Software Deployment Question

Users with local admin rights - Tracking Software

04/10/2014 2639 views

We have a handful for users with local admin rights, they are under strict intruction not to install their know software, but we know that some have.


Is there anyway to create a weekly report letting me know what software has been installed on a computer that wasn't pushed from KACE or if i wanted to check one computer directly to see the changes week on week.



0 Comments   [ + ] Show comments


All Answers


Here's a report that I use to find software installed on computers based on the ASSET_HISTORY table:


This will find software installed in the past 1 day on machines named lib-ic-%, you would want to change the MACHINE.NAME like line to MACHINE.NAME = "computername" if you're looking for installations on just one machine.

Note that this report won't filter out software installed by KACE or Windows Updates. Removing those from the report would be very complicated as far as I know.

Answered 04/10/2014 by: chucksteel
Red Belt

  • This code brought back no results of software.
    • Did you change the machine name to match a computer that you are trying to target?

You could "sign" the package using a home-grown algorithm, then place the hash value into a property in the package. No hash means it's not been deployed officially.

A quicker, simpler method might be to permission the local cache folder. That obviates the user copying files into it and running the installation from there. Thus, any package with a source location that's not a folder beneath the local cache is unauthorised.

I don't know Kace scripting at all so I couldn't say if any of that can be done natively in KaceScript but if you're serious about this level of control, knocking up something in VBS or PS shouldn't be too much of an uphill struggle.

Also, why do you have users with local admin rights? Why not permission just the folders that their software needs via the deployment package using SetACL, CACLS, or whatever? I can count on the fingers of one hand the software that I've encountered that insisted users had to be local admin.

Answered 04/10/2014 by: VBScab
Red Belt


you can also use custom software inventory to track this info

ShellCommandTextReturn(wmic product where "installdate > "210140000'" get name installdate) will get all software installed this year.  You can also add installsource parameters to see if it was instsalled by kace or not.

In the picture below, the first query shows me all software installed this year that was not installed by kace.  The second query shows me all software installed by kace.

Answered 04/10/2014 by: SMal.tmcc
Red Belt

  • you may also want to look at this for tracking user installed and/or running software.
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ