Skip to main content

3 posts tagged with "CyberDrain"

View All Tags

· 2 min read
Mikey O'Toole

About this script

HaloPSA is improving at a phenomenal rate - one of the latest enhancements relates to embedding the "customer portal" inside Teams for easier access by customers - this is early days for this enhancement to Halo and at present there isn't really a way to push this tab into customer environments... Until now!

Using the script below you can push any website as a tab to your customers' Teams environments. First a couple of configuration pre-requisites.

  1. You'll need to have setup the Secure App Model (Thanks Gav for the superb write-up!)
  2. You'll need to know the name of the Team and Channel you want to deploy the tab - currently the script will use the same details for all customers!

The fix

Securing Credentials in Scripts
Do not store credentials directly in scripts. You should utilise services like Azure KeyVault or other PAM solutions to secure credentials used in scripts, including this one.
This Script Was Updated

This script was updated after being published, if you're using it please compare the version you have with the version available here.

This script was last updated on 2023/03/25.

So here's the script:

New-TeamsWebTab.ps1
loading...

To invoke the script we need to satisfy it's required parameters, an example invocation would look like this:

$NTWTParams = @{
    CustomerExclude = @('example1.onmicrosoft.com', 'example2.onmicrosoft.com')
    TeamName = 'IT Service Desk'
    ChannelName = 'General'
    ClientId = '00000000-0000-0000-0000-000000000000'
    ClientSecret = '00000000-0000-0000-0000-000000000000'
    TenantId = '00000000-0000-0000-0000-000000000000'
    TabName = 'Portal'
    TabURL = 'https://portal.homotechsual.dev'
}
.\New-TeamsWebTab.ps1 @NTWTParams

Breaking down the available parameters:

  • -CustomerExclude - An array of customer tenant domains to exclude from the script.
  • -CustomerInclude - An array of customer tenant domains to include in the script.
  • -TeamName - The name of the Team to add the tab to. Defaults to the default team.
  • -ChannelName - The name of the Channel to add the tab to. Defaults to "General".
  • -ClientId - The Client ID of your Secure Application Model App.
  • -ClientSecret - The Client Secret of your Secure Application Model App.
  • -TenantId - The Tenant ID of your partner tenant.
  • -TabName - The name of the tab to add.
  • -TabURL - The URL of the tab to add.

Once you've filled in the variables - you simply run the script and wait for the tabs to be added!

· 2 min read
Mikey O'Toole
Save yourself the headache - use the Microsoft Store on Windows 11

If you're using or managing this for Windows 11 you can now deploy Adobe Acrobat Reader DC using the Microsoft Store. This is preferable for many reasons mostly because this way of doing it with IntuneWin files is a complete pain in the ass.

About this script

If you're not familiar with the IntuneWin format and what it's used for/when it's used there's some good background reading from Microsoft here: Prepare a Win32 app to be uploaded to Microsoft Intune | Microsoft Docs.

In short, it's a format designed to package Windows application installers for deployment with Intune.

This post contains a script which downloads the latest version of the Adobe Reader DC installer and turns it into an IntuneWin package for Intune deployment.

Kelvin has published a module that automates publishing RMM installers to Intune across all your customer tenants - you can read about it here: Automating with PowerShell: uploading your RMM application to all Intune tenants - CyberDrain.

The fix

I'm planning a future blog post that integrates these steps into Kelvin's module's workflow providing a single script you can use to get the latest version of Adobe Reader DC and upload it to all your customers' Intune tenants.

The script
New-AdobeReaderDCInstallPackage.ps1
loading...

To invoke the script we need to satisfy it's required parameters, an example invocation would look like this:

.\New-AdobeReaderDCInstallPackage.ps1 -Language 'English (UK)' -Architechture 'x64' -InstallerSavePath 'X:\ARDeployment\Src\' -Win32ContentPrepToolPath 'I:\Microsoft\Win32 Content Prep Tool\IntuneWinAppUtil.exe' -PackageOutputPath 'X:\ARDeployment\Output\'

Breaking down the parameters there:

  • -Language: Specify the language for the installer. For English (US) use English. A list of valid values can be found at the top of the script.
  • -Architechture: The CPU architechture for the installer - valid values are *'x64'* and 'x86'.
  • -InstallerSavePath: The folder to save the installer executable into. If it doesn't exist, the script will try to create it.
  • -Win32ContentPrepToolPath: The full path to the Microsoft Win32-Content-Prep-Tool executable file.
  • -PackageOutputPath: The folder to save the resulting IntuneWin file into. If it doesn't exist, the script will try to create it.

· 4 min read
Mikey O'Toole

This post uses code from CyberDrain

Click the link below to check out the original post on CyberDrain.com and support Kelvin's fantastic work for the MSP community.

Flush me down the CyberDrain

About this script

So firstly, if you haven't already, hit the giant orange button above to read the original blog post on CyberDrain.com to understand what this script is doing!

The problem with NinjaOne

Many, if not most RMM platforms can run a script to monitor system state. NinjaOne is no different here - but there's a subtle irregularity in their approach that makes this complicated.

Most RMM platforms let you extract the contents of a variable from the script you run as a monitor - Ninja doesn't. It can read from the output of the script but that's all.

The fix

This Script Was Updated

This script was updated after being published, if you're using it please compare the version you have with the version available here.

This script was last updated on 2023/03/26.

Kelvin's script doesn't output much by default - the default success method generated by creating the directory with New-Item but that's it. To make this work with NinjaOne we need to modify Kelvin's script a little bit, it's quite simple really.

We need to silence that New-Item call by adding | Out-Null to the end and we need to "dump" the contents of the $ODErrors variable to the output.

Logged-In Users

When run with no logged in users the original version of this script would return an error, as NinjaOne lacks the ability to only run a monitor when a user is logged in this is undesirable behaviour, the script has, therefore, been updated to avoid this with a check to ensure a user is logged in.

Error Codes

The most recent update to this script adds two error codes beyond "successful" (code 0). Error code 1 is used when no users are logged in.

Windows Insiders

On recent insider builds this no longer functions due to an incompatibility with the OneDriveLib.dll file. This has been reported to the developer. The DLL from the release appears to work fine so that's been switched into the script.

We should end up with this:

Kelvin's Script with NinjaOne modifications
loading...

You're going to want to add this as a script in NinjaOne by going to Administration -> Library -> Scripting. This script needs to run as System :-)

Monitoring output in NinjaOne

The next step is deciding what to do with the output of the script in NinjaOne - so a brief digression to talk about script result monitors in NinjaOne.

In NinjaOne we go into Administration -> Policies -> Policy to add monitor to -> Conditions then we're going to Add a condition this gives us the new condition screen:

NinjaOne New Condition

We want to hit Select a condition and then choose Script Result Condition which should give us the following screen:

NinjaOne New Script Result Condition

So, let's get this setup and running:

  • Evaluation Script: Select the script we uploaded above.
  • Run Every: Select a value appropriate to your needs - we used 10 minutes.
  • Timeout: We left this at the default.
  • Result Code: Not used.
  • With Output: This is where the magic happens, we want this to trigger when the output does not contain "Healthy" or "No User Logged In" - the regex for this (for easy copying) is (NotInstalled|ReadOnly|Error|OndemandOrUnknown|ScriptError) (basically a list of all the other statuses).

That's it - basic OneDrive monitoring. You can catch different cases using the Output filter e.g:

  • To detect "ReadOnly" sync instances set it to trigger when the output contains "ReadOnly".
  • To detect OneDrive not installed set it to trigger when the output contains "NotInstalled".
  • To detect OneDrive in an error state set it to trigger when the output contains "Error".
  • To detect Files on Demand or Unknown sync status set it to trigger when the output contains "OndemandorUnknown".

That's it - feel free to leave a comment if anything is unclear. Thanks to Kelvin for the inspiration on this!