logo
Welcome Guest! You can not login or register.

Notification

Icon
Error

Options
Go to last post Go to first unread
Matt Dimock  
#1 Posted : Saturday, December 8, 2018 12:53:25 AM(UTC)
Matt Dimock


Rank: Guest

Joined: 12/8/2018(UTC)
Posts: 2
United States
Location: Sandy, Utah

I provide laptop machines to employees and set up ConnectWise Control to remotely control them. I would like to be able to queue a command so that when a machine goes online, it will automatically change the password, and then immediately log the user off of the machine. I contacted the customer support at ConnectWise and they were not capable of assisting me, so here I am hoping that someone else in these forums has done this, or is capable of helping me create this customization.

Thank you so much in advance for your assistance, and I'm excited to hear back from you all!

Best,

Matt

aslee  
#2 Posted : Saturday, December 8, 2018 5:48:44 AM(UTC)
aslee


Rank: Newbie

Joined: 4/27/2015(UTC)
Posts: 30
Japan

Thanks: 6 times
Was thanked: 3 time(s) in 3 post(s)
It sounds like you need a Session Event Trigger of some sort.
Triggers are defined in an IF-THEN format (or should I say Filter-Action, to use Control's jargon).
In your case, that would be:

IF
Quote:
a machine goes online


THEN
Quote:
change the password
and
Quote:
immediately log the user off of the machine


The IF (or Filter) part is easy enough to define:

Event.EventType = 'Connected' AND Connection.ProcessType = 'Guest' AND Session.SessionType = 'Access'

So go to the Triggers page, create a new trigger and enter the above into the Event Filter.

The THEN (or Action) part is the tricky one.
That's because there are two significant limitations on executing commands, one set by Windows and the other set by Control.
Let me explain.

Action #1: Changing the password
This action would be a QueuedCommand event.
So choose 'Add as Session Event' and for Event Type select 'QueueCommand'.
Then, in the Data field, enter the following (replace the words in CAPITALS with the relevant values):

net user USERNAME NEWPASSWORD

If only you could use {Session.GuestLoggedOnUserName} as the USERNAME value, that would make life so simple.
But for some reason Control doesn't let you use variables in the Data field of Event Actions, even though they work perfectly fine in the Body and Subject fields of HTTP and SMTP Actions.
This is the Control limitation I was talking about. It's really annoying, I know.

It means that you have to create a trigger for each machine you have and specify the username. Ugh.

Action #2: Logging the user off
This action would be also a QueuedCommand event.

If only you could use shutdown /l command, but it doesn't work when executed remotely.
And this is the Windows limitation I was talking about earlier.
The only alternative, as far as I know, is to use the command:

logoff SESSION

But you need to know the SESSION value to use that, which you can get with the command query session
But this means you need at least two steps. But a trigger can't be defined to retrieve a value from the output of one command and plug it into the input of another command.

Your best bet then is to assume that the SESSION value is 1. It's an assumption that won't always pan out, but I reckon it'll work in most cases?

But I'm not an expert on cmd.exe, so maybe there is a workaround?
The next version of Control will support PowerShell, so maybe that'll allow you to log off in one step? I'm not an expert on PowerShell either, so I don't know.

UserPostedImage
Matt Dimock  
#3 Posted : Tuesday, December 11, 2018 1:30:15 AM(UTC)
Matt Dimock


Rank: Guest

Joined: 12/8/2018(UTC)
Posts: 2
United States
Location: Sandy, Utah

Thank you so much for taking the time to respond to me, Aslee. I tried your trigger, but it didn't work properly. Three questions to see if we can diagnose this solution together:

1. How do I target this to run on just one particular machine?
2. How do I identify the proper user name to use for a target machine?
3. How do I address spaces in a user name (i.e. should Matt Dimock be input as Matt_Dimock, "Matt Dimock", or 'Matt Dimock" in the net data command?
aslee  
#4 Posted : Tuesday, December 11, 2018 5:27:34 AM(UTC)
aslee


Rank: Newbie

Joined: 4/27/2015(UTC)
Posts: 30
Japan

Thanks: 6 times
Was thanked: 3 time(s) in 3 post(s)
Quote:
1. How do I target this to run on just one particular machine?

Oh, right. Having mentioned the Control limitation, I should've gone on to specify the Event Filter further. Sorry about that.
You can use a variety of values for this purpose: Session.SessionID, Session.Name, Session.GuestMachineName (see the reference at the bottom of the Triggers page).
For simplicity's sake, let's append a Session.Name condition to our Event Filter:

Event.EventType = 'Connected' AND Connection.ProcessType = 'Guest' AND Session.SessionType = 'Access' AND Session.Name = 'NAME'

Quote:
2. How do I identify the proper user name to use for a target machine?

This should be the Logged On User, who is identified both on the session list and in the General Info tab on the right, like this:

UserPostedImage

Quote:
3. How do I address spaces in a user name (i.e. should Matt Dimock be input as Matt_Dimock, "Matt Dimock", or 'Matt Dimock" in the net data command?

Use double quotes, so:

net user "Matt Dimock" NEWPASSWORD

When the two actions are successfully triggered, the Commands tab should look like this:

UserPostedImage

The success depends on the session value, as I explained in the previous post.
In the screenshot example above, it worked because the session value was indeed 1:

UserPostedImage

But unless the user has the habit of logging on and off on their own laptop, 1 should work.
shawnkhall  
#5 Posted : Saturday, December 22, 2018 9:11:34 PM(UTC)
shawnkhall


Rank: Advanced Member

Medals: Level 1: Random Act of Kindness! Received One Thanks!

Joined: 2/6/2014(UTC)
Posts: 316
Man
United States

Thanks: 6 times
Was thanked: 33 time(s) in 29 post(s)
You could use "console" instead of 1, as this would log out anyone with a console (interactive) login.
logoff console

However, query & logoff don't exist on Home systems, so be aware of that limitation.
Tango891  
#6 Posted : Wednesday, January 2, 2019 5:21:23 AM(UTC)
Tango891


Rank: Guest

Joined: 12/22/2016(UTC)
Posts: 3
United States
Location: CA

The only problem with the net user command is it won't work if they have a Microsoft account setup.
Users browsing this topic
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.