/build/static/layout/Breadcrumb_cap_w.png

Users with local admin rights - Tracking Software

We have a handful for users with local admin rights, they are under strict intruction not to install their know software, but we know that some have.

 

Is there anyway to create a weekly report letting me know what software has been installed on a computer that wasn't pushed from KACE or if i wanted to check one computer directly to see the changes week on week.

 

Chris,


0 Comments   [ + ] Show comments

Answers (3)

Posted by: chucksteel 9 years ago
Red Belt
0

Here's a report that I use to find software installed on computers based on the ASSET_HISTORY table:

SELECT ASSET_HISTORY.ASSET_ID, ASSET_HISTORY.TIME, ASSET_HISTORY.VALUE1,ASSET_HISTORY.VALUE2,ASSET_HISTORY.USER_TEXT,MACHINE.NAMEFROM  ASSET_HISTORYJOIN ASSET ON ASSET.ID = ASSET_HISTORY.ASSET_IDJOIN MACHINE ON ASSET.NAME = MACHINE.BIOS_SERIAL_NUMBERWHERE CHANGE_TYPE = "Detected"AND FIELD_NAME = "SOFTWARE"AND DATE(ASSET_HISTORY.TIME)> DATE_SUB(NOW(), INTERVAL 1 day)AND MACHINE.NAME LIKE 'lib-ic-%'

This will find software installed in the past 1 day on machines named lib-ic-%, you would want to change the MACHINE.NAME like line to MACHINE.NAME = "computername" if you're looking for installations on just one machine.

Note that this report won't filter out software installed by KACE or Windows Updates. Removing those from the report would be very complicated as far as I know.


Comments:
  • This code brought back no results of software. - chris.poston 9 years ago
    • Did you change the machine name to match a computer that you are trying to target? - chucksteel 9 years ago
Posted by: anonymous_9363 9 years ago
Red Belt
0

You could "sign" the package using a home-grown algorithm, then place the hash value into a property in the package. No hash means it's not been deployed officially.

A quicker, simpler method might be to permission the local cache folder. That obviates the user copying files into it and running the installation from there. Thus, any package with a source location that's not a folder beneath the local cache is unauthorised.

I don't know Kace scripting at all so I couldn't say if any of that can be done natively in KaceScript but if you're serious about this level of control, knocking up something in VBS or PS shouldn't be too much of an uphill struggle.

Also, why do you have users with local admin rights? Why not permission just the folders that their software needs via the deployment package using SetACL, CACLS, or whatever? I can count on the fingers of one hand the software that I've encountered that insisted users had to be local admin.

Posted by: SMal.tmcc 9 years ago
Red Belt
0

you can also use custom software inventory to track this info

ShellCommandTextReturn(wmic product where "installdate > "210140000'" get name installdate) will get all software installed this year.  You can also add installsource parameters to see if it was instsalled by kace or not.

In the picture below, the first query shows me all software installed this year that was not installed by kace.  The second query shows me all software installed by kace.


Comments:
  • you may also want to look at this for tracking user installed and/or running software.
    http://www.itninja.com/question/looking-for-a-way-to-show-user-installed-software - SMal.tmcc 9 years ago
 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ