Arposh Client System Administration Tool (ACSA)

[Update] Arposh Windows System Administration tool 2.0 has been released and replaces the Arposh Client System Administration tool.

Download link:  Arposh Client System Administration

When I was first starting out in the help desk of a large company, everything was done by sneakernet.  I wanted a way to do things remotely to be more efficient, but was met with resistance by management who thought it was not 'improving customer service' because it lessened face time with the customers.  I tried explaining to my supervisor that the reason we have customers (i.e. the company's employees) is because they need to get their work done and they just want their computers to work.  Another hurdle that stood in the way is the retraining of the help desk staff in resolving issues remotely.  To solve the second issue, I decided that I needed a tool that brought the majority of the standard help desk applications to one place and made it easier to troubleshoot and fix issues.  The first issue resolved itself after management saw how quickly tickets were being resolved and how impressed the users were with the help desk's remote 'magic'.

The Arposh Client System Administration tool (ACSA) started out as a way to retrieve information from machines remotely.  When a user would call, you enter in the name of the computer they are using and it shows you basic information about the machine.  As the tool grew, it went from being only able to gather system info, to gathering local group information, installed software, startup items, running processes and viewing log files.  Now that the tool provided a plethora of information, there became a need to act on the information that was being gathered.  This led to being able to modify local admin groups, uninstalling software, removing startup items and killing processes on remote machines.

Since then, ACSA has grown to what you see below:



ACSA Requirements:
- Powershell v2
- Quest ActiveDirectory Tools for Powershell (http://www.quest.com/powershell)
- PSExec.exe (http://technet.microsoft.com/en-us/sysinternals/bb897553)
Optional: Trace32.exe (For tailing log files)

Usage: Run the ArposhCSA.ps1 script and type in a partial computer name to search for it in Active Directory.  This brings up a second form with a list of computers that match the search criteria and the users that are logged into them.  If you already know the name of the computer you would like to manage remotely, you can type that directly into the text box on the main form. 

Features:
  • Connects to currently logged-in domain on startup
  • Search for PC - Search Active Directory for computers matching the string in the textbox
  • System Info - Gathers info about PC, user session, make/model, hardware, OS, networking and McAfee
  • Local Admins - Enumerates local administrators and allows you to remove them
  • Applications - Enumerates installed software and allows you to uninstall
  • Startup Items - Enumerates startup items and allows you to remove them
  • Processes - Enumerates running processes and allows you to kill them
  • Remote Desktop - Remote desktop into computer
  • Remote Assistance - Initiate remote assistance session with remote computer
  • View C Drive - Opens explorer to the C drive of remote computer
  • Restart Computer - Restarts remote computer (Includes confirmation)
  • File Menu
    • Connect to domain... - Connect to a different domain
    • Find User in AD - Enter user's name, search for it in AD and output to Grid View
    • Find User on PC - Enter computer name, see who is logged into it and then search for that user in AD
  • View Menu
    • View McAfee AntiVirus logs
    • View WSUS logs
    • View Event Viewer
    • View Services
    • View Local Users/Groups
  • Quick Fix
    • Group Policy Update - Run 'gpupdate /force'
    • Lock Computer - Lock the remote computer
    • McAfee DAT Update - Updates DATS
    • Reader Fix IE Plugin - Update Reader's exe path in registry to fix IE plugin
    • Rename Computer - Renames remote computer and reboots it
    • WSUS - Detect - Run 'wuauclt /detectnow'
    • WSUS - Report - Run 'wuauclt /reportnow'
    • WSUS - Reset Client ID - Fixes an issue where computers do not show up in WSUS

Download link:  Arposh Client System Administration

In later posts, I will go into detail about how some of the functions in this tool work. Stay tuned! 

Disclaimer: This was the first GUI I wrote and some of the older code is not written with coding best practices in mind (clarity of variables, spacing, etc).  Be gentle.  As always, never run a script without knowing and understanding what it is capable of.  Just because it works in my environment, does not mean it will work in yours. Test, test, test.  Since you read the disclaimer, I'll also let you know that there are a few easter eggs hidden in the code that give extra functionality.  Cheers!

    13 comments:

    1. I love this, any plans to add or update it?

      ReplyDelete
    2. Great tool! We aren't a McAfee shop, Symantec instead. I managed to extract the SEP version with this line (for those using Symantec):

      $ProductVer = [Microsoft.Win32.RegistryKey]::OpenRemoteBaseKey('LocalMachine',$MachineName).OpenSubKey("SOFTWARE\Symantec\Symantec Endpoint Protection\SMC").GetValue('ProductVersion')

      Still trying to figure out how to get the other info from SEP, like definition file version. But getting the SEP version is important.

      Keep up the great work, and thanks for sharing this tool!

      ReplyDelete
    3. Also, IP & MAC weren't displaying here in my environment until I changed the following setting

      before (didn't work):
      $rIP = gwmi win32_networkadapterconfiguration -computername $computername | ?{$_.DNSDomain -ne $null}

      After (works here):
      $rIP = gwmi win32_networkadapterconfiguration -computername $computername | ?{$_.IPAddress -ne $null}

      Not sure if that is only related to something in my environment or not, but I want to share in case it's a fix for all.

      ReplyDelete
    4. @Hugh - Yes. If you have any ideas for features that should be added, please let me know.

      @Phil - I needed a way to sort through multiple NICs that had IP addresses and using DNSDomain worked for me. As you saw, it might not work in all situations and may need to be tweaked for different environments. Look at the definition version for SEP and then do a search in the registry for that version; it should point you in the right direction.

      ReplyDelete
    5. @Phil - The definition version can be read from a file in the All Users/Public folder (depends on OS).

      $DATFile = C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\12.1.671.4971.105\Data\Definitions\VirusDefs\DefInfo.dat

      ((Get-Content $datfile)[1] -split "=")[1]

      ReplyDelete
    6. Rich-
      Thanks for the info.
      I'm getting 0GB free/ 0GB total for hard drives. Any tips on why that is happening? I've tried it on servers, desktops, and some laptops but haven't gotten accurate disk info.
      Thanks again

      ReplyDelete
    7. What did you use to write the GUI? Any tools, like ShowUI or PrimalForms?

      ReplyDelete
    8. @Phil - I'll take a look into that and see why it is happening.

      @Derek - The original design only had the System Info button and rich-text pane, which was built with PrimalForms. Since you can't code within the free version and/or re-use the GUI code, I did the rest of it by hand. Some pieces of the GUI (like the menu drop-downs) aren't even an option in PrimalForms.

      ReplyDelete
    9. This is a cool tool!
      Do you have any tools that can be used for the helpdesk staff? Such as see locked accounts, expired passwords, DL Ownership, Etc...

      ReplyDelete
    10. Thanks Anon. I do not currently have any tools for managing user accounts at the moment, but that is a good idea for my next project.

      ReplyDelete
    11. Help! After running this script my exchange server seems to have lost RPC channel and now has netlogon failures!

      ReplyDelete
    12. On Win8 tiled interface: I would like to see at least the option to dispaly or not a "group". And another enhancment that would be nice, groups withing groups (yes, going back to a heiarchel display) so you can organize your groups a little bit more. If you must have tiles, I feel this would be a big improvement on organization and simplifying your dispaly.

      ReplyDelete
    13. Very good article. Any small business owner will agree that time is money. Personal and financial success relies heavily on ability to manage your time effectively.

      ReplyDelete