this, right here, this service, TCP manager connection, notice it's disabled, I disabled this. And it happens to take away a lot of that preparation where it sits and says it's preparing for a little while to scan or prepare to do a deployment. The caveat on this, if you change that to disabled it is for the machine, not just PDQ Deploy in inventory. So just understand you could be affecting other things that are running on the machine.

    Jordan  15:27 ---  Not all the clients you're deploying to, but on the machine you have deployed installed the console. That's correct.

    JJ  15:33 ---  Click that question mark. For more info

    Lex  15:35 ---  clicked up?

    JJ  15:36 ---  Well, you don't have to, like I'm saying I'm suggesting it.

    Jordan  15:39 ---  There you go. He says, If you make that setting change, you have to reboot before it's really good.

    Lex  15:44 ---  Thank you, you do have to reboot. All right. Some of the things I mean, honestly, jumping down here, the other thing is gonna speed things up, ping before scanning. Okay, I just jumped down to scanning auto cleanup entries, 14 days, wake on LAN, if you do have wake on LAN setup, that'll work. It'll wake machines up or attempt to wake them up in the new scans just understand it'll wake up to, I think, five or six minutes for a machine to come online to do that. So it could affect how many machines get scanned in a period of time. So. So that's the settings for inventory. So far, so good. anyone you want to bring up Jordan, anything else?

    Jordan  16:24 ---  Well, in the chat, there's been a couple of things that are brought up. One person mentioned that they like having different credentials for deploying inventory to make it easier to track what's doing what and Ron, and there was, he's not happy that we used the local admin account, to do the install and have it to log in as well as for the background service 

    Lex  16:46 ---  is Alex watching because he'll probably come in and punch me for doing it too. 

    Jordan  16:49 ---  But it's probably a good idea. We did this because in our lab environment, it's a bit different. But based on your security needs, it's probably not a bad idea to have those be different accounts. And make sure the secured and you have to make sure that the background service has all the permissions it needs to be able to scan the machines. But on top of that, I

    Lex  17:08 ---  need to change my password from something like password 123 to something more secure, is that what you're getting at?

    Jordan  17:14 ---  Yeah, more secure is better, more secure, and more. So I'm going to take that stance.

    Lex  17:21 ---  Alright, I'm done inventory. All right, set up rocking and rolling. The other nice thing you're gonna notice when she was synced from Active Directory, you got Nia, your Active Directory is not clean. You'll have an opportunity now to see what's in there that needs to be cleaned up. Alright, let's go and work on the PDQ Deploy, which applies? Well. I don't know. I don't know what to do with the icons. Next to me. Alright, deploy. Again, we're just going to jump in here to options preferences. We'll start at the top alerts. One, I'm going to go Oh, I'm getting it. I'll get it eventually.

    Jordan  18:04 ---  It'll start not being centered excuses built in this time? I did. I do move all that's true.

    Lex  18:09 ---  I think you should change your hug back to the center me bat. Every time I bet at home hug bats at home

    Jordan  18:16 ---  while we're moving offices. Yeah.

    Lex  18:19 ---  All right, auto downloads. This should be enabled. Guys. If it isn't, I hope you have a good reason for that. This allows anything you download from our package library, when a new version comes out, it's going to auto download it for you. Here's where you change the setting for that default is seven days, I kind of like it because I don't like testing for Microsoft and anybody actually I like to have other people test. And then as long as that's good, that'll come down. So that's one setting you can do. Your database, in this case, is nice and clean. I don't need to worry about doing any optimization. But I would, you probably should do this on inventory. Also change your backup. So it's not on the machine that you're running it backup somewhere. A good UNC path put on a file share is a good idea. deployments, ok. Run packages as a lot of options here, I would stick with the default, okay? Because that's going to be the one deployed user is the credentials that you set up initially, have the local admin or domain admin credentials to do those timeouts, hey, this set at 60 minutes seems to be pretty good unless you're installing something that takes a long time. So again, this is a place to look but this is a global setting. You can do it on a deployment basis, I believe, change the time per deployment. We got to change it for the global. I can't remember what to find out. We'll check that. And then here database cleanup delete deployments after 30 days good idea to keep that database clean. Now this one right here is probably the biggest time saver. You know it's gonna go in inventory and kick off the defaults. Gain, which is the standard scan, and I will tell you this, okay? My hardware doesn't change as often as I install software. So that being the case, I'm going to grab applications so that when I do do an installation or a deployment, it's going to update inventory Pardon me, 

    JJ  20:20 ---  you don't run a data center?

    Lex  20:22 ---  No. Maybe run and manage? Probably not.

    Jordan  20:26 ---  The standard scans not slow by any means, but it does on top of the applications, get a whole bunch of other stuff. So just

    Lex  20:32 ---  grab what you need. Yep. Just get what you need. Minimize, expose  extremely verbose. And is it resource taxing? You know, they say never leave us a large word or a diminutive one will do?

    Jordan  20:45 ---  I don't think it'd be too taxing. I understand the history.

    JJ  20:49 ---  Yeah, like that.

    Jordan  20:50 ---  But just the initial scans can take the time.

    Lex  20:52 ---  Yeah. Now that we've beaten that to death, let's talk about being before deployment. Again, this is going to speed things up. Okay. Machines here, it's going to answer and then it's going to start to deploy as opposed to start in deployment, machine answers. Wake on LAN, pretty much the same thing here. If it's set up and used, it could eat some time waiting for the machine to come online.

    Jordan  21:13 ---  So that one's for if you do the ping Inishowen offline, it will attempt to use the magic packet to wake it up. Yep. So if you don't have that set up in your environment at all, don't definitely don't want that checked. But if you do have it set up, it is a way to get machines ready to go that might otherwise not get the deployment. True. True.

    JJ  21:29 ---  Do we have a resource where that helps people get that set up? A couple of blog posts don't we?

    Lex  21:34 ---  on setting up Wake on land? I'm not sure. I think we might take a look. Do we want to take a question? Sure. Okay.

    Jake  21:47 ---  All right, everybody, can you set up a custom variable to look for devices with more than one version? For example, I'm looking for PCs with all of these four versions listed here. Russell, k.

    Lex  22:01 ---  So yes, you can Russell, let me pop over to inventory. And again, options, variables, you can set up and we'll just call this app for now.

    JJ  22:14 ---   Pause. 

    Lex  22:15 ---  And I'll center it. Thank you. So I'm going to do this in a single and what we'll do is we'll say we're going to look for Chrome. And I'm going to use a regular expression. pipe or Firefox. I think we did this the other day Chrome or Firefox and now exit. This will just build a new dynamic collection referencing that custom variable, dynamic collection. I want machines that have an application where the name matches expression. 

    JJ  22:50 ---  Again, I'm gonna pause ya.

    Lex  22:52 ---   Oh, man, you know, I'm just so excited to show it. I don't even want to send it a fresh install Ctrl C, I'm gonna put it here. I don't call these apps. You have that? Okay. Now, you'll notice Chrome, Firefox, and those are machines that have Chrome or Firefox on it. And if you wanted to reference that in a report, you can do the exact same thing. Yeah, he said,

    Jordan  23:19 ---  if there's two different versions of the same software to PC, he went to separate for the number collection. I muted I apologize, but that so if he has app version one and version two, he wants app version one PCs only that do not also have to like to separate it based on that. So not just doesn't have each of these, don't put this one in this one, or we only want once only to have version one. So it's a bit more involved. I don't know if we could do that one. on the fly live right now.

    Lex  23:47 ---  I know it can be done. I mean, it's very similar to this in the regular expression that you can not match regular expression, this or that. So yeah.

    Jordan  23:57 ---  So on that one. We can do it. But not really. We can do it live without taking up the majority of the time. So yeah, put in a question with our support. I'm sure they can help you get that built out. Thank you.

    Lex  24:08 ---  Absolutely. All right. Logging, same thing here, as in inventory, right? Sending anonymous data helps us make the product better for you if you want. And again, if you're troubleshooting, you can debug, just remember to turn it off. Again, mail server, same thing performance, okay. Now this can be a little bit too... concurrent targets per deployment. So right now it's set to eight. So I can send chrome to all the machines in my lab. Let's say I have 50 machines, it will do a depop. Okay. Now, total concurrent targets means I can send 8 chrome I can send eight Firefox I can send eight until we hit 32 concurrent. Okay? The other nice thing is when you do prioritization, you can actually bump those numbers. It'll automatically bump the numbers up as you prioritize things up to the point where you Hit total concurrent targets. So

    Jordan  25:04 ---  that's another, there's no default best practice, it's kind of your environment, if you have amazing speeds, and a network team is not paying attention, just crank that right up,

    Lex  25:13 ---  I will say this, I did help a customer who had over 15,000. And when she had that set to like 200, and it did have an effect, they would deploy, and then they get so much data back. The machine was chugging through in, you know, putting the data back in the database. And you could see it actually, you know, it would log up or kind of back up. Eventually it caught up, we found in that case, we changed it to 32 on like, I think it was on 124. And things went good. So again, you know that some scientific wild guesses there swag. Yeah. So

    JJ  25:56 ---   good self edit.

    Lex  25:58 ---  Thank you, thank you. No one's gonna talk to me after about my bad mouth. Copy mode, pushing and pulling. All right, if you put in, I would highly suggest you put your repository on a file share, again, a nice, good UNC path, this is putting on the C drive. If you do that, you're going to want to come back here to ‘Performance’ and push change that over to push so it doesn't copy. If you leave it and push it'll copy from the file share to the console to the end note. If you put it in pull mode, it will send the instructions to the end node to grab it from the file share. Okay, and if you're doing site to site and you're doing replication, definitely want to do it and pull. Again, same thing here. TCP kit, TCP connections, same thing I said earlier. Again, that helps minimize the time to connect to a machine. So again, try that in your environment. repository I didn't mention. Okay, the other thing, see unused files. Apparently, I had a bunch from the legacy version. Okay, we didn't change the repository. So we removed a lot of stuff that we didn't clean up and didn't clean up your repository. He didn't send her either. And I didn't send it, you know, it's just not gonna happen, JJ, without being reminded and keep going. Not gonna happen. Finally, another thing I want to just finalize, you know, end on in regards to set up your target filters. Okay. JJ will appreciate it. If I don't deploy to WKRP or RickSanchez, right?

    JJ  27:28 ---  Yeah, WKRP doesn't matter much anymore. That machine's been off since.

    Lex  27:34 ---  since forever.

    27:35 ---  Since? Yeah. Okay.

    JJ  27:37 ---  Since bats made the news, 

    Lex  27:38 ---  you notice the two things I've done here, right, I put a splat at the end. Because we get multiple Rick Sanchez, this I probably should have put a splat because we do have we do. But again, I'm going to exclude as opposed to include it's like whitelist, or blacklist, right? This blacklist machines not to get deployments as opposed to I would have to go add every machine for inclusions. So it's a place that you can, you know, put a little less secondary protection in regards to deployments. What's your thoughts, Jordan,

    Jordan  28:08 ---  I just Just be aware that if you eventually do want to send some things on the target list, once you set it, you're probably not going to look at it again. So if you're trying to deploy to those at some point in the future, as I have done, you have to go and remove from there begin to go or make an exception for a brief time. Very true. Very true.

    Lex  28:29 ---  So that's basically, from scratch ground up, went through some of the most of the preferences that you need to, you know, tune your performance. Should we like to do a speed round, we have more questions.

    JJ  28:41 ---  That's a great idea. 

    Jordan  28:42 ---  Let's give it a go.

    Jake  28:43 ---  All right, we do have a few left. All right, here we go. Not on topic, but I have recently noticed that I am no longer able to see running processes. When viewing computer details and inventory. It used to take 10 to 15 seconds for the window to populate in the past but now just hangs on the opening database. When I click on processes, what did I break? Jeff p wants to know,

    Lex  29:06 ---  opening processes. So if I open a machine let's say BugsBunny. And we're gonna go take a look at processes here. There. So it's connecting, this is actually connecting to Bugs Bunny right now and pulling the processes that are actually running. So it does take a minute, maybe not a minute does take a little time to connect. There we go. There's my process and you can kill processes from here. So if you if that keeps popping, you know, send a send support. 

    Jordan  29:41 ---  In his case, he said that's not working for him anymore, which it should be so I would definitely open up a ticket on that one so we can take a look at why.

    Lex  29:47 ---  Y'all Alright,

    Jake  29:51 ---  next question. I am looking to sync PDQ with an outside cloud vulnerability system. Does PDQ have the ability to talk to cloud services via a rest To API or similar, so that I can push data from the cloud vulnerability system into PDQ inventory. Thanks, A Solomon.

    Lex  30:08 ---  Now, not there's no REST API, what you can do, again, is set up custom fields to take that data, have that cloud service, put out a CSV file, referencing the machine name, that's what you're gonna link on. And then you can, from the import under, let's just go look at these custom fields.

    JJ  30:27 ---  I think the REST API is on the cloud service on the cloud server.

    Jordan  30:32 ---  So it was on there, we do have the PowerShell scanner, which you could run against REST API on that one. Okay. But without knowing more details I couldn't get past the idea of it should be possible. That would be able to go out and scan and input the information, you need to grab it into a scan onto your system. But I don't know pass that without knowing a little bit more,

    JJ  30:53 ---  which will be going to tell us what cloud service it is. And maybe we can say, Hey, this is something we can do on a blog I don't know. 

    Lex  31:03 ---  Interesting, the PowerShell or Jordan says if you're looking to pull data in from that, you probably could do that. And so what else we got?

    Jake  31:12 ---  All right. Just a few more. So ldaps on port 636. Is that something you great guys are looking into? Thanks?

    Lex  31:23 ---  Ma LDAP. Secure, right? Yes,  This was just encrypted version encrypted version of LDAP. Port 636? Are we looking at that?

    Jordan  31:32 ---  I'm not sure our product uses LDAP. Active directory?

    Lex  31:36 ---  Yeah, I think that's one probably send a ticket to support. But we have to ask the developers on that one. I'm not sure.

    Jordan  31:43 ---  Yeah, it's probably I don't know, I was using LDAP, or plans to use LDAPs. So it's difficult to give a great answer for that. Yeah.

    31:50 ---  We'll go with maybe maybe.

    Lex  31:54 ---  Next, let's walk past that bad answer.

    Jake  31:58 ---   All right, we got a few more questions. A couple of them are from A Solomon. So he wants to know, what are the minimum permissions one can assign to the account used to gather data from machines, it shouldn't be domain admin. So what should it be a solomont,

    Lex  32:13 ---  you know, if you want to be really, really secure. And I'm a big fan of really secure. If you can do LAPS. And again, I'm good at being secure, but not centering stuff. If you set up labs, that's probably the best method because AD Active Directory is going to take care of that credential in that password connecting to that machine, that's probably the most secure. Again, the bare minimum, you have to be a local admin on the machine so that you can actually run processes and pull the information. So that's where I would go. We do have videos on setting up laps your environment and how to use it here.

    Jordan  32:51 ---  So in the chat, we have another person that says their processes seem to have an issue too. So there may be a bug on that one. So what would definitely look at that definitely.

    Jake  33:03 ---  Okay, next question. Why is it deploying version 19.0? Point 3.0 and inventory 19.3? Point 3.0. And that's a question from hot toddy again.

    Jordan  33:18 ---  I believe it's because Lex didn't get the latest version for both products. Whoops.

    Lex  33:22 ---  I grabbed the wrong install file. Shame on me. April Fool's. I didn't think anyone would catch that. Hmm.

    Jordan  33:28 ---  So I'm just curious for taking a question. Our process was working. But as if you upgrade your inventory to 30. Do we guys have the same issue that others are seeing?

    Jake  33:44 ---  next one?

    Lex  33:45 ---  Yeah, that's good. I

    JJ  33:45 ---  never know.

    Lex  33:47 ---  The world may never know.

    Jake  33:48 ---  All right. Can the CSV be set to automatically pull that data in so that I can get nightly updates? Again, that's A Solomon.

    Lex  33:57 ---  believe there's a command line for that isn't there?

    Jordan  33:59 ---  Yet, there's a command line built in, you'd have to have that run on the schedule or look for the file and then run with that command line and import it. It shouldn't be too difficult to get that to work. Let me just Colby just put a link in the chat about adding custom fields to multiple computers that we'll walk over how to do that.

    Lex  34:18 ---  What else we got?

    Jake  34:20 ---  All right. So Wendy wants to know, why can't I add descriptions to custom tools?

    Lex  34:29 ---  Because, because add descriptions to custom tools, we want to go and edit the $admin because there's no field for it.

    Jordan  34:46 ---  Yeah, that would be nice to Yeah, I guess I never even thought about adding description. So I didn't think about that one.

    Lex  34:53 ---  I never thought about it either.

    JJ  34:55 ---  So first time it's been brought up. Wow. Yeah.

    Jordan  34:58 ---  Yeah, we will definitely make no Have that for sure. See if we can do descriptions.

    Jake  35:05 ---  All right, just a couple more looks like I'm almost always having issues with the Chrome enterprise Google directory, failing to deploy, but still applying a shortcut from Sam L.

    Lex  35:19 ---  Oh, he's having issues with Chrome enterprise.

    Jordan  35:22 ---  So it's not installing Chrome, but it's creating the shortcut for Chrome.

    Lex  35:26 ---  That's, that is odd.

    Jordan  35:29 ---  I, okay. seen anything like that. So I can, the

    Lex  35:32 ---  only thought I have is I check your AV. I'm wondering if it's the install, the icon goes up. And it's grabbing the

    Jordan  35:38 ---  that is like in the installer is what creates the icon? I don't think we do that on our own, or is a different step unless I'm mistaken.

    Lex  35:46 ---  The installer does it. So that's one I don't know how to answer.

    Jordan  35:49 ---  Yes, that's the one we want to put in a support ticket. So we can track that down. Yeah.

    JJ  35:54 ---  Is there an error code that happens on that? 

    Lex  35:56 ---  Yeah, the more detail you can give them the better. So. Okay.

    Jake  36:02 ---  Next question. Will you be creating a package to uninstall edge chromium on a per user install, like the Firefox and Chrome packages? That is from Dean Martin.

    Lex  36:13 ---  you asked us to make one.

    Jordan  36:17 ---  big one. The way we did with Firefox is we are loading unused registries and doing the removal that way, which comes with a whole bunch of risk with that. So we kind of wrote the Firefox one as a test case. But to continue it's not just there's something about loading unused register D and making the possibility of that make us nervous. 

    Lex  36:42 ---  corrupting a user.dat file is

    Jordan  36:44 ---  you can do like you create an uninstaller for the walk user chromium that runs on logged on user and set that to deploy to schedule the uninstalled as they're logged in, but it would require they're logged in for it to take it off.

    Lex  36:58 ---  That's true. That's true. Well, setting up Inventory and Deploy from scratch means grounding, hopefully that you gained a little bit of knowledge on possibly setting some preferences for performance. I'm election PDQ Thank you for watching.

    Jake  37:17 ---  And thanks so much for joining the webcast today. We hope you enjoyed it. We hope you learned something. We hope that you just felt generally inspiring, odd. Doesn't make so much. Want to watch the webcast. It will be on YouTube after this. So we will catch you later.

    company JJB
    JJ Bateman

    JJ is a technical creative. He finds joy in programming, automation, and in participating in the artistic sides of things. You'll often find him drinking on Thursdays on the PDQ webcast, rambling and raging remotely at the Bermuda Triangle/heisenbug-tier tech at the studio in SLC.

    Related articles