PowerShell 5.1 as shipped with Windows 10 and 11 includes versions 1.0.0.1 of PackageManagement and PowerShellGet this old version cannot install most modern modules, nor can it self update properly.
In most cases fixing this runs into numerous issues with conflicting versions or files in use. This script is an adaptation of a script by Chris Taylor which takes a different approach to downloading the modules, has a bit more error checking and further installs the new PSResourceGet module which is the replacement for PowerShellGet.
Nice and simple on this one, just run the script and it will do the rest. It does expect a close-to-vanilla install of Windows 10 or 11, so if you've been messing around with the default modules before running this script, it may not work as expected.
This post will hold detection scripts for any serious CVE vulnerability that we write detection scripts for in the future. It will be updated and added to as new vulnerability detection scripts are written.
This article relates to CVE-2022-41099 which is a vulnerability in the Windows Recovery Environment (WinRE) which could allow a successful attacker to bypass the BitLocker Device Encryption feature on the system storage device. An attacker with physical access to the target could exploit this vulnerability to gain access to encrypted data.
Fixed a Bug
Thanks to DTGBilly from the NinjaOne Users Discord for pointing out that in altogether far too many places I had typo'd the CVE as CVE-4022-41099 instead of CVE-2022-41099 🤦♂️ this included field names and labels so please check yours are correct as now shown in the post.
Parameters!
Since version 1.2.0 (2023-03-21) this script now requires one of two mandatory parameters.
If you are checking for the presence of the small "Safe OS Dynamic Update (SODU)" which is the minimum required change to mitigate the vulnerability use the -CheckPackage parameter and if required alter the -MountDirectory and -LogDirectory parameters (defaults to C:\RMM\WinRE).
If you are checking for the presence of the larger "Servicing Stack Update (SSU)" or "Dynamic Cumulative Update" which updates more than is required to mitigate the vulnerability, but may offer other benefits including new WinRE functionality or more reliable reset/restore behaviours use the -CheckImage parameter which checks the image build version.
If you were passing these in NinjaOne your parameter preset might look like this:
Before version 1.3.0 the script did not check if WinRE was enabled which could lead to confusing error output in the event WinRE was disabled. Now if you get the WinRE not enabled warning you are clear on why the script isn't executing.
A simple reagentc /enableshould enable WinRE or at least provide some useful troubleshooting output.
To create a custom field in NinjaOne go to Administration > Devices and select either Role Custom Fields or Global Custom Fields then select Add.
Role Custom Fields are custom fields that are specific to a device role.
Global Custom Fields are custom fields that are applicable to all devices and/or to a location and/or organisation
Make sure you add the fields to the roles you want to use them in at Administration > Devices > Roles (for role custom fields).
When you create your custom field you need to make sure that you set the Scripts permission to ensure that you can read or write to the field from your scripts - as appropriate for the script you're using.
We're adding one role custom field for devices with the Windows Desktop or Laptop and Windows Server roles, note that we've customised slightly the autogenerated machine name here, if you use the default adjust the field name in the script appropriately.
Field Label
Field Name
Field Type
Description
CVE-2022-41099
CVE202241099
Checkbox
Whether the device has a WinRE image vulnerable to CVE-2022-41099
We run this script daily and have a corresponding monitor setup to check CVE fields with a value of "Yes" and alert us if any are found. You'll find information on remediating this vulnerability in this followup post.
Concentus on the NinjaOne Users Discord for helping me run down and test different versions of Office to ensure this script was as accurate as possible.
Wisecompany on the One Man Band MSP Discord for reminding me to add an exit code and not overuse Write-Warning!
Thanks to KennyW on the MSPGeek Discord for helping find an error where certain versions were incorrectly detected as not vulnerable!
Thanks to Alkerayn on the NinjaOne Users Discord for helping find an error where certain channels were incorrectly detected as not vulnerable and identifying that we needed to first check the GPO-configured update channel!
Thanks to Tanner - MO on the MSPs R Us Discord for pointing out that version comparisons should all use -lt instead of -ne to ensure future compatibility / accuracy.
Thanks to DarrenWhite99 on the MSPGeek Discord for pointing out that the check for the GPO UpdateChannel was completely nonsensical and incompletely written.
Thanks to JSanz on the NinjaOne Users Discord for pointing out the GUID matching issue/bug.
Thanks to Jhn - TS on the NinjaOne Users Discord for discovering the issue with empty registry props causing the script to error.
This has only been tested against M365 Apps and Office 2021 VL versions "en masse" and only 64-bit office - if it doesn't work for you let me know on the NinjaOne Users Discord and I'll see what I can do to fix it!
security
This article relates to CVE-2023-23397 which is a vulnerability in Microsoft Outlook whereby an attacker could access a user's Net-NTLMv2 hash which could be used as a basis of an NTLM Relay attack against another service to authenticate as the user.
To create a custom field in NinjaOne go to Administration > Devices and select either Role Custom Fields or Global Custom Fields then select Add.
Role Custom Fields are custom fields that are specific to a device role.
Global Custom Fields are custom fields that are applicable to all devices and/or to a location and/or organisation
Make sure you add the fields to the roles you want to use them in at Administration > Devices > Roles (for role custom fields).
When you create your custom field you need to make sure that you set the Scripts permission to ensure that you can read or write to the field from your scripts - as appropriate for the script you're using.
We're adding one role custom field for devices with the Windows Desktop or Laptop role, note that we've customised slightly the autogenerated machine name here, if you use the default adjust the field name in the script appropriately.
Field Label
Field Name
Field Type
Description
CVE-2023-23397
CVE202323397
Checkbox
Whether the device has an Office or Microsoft 365 Apps version vulnerable to CVE-2023-23397.
We run this script daily and have a corresponding monitor setup to check CVE fields with a value of "Yes" and alert us if any are found. To remediate this vulnerability update Microsoft Office by running something like this:
This Script Was Updated
This script was updated after being published, if you're using it please compare the version you have with the version available here.
This update script will force restart Office apps - it should restore open files automatically but if you want a softer approach replace the Start-Process line with:
Start-Process-FilePath $C2RPath-ArgumentList '/update user forceappshutdown=true updatepromptuser=true'-Wait
Prejay on the MSPGeek Discord has helpfully suggested the following to update C2R Office builds without a user logged in or as system:
To create a custom field in NinjaOne go to Administration > Devices and select either Role Custom Fields or Global Custom Fields then select Add.
Role Custom Fields are custom fields that are specific to a device role.
Global Custom Fields are custom fields that are applicable to all devices and/or to a location and/or organisation
Make sure you add the fields to the roles you want to use them in at Administration > Devices > Roles (for role custom fields).
When you create your custom field you need to make sure that you set the Scripts permission to ensure that you can read or write to the field from your scripts - as appropriate for the script you're using.
We're adding one role custom field for devices with the Windows Desktop or Laptop role, note that we've customised slightly the autogenerated machine name here, if you use the default adjust the field name in the script appropriately.
Field Label
Field Name
Field Type
Description
CVE-2023-21554
CVE202321554
Checkbox
Whether the device has the MSMQ features installed and is missing the April 2023 Security Update.
We run this script daily and have a corresponding monitor setup to check CVE fields with a value of "Yes" and alert us if any are found. To remediate install the April 2023 Security Update.
This article relates to CVE-2023-35628 which is a vulnerability affecting Microsoft Outlook's email rendering system which could allow remote code execution.
To create a custom field in NinjaOne go to Administration > Devices and select either Role Custom Fields or Global Custom Fields then select Add.
Role Custom Fields are custom fields that are specific to a device role.
Global Custom Fields are custom fields that are applicable to all devices and/or to a location and/or organisation
Make sure you add the fields to the roles you want to use them in at Administration > Devices > Roles (for role custom fields).
When you create your custom field you need to make sure that you set the Scripts permission to ensure that you can read or write to the field from your scripts - as appropriate for the script you're using.
We're adding one role custom field for devices with the Windows Desktop or Laptop and/or Windows Server role, note that we've customised slightly the autogenerated machine name here, if you use the default adjust the field name in the script appropriately.
Thanks to Gavsto for stopping me doing down the rabbit hole of checking KB numbers by pointing out that it wouldn't be future proof once the next cumulative update was released!
Field Label
Field Name
Field Type
Description
CVE-2023-35628
CVE202335628
Checkbox
Whether the device is updated/patched for CVE-2023-35628.
We run this script daily and have a corresponding monitor setup to check CVE fields with a value of "Yes" and alert us if any are found. To remediate install the December 2023 Cumulative Update.
This article relates to CVE-2023-35628 which is a vulnerability affecting Microsoft Outlook's preview pane system which could allow remote code execution.
The updates include changes/corrections to the targetted versions - check your version please!
To create a custom field in NinjaOne go to Administration > Devices and select either Role Custom Fields or Global Custom Fields then select Add.
Role Custom Fields are custom fields that are specific to a device role.
Global Custom Fields are custom fields that are applicable to all devices and/or to a location and/or organisation
Make sure you add the fields to the roles you want to use them in at Administration > Devices > Roles (for role custom fields).
When you create your custom field you need to make sure that you set the Scripts permission to ensure that you can read or write to the field from your scripts - as appropriate for the script you're using.
We're adding one role custom field for devices with the Windows Desktop or Laptop and/or Windows Server role, note that we've customised slightly the autogenerated machine name here, if you use the default adjust the field name in the script appropriately.
Field Label
Field Name
Field Type
Description
CVE-2024-21413
CVE202421413
Checkbox
Whether the device is updated/patched for CVE-2024-21413.
We run this script daily and have a corresponding monitor setup to check CVE fields with a value of "Yes" and alert us if any are found. To remediate install the applicable Office / M365 Apps February 2024 Security Update.
To create a custom field in NinjaOne go to Administration > Devices and select either Role Custom Fields or Global Custom Fields then select Add.
Role Custom Fields are custom fields that are specific to a device role.
Global Custom Fields are custom fields that are applicable to all devices and/or to a location and/or organisation
Make sure you add the fields to the roles you want to use them in at Administration > Devices > Roles (for role custom fields).
When you create your custom field you need to make sure that you set the Scripts permission to ensure that you can read or write to the field from your scripts - as appropriate for the script you're using.
We're adding two documentation fields to facilitate this script. You'll need to note your document template id, in the screenshots / our internal use we have a template called "Integration Identifiers" which we use to store any integration identifiers we need to reference in our scripts.
When you run this script you need to pass your document template id. For example, sticking with our example above, you'd run the script with the parameter: -DocumentTemplate Integration Identifiers
To create a custom field in NinjaOne go to Administration > Devices and select either Role Custom Fields or Global Custom Fields then select Add.
Role Custom Fields are custom fields that are specific to a device role.
Global Custom Fields are custom fields that are applicable to all devices and/or to a location and/or organisation
Make sure you add the fields to the roles you want to use them in at Administration > Devices > Roles (for role custom fields).
When you create your custom field you need to make sure that you set the Scripts permission to ensure that you can read or write to the field from your scripts - as appropriate for the script you're using.
We're adding three role custom fields for devices with the Windows Laptop role:
Field Name
Field Type
Description
Driver Update: Reboot Required
Checkbox
Whether the latest driver update run requires a reboot to finalise.
Driver Update: Last Run
Date/Time
The date and time the driver update script last ran successfully.
Driver Update: Number Installed on Last Run
Integer
The number of driver updates installed on last script run.
You can set this up to run on a schedule - we run this script immediately on machine onboarding and then every 7 days on a Tuesday. This doesn't always have anything to do as our Windows Update run usually handles these updates, but it's a good way to ensure that we're always up to date with the latest drivers from Microsoft Update.
Custom fields are a great way to store arbitrary data from your devices in NinjaOne. In this post I will explore a few examples, some using code from CyberDrain, which store data in NinjaOne custom fields.
This post was updated on 2022/12/22 to add a new script to run a speedtest on a device and store the results in NinjaOne.
To create a custom field in NinjaOne go to Administration > Devices and select either Role Custom Fields or Global Custom Fields then select Add.
Role Custom Fields are custom fields that are specific to a device role.
Global Custom Fields are custom fields that are applicable to all devices and/or to a location and/or organisation
Make sure you add the fields to the roles you want to use them in at Administration > Devices > Roles (for role custom fields).
When you create your custom field you need to make sure that you set the Scripts permission to ensure that you can read or write to the field from your scripts - as appropriate for the script you're using.
We're adding seven role custom fields for devices with the Windows Laptop role:
Field Name
Field Type
Description
Has Batteries
Checkbox
Whether the device has batteries
Battery Identifier
Text
The ID of the battery being reported on.
Battery Design Capacity
Integer
The original design capacity of the laptop's battery.
Battery Full Charge Capacity
Integer
The current fully charged capacity of the laptop's battery.
Battery Health Percent
Integer
The current percentage of battery health.
Battery Cycle Count
Integer
The number of times the battery has been cycled. That is drained fully and charged.
Additional Battery
Checkbox
The system has an additional battery, only the first is reported in the fields above.
Ninja have confirmed that they are working on native functionality which will replace this script. Stay tuned to Ninja's release notes on the [NinjaOne Dojo](https://ninjarmm.zendesk.com) for more information.
This Script Was Updated
This script was updated after being published, if you're using it please compare the version you have with the version available here.
This script was last updated on 2022/03/26.
This script accepts a single parameter to set the data storage directory for the script. This is where the script will store the battery information it gathers. The script will create the directory if it doesn't exist. The default is C:\RMM\Data use parameter -OutputPath to override.
To create a custom field in NinjaOne go to Administration > Devices and select either Role Custom Fields or Global Custom Fields then select Add.
Role Custom Fields are custom fields that are specific to a device role.
Global Custom Fields are custom fields that are applicable to all devices and/or to a location and/or organisation
Make sure you add the fields to the roles you want to use them in at Administration > Devices > Roles (for role custom fields).
When you create your custom field you need to make sure that you set the Scripts permission to ensure that you can read or write to the field from your scripts - as appropriate for the script you're using.
We're adding three role custom fields for devices with the Windows Laptop role:
Field Name
Field Type
Description
Domain Join Status
Drop-down
The current domain join status of the device.
Domain Name
Text
The name of the currently joined AD domain.
Tenant Name
Text
The name of the currently joined Azure AD tenant.
The domain join status field should be configured with the following option values:
We've created a dropdown field for this script, we can't set the options by name with these - so first we need to find out how NinjaOne wants us to give the selected option. To do that we're going to open a PowerShell session to any device in the role that has the field assigned and run:
This script requires user input, whether in the form of variables, parameters or edits to the script itself before you can run it. Areas where you need to provide input will be indicated with:
### Inline Comments
and / or
'<MARKED STRINGS>'
Parameters will be indicated before the script block.
This Script Was Updated
This script was updated after being published, if you're using it please compare the version you have with the version available here.
To create a custom field in NinjaOne go to Administration > Devices and select either Role Custom Fields or Global Custom Fields then select Add.
Role Custom Fields are custom fields that are specific to a device role.
Global Custom Fields are custom fields that are applicable to all devices and/or to a location and/or organisation
Make sure you add the fields to the roles you want to use them in at Administration > Devices > Roles (for role custom fields).
When you create your custom field you need to make sure that you set the Scripts permission to ensure that you can read or write to the field from your scripts - as appropriate for the script you're using.
"Field length"
Make sure when creating the custom field below that you set the character limit for the field to allow over 4000 characters using the "Advanced Settings" link on the field creation/edit page.
We're adding one role custom field for devices with the Windows Desktops and Laptops role:
To create a custom field in NinjaOne go to Administration > Devices and select either Role Custom Fields or Global Custom Fields then select Add.
Role Custom Fields are custom fields that are specific to a device role.
Global Custom Fields are custom fields that are applicable to all devices and/or to a location and/or organisation
Make sure you add the fields to the roles you want to use them in at Administration > Devices > Roles (for role custom fields).
When you create your custom field you need to make sure that you set the Scripts permission to ensure that you can read or write to the field from your scripts - as appropriate for the script you're using.
We're adding three role custom fields for devices with the Windows Desktops and Laptops role:
Field Name
Field Type
Description
WLAN Disconnect Reasons
Multi-line
A list of the WLAN disconnect reasons with frequency. JSON
To create a custom field in NinjaOne go to Administration > Devices and select either Role Custom Fields or Global Custom Fields then select Add.
Role Custom Fields are custom fields that are specific to a device role.
Global Custom Fields are custom fields that are applicable to all devices and/or to a location and/or organisation
Make sure you add the fields to the roles you want to use them in at Administration > Devices > Roles (for role custom fields).
When you create your custom field you need to make sure that you set the Scripts permission to ensure that you can read or write to the field from your scripts - as appropriate for the script you're using.
We're adding three role custom fields for devices with the Windows Desktops and Laptops role:
Field Name
Field Type
Description
Windows 11 Capable
Checkbox
Whether the device is Windows 11 capable as determined by our checks.
Windows 11 Check Details
Multi-line
The details checked to determine Windows 11 compatibility. JSON
To create a custom field in NinjaOne go to Administration > Devices and select either Role Custom Fields or Global Custom Fields then select Add.
Role Custom Fields are custom fields that are specific to a device role.
Global Custom Fields are custom fields that are applicable to all devices and/or to a location and/or organisation
Make sure you add the fields to the roles you want to use them in at Administration > Devices > Roles (for role custom fields).
When you create your custom field you need to make sure that you set the Scripts permission to ensure that you can read or write to the field from your scripts - as appropriate for the script you're using.
We're adding two role custom fields for devices with the Windows Desktops and Laptops and the Windows Server role:
Field Name
Field Type
Description
Windows Active Support
Checkbox
Whether the OS version is supported for feature / quality updates.
Windows Security Support
Checkbox
Whether the OS version is supported for security updates.
To create a custom field in NinjaOne go to Administration > Devices and select either Role Custom Fields or Global Custom Fields then select Add.
Role Custom Fields are custom fields that are specific to a device role.
Global Custom Fields are custom fields that are applicable to all devices and/or to a location and/or organisation
Make sure you add the fields to the roles you want to use them in at Administration > Devices > Roles (for role custom fields).
When you create your custom field you need to make sure that you set the Scripts permission to ensure that you can read or write to the field from your scripts - as appropriate for the script you're using.
We're adding three role custom fields for devices with the Windows Desktops and Laptops and the Windows Server role:
Field Name
Field Type
Description
Server Used
Text
Which server was used for the last speedtest run.
Download Speed
Decimal
The download speed from the last speedtest run in megabits per second.
Upload Speed
Decimal
The upload speed from the last speedtest run in megabits per second.
This script seems to have some issues where the librespeed-cli will return null for tests intermittently - this was due to service issues with LibreSpeed themselves. An alternative version using the Ookla speedtest CLI is available below.
This Script Was Updated
This script was updated after being published, if you're using it please compare the version you have with the version available here.
To create a custom field in NinjaOne go to Administration > Devices and select either Role Custom Fields or Global Custom Fields then select Add.
Role Custom Fields are custom fields that are specific to a device role.
Global Custom Fields are custom fields that are applicable to all devices and/or to a location and/or organisation
Make sure you add the fields to the roles you want to use them in at Administration > Devices > Roles (for role custom fields).
When you create your custom field you need to make sure that you set the Scripts permission to ensure that you can read or write to the field from your scripts - as appropriate for the script you're using.
We're adding three role custom fields for devices with the Windows Desktops and Laptops and the Windows Server role:
Field Name
Field Type
Description
Server Used
Text
Which server was used for the last speedtest run.
Download Speed
Decimal
The download speed from the last speedtest run in megabits per second.
Upload Speed
Decimal
The upload speed from the last speedtest run in megabits per second.
You can pass a few different parameters to this script to tune it's behaviour. These are:
Parameter Name
Type
Description
OoklaSpeedtestURI
String
The URI to the Ookla Speedtest CLI. Defaults to the 1.2.0 version current when written.
OoklaSpeedtestEXEPath
String
The path to the Ookla Speedtest executable. Defaults to C:\RMM\Bin\
NoUpdate
Switch
If specified, the script will not attempt to update or download Ookla Speedtest.
ForceUpdate
Switch
If specified, the script will download Ookla Speedtest even if it's already up to date.
CLISwitches
String
A string of switches to pass to the Ookla Speedtest CLI. Defaults to --format=json --accept-license --accept-gdpr.
For documentation on the CLI switches available you should download the latest version of the CLI and check out the speedtest.md file in the Zip or run speedtest.exe --help.
Requires the ability to run the Ookla Speedtest CLI tool on the device. The script cannot automatically determine the latest version at this time - please pass an updated URL if you wish to use a later version before the script is updated.