Kaseya Community

Complete Computer / Server Build in one Procedure

  • We've been working on a Kaseya Procedure for some time that will do a complete computer build with one click and very few questions. We call it "Enrolment" - it enrols the machine into the network.

    There are five questions:

    1. Remove pre-installed Office?
    2. Allow Windows Updates?
    3. Windows Activation Key (will activate Windows if required)
    4. Computer Name (renames computer)
    5. Ticket Number (updates the ticket with the log)

    Everything else is detected from the OS, make and model, Kaseya group, public IP, etc. Depending on the Kaseya group, different client-specific stuff is done. Ranging from Office Click-to-Run, creating ODBC connections, installing WLAN profiles, disabling WLAN NICS on desktops, creating users, installing fonts, anti-virus, setting the time zone, etc.

    If the machine is at our offices, an offline domain join is done (the PDC is detected in the Kaseya group). If not, we assume that it's onsite and a normal domain join is done.

    We get around the two hour Procedure limit with the reboots. We schedule a reboot in 1 hour 55 minutes at the start of the Procedure, but I've not seen it happen yet. We avoid repeating stages in the Procedure by creating registry keys after each stage. If the key exists, that stage is skipped.

    I've not worked it out as yet, but there are probably a couple of hundred sub-procedures that run.

    The bonus is that it's very detailed, and it doesn't miss stuff. And we can do other work while a large number of machines build themselves.

    Here is a sample log (note that only stuff that succeeds or fails is logged). Stuff that is not required is not logged.


    MP1201: New Windows Workstation and Server Machine Enrolment has been completed by Joe Bloggs on computer LMA-WL002.

     

    ===== MP1201: New Windows Workstation and Server Machine Enrolment started at 20:08 on 02/08/2015 =====

     

    ===== Starting Stage 1 - .NET and Powershell Configuration =====

     

    [OK] Power Scheme - disabled Sleep and Hibernate when running on AC Power on machine LMA-WL002.

    [OK] Chocolatey was installed on machine LMA-WL002.

    [OK] Windows Management Framework and PowerShell 4.0.0.20140724 was successfully installed on machine LMA-WL002.

    [OK] MSP Ltd. Enrolment NET and PowerShell Registry Key has been set on LMA-WL002.

    ===== Completed Stage 1 - .NET and Powershell Configuration =====

      

    REBOOT Recorded at 20:19

     

    ===== Starting Stage 2 - Base Configuration =====

     

    [OK] User LAdmin was created on machine LMA-WL002.

    [OK] Time Sync successful on LMA-WL002. Old time = 20:20; New time = 20:21.

    [OK] Enable Remote Desktop has been successfully set on machine LMA-WL002.

    [OK] Remote Desktop is now enabled inbound on machine LMA-WL002's firewall.

    [OK] Rename My Computer Icon has been successfully set on machine LMA-WL002.

    [OK] Display My Computer Icon on Desktop has been successfully set on machine LMA-WL002.

    [OK] DisableIEFirstRun has been successfully set on machine LMA-WL002.

    [OK] The Windows Remote Registry Service has been disabled on machine LMA-WL002.

    [OK] ICMP (Ping) is now enabled inbound on machine LMA-WL002's firewall.

    [OK] UAC Disable has been successfully set on machine LMA-WL002.

    [OK] NoAutoRebootWithLoggedOnUsers has been set on LMA-WL002.

    [OK] PSWindowsUpdate (Windows Update PowerShell Module) 1.5.1 was successfully installed on machine LMA-WL002.

    [OK] Windows Update Blocker completed on machine LMA-WL002.

    [OK] Windows Action Center Disable has been successfully set on machine LMA-WL002.

    [OK] The Windows Pagefile (C:\pagefile.sys) was set to 5989.5MB on machine LMA-WL002. A reboot is required before this setting takes effect.

    [OK] The Windows Media Player Network Sharing Service has been disabled on machine LMA-WL002.

    [OK] The PSClientManager module was installed successfully on machine LMA-WL002.

    [OK] Wake-on-LAN has been enabled on machine LMA-WL002.

    [OK] Disable AutoReboot on BSOD has been set on LMA-WL002.

    [OK] MSP Ltd. Enrolment Initial Settings Registry Key has been set on LMA-WL002.

     

    ===== Completed Stage 2 - Base Configuration =====

      

    REBOOT Recorded at 20:32

     

    ===== Starting Stage 3 - Dekrapify Procedure =====

     

    [OK] Microsoft Office 15.0.4454.1510 was removed successfully from machine LMA-WL002.

    [OK] Energy Star 1.0.9 was removed successfully from machine LMA-WL002.

    [OK] Microsoft Security Essentials was removed successfully from machine LMA-WL002.

    [OK] PDF Complete was removed successfully from machine LMA-WL002.

    [OK] PowerDVD 12.0 was removed successfully from machine LMA-WL002.

    [OK] SkypeT 5.8 5.8.156 was removed successfully from machine LMA-WL002.

    [OK] Intel¸ Trusted Connect Service Client 1.28.487.1 was removed successfully from machine LMA-WL002.

    [OK] YouCam 4.20.0000 was removed successfully from machine LMA-WL002.

    [OK] HP Connection Manager 4.7.4.1 was removed successfully from machine LMA-WL002.

    [OK] HP Customer Experience Enhancements 6.0.1.8 was removed successfully from machine LMA-WL002.

    [OK] HP Documentation 1.1.0.0 was removed successfully from machine LMA-WL002.

    [OK] HP PageLift 1.0.11.1 was removed successfully from machine LMA-WL002.

    [OK] HP Performance Advisor 1.6.5217 was removed successfully from machine LMA-WL002.

    [OK] HP Setup 9.1.15453.4066 was removed successfully from machine LMA-WL002.

    [OK] HP SoftPaq Download Manager 3.4.11.0 was removed successfully from machine LMA-WL002.

    [OK] HP Software Setup 8.7.4 was removed successfully from machine LMA-WL002.

    [OK] HP Support Assistant 7.2.23.56 was removed successfully from machine LMA-WL002.

    [OK] HP Support Information 13.00.0000 was removed successfully from machine LMA-WL002.

    [OK] HP System Default Settings 2.6.1 was removed successfully from machine LMA-WL002.

    [OK] HP Device Access Manager 8.2.0.10 was removed successfully from machine LMA-WL002.

    [OK] HP Drive Encryption 8.6.2.59 was removed successfully from machine LMA-WL002.

    [OK] HP File Sanitizer 8.4.11.1 was removed successfully from machine LMA-WL002.

    [OK] HP Theft Recovery 8.2.0.9 was removed successfully from machine LMA-WL002.

    [OK] HP Client Security Manager 8.2.0.1663 was removed successfully from machine LMA-WL002.

    [OK] MSP Ltd. Enrolment Dekrapify Registry Key has been set on LMA-WL002.

     

    ===== Completed Stage 3 - Dekrapify Procedure =====

     

    REBOOT Recorded at 20:58

     

    ===== Starting Stage 4 - Base Software =====

     

    [OK] Adobe Reader 11.0.10 has now been installed on LMA-WL002.

    [OK] Adobe Reader Disable Updater has been successfully set on machine LMA-WL002.

    [OK] Adobe Flash was configured to update silently on machine LMA-WL002.

    [OK] Adobe Air 16.0.0.245 has now been installed on LMA-WL002.

    [OK] Google Chrome Business 41.0.2272.118 has now been installed on LMA-WL002.

    [OK] Java Disable Updater has been successfully set on machine LMA-WL002.

    [OK] Internet Explorer 11 was successfully installed on machine LMA-WL002.

    [OK] Java 32-bit on 64-bit Disable Updater has been successfully set on machine LMA-WL002.

    [OK] VLC Media Player 2.2.0 was successfully installed on machine LMA-WL002.

    [OK] MSP Ltd. Enrolment Initial Software Registry Key has been set on LMA-WL002.

     

    ===== Completed Stage 4 - Base Software =====

     

    REBOOT Recorded at 21:06

     

    ===== Starting Stage 5 - Base Roles =====

     

    [OK] Telnet Client was successfully installed on machine LMA-WL002.

    [OK] MSP Ltd. Enrolment Initial Roles Registry Key has been set on LMA-WL002.

     

    ===== Completed Stage 5 - Base Roles =====

     

    REBOOT Recorded at 21:11

     

    ===== Stage 6 - Windows Security Updates =====

     

    [OK] Windows Updates were installed on LMA-WL002. 

     

    The following Windows Updates were successfully installed:

    -  KB954430 5 MB Security Update for Microsoft XML Core Service...

    -  KB2538242 6 MB Security Update for Microsoft Visual C++ 2005 ...

    -  KB2957189 1 MB Security Update for Windows 7 for x64-based Sy...

    -  KB2965788 2 MB Security Update for Windows 7 for x64-based Sy...

    -  KB2939576 2 MB Security Update for Windows 7 for x64-based Sy...

    -  KB2972280 452 KB Security Update for Windows 7 for x64-based Sy...

    -  KB2973201 3 MB Security Update for Windows 7 for x64-based Sy...

    -  KB2972100 2 MB Security Update for Microsoft .NET Framework 3...

    -  KB2984976 6 MB Security Update for Windows 7 for x64-based Sy...

    -  KB2984981 4 MB Security Update for Windows 7 for x64-based Sy...

    -  KB3003743 6 MB Security Update for Windows 7 for x64-based Sy...

    -  KB2993958 1 MB Security Update for Windows 7 for x64-based Sy...

    -  KB3020388 71 KB Security Update for Windows 7 for x64-based Sy...

    -  KB3030377 219 KB Security Update for Windows 7 for x64-based Sy...

    -  KB3036493 1 MB Security Update for Windows 7 for x64-based Sy...

     

    [OK] Windows Updates were installed on LMA-WL002.

     

    ===== Completed Stage 6 - Windows Security Updates =====

     

    REBOOT Recorded at 21:37

     

    The Offline Domain Join Procedure has been scheduled and will execute once Enrolment is complete. Please check later and confirm that this has been completed successfully.

     

    [OK] MSP Ltd. Enrolment Domain Join Registry Key has been successfully set on machine LMA-WL002.

     

    ===== Stage 7 - Client-Specific Tasks =====

     

    [OK] Citrix-Receiver 4.1.0.56461 has now been installed on LMA-WL002.

    [OK] Crashplan PROe 3.6.1.4 has now been installed on LMA-WL002.

    [OK] ESET Endpoint Antivirus 5.0.2237.0 has now been installed on LMA-WL002.

    [OK] Microsoft Office 2013 was installed on machine LMA-WL002.

    [OK] Mimecast MSO 5.3.1122.13000 has now been installed on LMA-WL002.

    [OK] ConnectWise 15.1.0 has now been installed on LMA-WL002.

    [OK] ConnectWise Outlook Plugin was installed on LMA-WL002.

     

    [OK] MSP Ltd. Enrolment Initial Client Tasks Registry Key has been successfully set on machine LMA-WL002.

     

    ===== Completed Stage 7 - Client-Specific Tasks =====

     

    REBOOT Recorded at 22:00

     

    ===== Stage 8 - Final Updates and Cleanup =====

     

     [OK] The Windows Updates Procedure was run on LMA-WL002.

     

    The following Windows Updates were successfully installed:

    -  KB973688 5 MB Update for Microsoft XML Core Services 4.0 Ser...

    -  KB2977218 12 MB Microsoft Silverlight (KB2977218)

    -  KB3001652 38 MB Update for Microsoft Visual Studio 2010 Tools ...

     

    [ERROR] Problems were detected in the Device Manager on machine LMA-WL002.

     

    ===== Completed Stage 8 - Final Updates and Cleanup =====

     

    [OK] MSP Ltd. Enrolment Registry Key has been successfully set on machine LMA-WL002.

     

    ===== MP1201: New Windows Workstation and Server Machine Enrolment completed at 22:20 on 02/20/2015 =====

     

    Regards

    Bertie, the MSP Ltd. Robot

  • Oh, I forgot to mention that it's OS agnostic - it'll run on anything from Server 2003 / XP to Windows 10 / Server 10.

    Mac OSX version is in the works too.

  • ,  Great job!   You guys are really taken this to the next level.    Are you ready to share your hard work with the world?  :)

  • I would like to see your script also :)

  • I'd love to see more of this agent procedure too.

  • Thanks for your kind words, all. I'm not at leisure to share the Procedure(s) - sorry :-)

    Plus there are actually a couple of hundred Procedures - we started with a decent skeleton for the Master Procedure with three sub-procedures. We started hanging stuff off it and just carried on. I think the first one was to enable RDP and open the firewall for RDP.

    Each actual step that you see above is a standalone procedure that is called from above.

    Our best decision in hindsight was to ensure that each of our Procedures do checks. We check to see if the action is applicable to the machine (OS, Role, etc.) - check to see if the action is required - if it is, we do it - and then we check to see if the action was successful.

    So if we're installing Adobe Reader for Windows, we check to see if the machine is a Windows machine, and check to see if Reader is installed (if so what version),

    If it's not a Windows machine, we abort.

    If Reader's  installed and up to date, we abort.

    If Reader's not installed, we install.

    If Reader's installed but not up to date, we upgrade.

    After installation / upgrade, we check if Reader's installed and up to date - if not we call a Failure Procedure. If OK, we call a success Procedure. These "results" Procedures do different things.

    The main reason that I shared this was to show that you can do some pretty cool stuff. I remember wondering what I could actually achieve with Kaseya - it turns out, quite a lot!

    I'm happy to answer questions about this. If I can't answer, I'll say so.

  • Nice, I just completed a powershell script that does most of this also.  It removes the OEM HP software, installs the basic programs (java/adobe/flash/winrar..etc). it then does a windows update and some registry changes,  I am in the process of adding setting changes, BUT I want to handle these changes via Agent Procedures, so that we can deploy them out to existing machines.    

    How do you log powershell script actions? i.e. if you do something in Powershell, how do you audit the success or not

  • Hi Daniel, for PowerShell we either use the Kaseya built-in pipe output to variable (it's #global:psresult#) or just >> to a text file. You can then read the variable or the file content.

    If there is no usable output from the PowerShell command, you will have to check in another way if your PoSH command has worked. Has a registry key changed, can you query using WMIC, has a file been created or deleted, etc?

    Note that we have kept our PoSH scripts quite short so we don't have to check a zillion lines and variables. We would rather split PoSH scripts up so that we can check results after each command.

    Nearly forgot this bit - PoSH outputs can be a bit messy. You may need to filter the results in the PoSH command itself, or do some search and replace, or other manipulation in your results text file. There are ways of reading only Line 4 (for example) of your PoSH results.



    Added a note
    [edited by: Lothario at 4:54 AM (GMT -7) on Apr 4, 2015]
  • thanks.  I think the ultimate solution would be for Kaseya to somehow enable Powershell remoting to its clients  :)

  • I believe at one point it was on the Kaseya Roadmap to enable Powershell functionality within Remote Control.

  • Awesome! I entirely understand you not wanting to share, but now i'm eternally envious of your awesomeness! If you ever find it in your heart to share this information please count me in!

  • Wow that's amazing Lothario, do you have any tips for installing crashplan?

  • Well he listed all the steps... which is a good outline of how to build it all... it is a lot of small little pieces that individually are fairly simple (i think from a cursory review).

  • Heh, I listed the steps that were actually carried out on this machine. I don't record stuff that's not required, and I do different things on servers, laptops, desktops, and also a complete workflow per client.

    You need to work out how to get around the two hour limit. You need to be able to reboot at certain stages without creating a loop.

    Have fun :-)

    I wish I could give more info but my bosses have decided that this thing is actually worth some $$

  • Great job! Of course it's worth some $$.

    Do you have any idea the number of hours you put into building this script?

    Keep up the good work!