From d1d659dc9ef08f18e7ac5501a2e35a0756a84881 Mon Sep 17 00:00:00 2001 From: dkattan <1424395+dkattan@users.noreply.github.com> Date: Tue, 14 May 2024 15:22:21 +0000 Subject: [PATCH] =?UTF-8?q?Deploying=20to=20gh-pages=20from=20@=20immense/?= =?UTF-8?q?immybot-documentation@ac674d87862a452d9efa7eca3a088969fe36a2de?= =?UTF-8?q?=20=F0=9F=9A=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- 404.html | 2 +- FAQ.html | 2 +- README.html | 2 +- add-users.html | 2 +- ...ooting.md.iT2DN9nj.js => troubleshooting.md.FIP7nqZ9.js} | 4 ++-- ...iT2DN9nj.lean.js => troubleshooting.md.FIP7nqZ9.lean.js} | 2 +- azure-graph-permissions-setup.html | 2 +- build-your-own-integration.html | 2 +- connectwise-automate-integration-setup.html | 2 +- connectwise-control-integration-setup.html | 2 +- connectwise-manage-integration-setup.html | 2 +- getting-started.html | 2 +- halo-integration-setup.html | 2 +- hashmap.json | 2 +- immy-commands.html | 2 +- index.html | 2 +- markdown-examples.html | 2 +- ncentral-integration-setup.html | 2 +- onboarding.html | 2 +- recommended-deployments.html | 2 +- releases-2020.html | 2 +- releases-2021.html | 2 +- releases-2022.html | 2 +- releases.html | 2 +- scripts.html | 2 +- terminology.html | 2 +- troubleshooting.html | 6 +++--- user-roles.html | 2 +- windows-sandbox.html | 2 +- 29 files changed, 32 insertions(+), 32 deletions(-) rename assets/{troubleshooting.md.iT2DN9nj.js => troubleshooting.md.FIP7nqZ9.js} (90%) rename assets/{troubleshooting.md.iT2DN9nj.lean.js => troubleshooting.md.FIP7nqZ9.lean.js} (98%) diff --git a/404.html b/404.html index 6b46b040..54bf70ba 100644 --- a/404.html +++ b/404.html @@ -16,7 +16,7 @@
immy.bot

Appearance

404

PAGE NOT FOUND

But if you don't change your direction, and if you keep looking, you may end up where you are heading.
Take me home
- + \ No newline at end of file diff --git a/FAQ.html b/FAQ.html index 3aac3990..c8f2d6c6 100644 --- a/FAQ.html +++ b/FAQ.html @@ -25,7 +25,7 @@ $product.IdentifyingNumber msiexec /x $product.IdentifyingNumber /quiet /noreboot

How/are we able to define which version of Windows is installed during the initial setup?

ImmyBot doesn't install Windows on bare metal. The workflow is you unbox the system from Dell, HP, Lenovo, Microsoft, or your manufacturer of choice and insert the USB with the ImmyBot.ppkg file at the root while the machine is at the out of box screen.

We don't image the machine, we script the factory image into compliance.

We can, however, install Feature Updates during Onboarding (as well as after Onboarding)

Since Immy.Bot doesn’t use an ISO, does it require a device to have the ability to have 2 USB devices plugged in? One for a Windows ISO and one for the ImmyBot ppkg?

If you want to wipe the computer you can use the Media Creation Tool to create a Windows Setup flash drive and then put our .ppkg file on it. After installing Windows, it will automatically apply the .ppkg

Does Immy rely on the Windows preboot for drivers during initial deployment, or does the ImmyBot agent installer have drivers?

Since we are working with the manufacturer's image, all drivers are typically installed. We will automatically install Dell, HP, and Lenovo driver and BIOS updates via those manufacturer's tools (Dell Command, HP Image Assistant, Lenovo System Update)

Does Immy’s setup process support a USB NIC for WiFi? If so, how do we present those drivers to Immy, or do we even need to?

I've found Windows has built in drivers for most USB NICs. If yours doesn't have drivers built into Windows, I'd suggest purchasing one that does.

SentinelOne - How do we define which site Immy.Bot places the agent in during installation of the S1 agent?

Supply ImmyBot with an API Key to SentinelOne, and Immy will look for a Site in your SentinelOne instance that matches the name of the Tenant you are onboarding the computer for.

Are there any repository limits for software deployments? Either to the size of custom software or number of custom installers we can upload?

There are currently no limits. Everything you upload goes into an Azure Storage Account created just for your ImmyBot instance. Don't be the reason we can't have nice things.

For computer rename, are there any other operators we can use when naming devices other then the ones shown? Can we add operators?

You can duplicate the Task into your instance an manipulate it however you like. If it's something you think other MSPs could use, I'd encourage you to submit a request on the ImmyBot Community and we can add it.

Employee profile caching during on-boarding - is this supported? If so/how?

ImmyBot will create a profile for the Primary Person you selected for this machine on the Onboarding screen (It does this via the "Create Profile for Primary Person" task)

We do this so subsequent tasks that set user level settings like default PDF handler and default browser, have the profile for the primary person and thus that user's HKCU where those settings live.

For purchasing Immy, do you guys prefer Credit card or invoice? Would you rather us pay monthly, or can we pay all upfront?

We prefer monthly credit card or ACH.

Is Immy able to group devices and then do role based deployments to them? I assume this is done by tags?

Yes, you would accomplish this with tags

BitLocker - does this write the key to Azure AD by chance?

Yes, but we can't verify that it is written to Azure AD as that would require additional privileges that our App Registration doesn't request.

We also write the Bitlocker Recovery Key to Active Directory for Domain Joined machines. This doesn't require any Group Policy setup, or line of site to the domain controller. This works as long as the machine is joined to a domain and there is a domain controller for that domain in ImmyBot.

Is Immy able to reset Windows / Wipe and Reload a computer?

Yes, the current process will be simplified but here's how to do it:

  1. Click Download ImmyAgent on the left to create a PPKG with the Windows Reset option selected

image

image

  1. Create a Deployment for "Apply Provisioning Package (PPKG)" to deploy the PPKG to the specified machine

image

ImmyBot Agent logs show an error of "The specified SAS token is expired"

This will occur if the device's system time is incorrect. Ensure that the system time is correct and then restart the ImmyBot Agent Service.

What are trusted manufacturers?

Dell, HP, and Lenovo are considered trusted manufacturers. A trusted manufacturer is expected to provide unique serial numbers for their devices. We rely on trusted manufactuers and device serial numbers during device identification. If the agent reports it comes from a trusted manufacturer and a computer already exists inside ImmyBot with the same manufacturer and serial number, then we will automatically associated the agent with the existing computer.

Can I embed the ImmyAgent into an image?

Create a PPKG and place it in C:\Recovery\Customizations, create the folder if it doesn't exist.

You can also use SetupComplete This method was confirmed working on Server 2022.

Place both the ImmyAgent EXE installer and the SetupComplete.cmd in the C:\Windows\Setup\Scripts directory Content of SetupComplete.cmd can be as simple as: start C:\Windows\Setup\Scripts\ImmyAgentInstallerBundle.exe /qn

A member of the ImmyBot community also likes to use the below method to embedded a PPKG into an image:

DISM.exe /Image:D:\mount /Add-ProvisionedAppxPackage /PackagePath:C:\Users\Moi\Downloads\ImmyBotAgentInstaller.ppkg

Do you take requests for features/software/tasks/scripts?

Yes, please feel welcome to submit a request on the ImmyBot Community

- + \ No newline at end of file diff --git a/README.html b/README.html index 166876b3..a87c4086 100644 --- a/README.html +++ b/README.html @@ -19,7 +19,7 @@
immy.bot

Appearance

Welcome to ImmyBot Docs Github Repo

Changes made to the main branch here are pushed to https://docs.immy.bot/ automatically.

Feel free to contribute! We may even make you a contributor

To test locally, start by cloning this repo then opening the folder in VS Code.

VS Code will recommend certain extensions when opening it the first time, we recommend you install these.

Then run the following to install the required dependencies

yarn install

To host locally, run

yarn docs:dev
- + \ No newline at end of file diff --git a/add-users.html b/add-users.html index 656ab67f..49d41889 100644 --- a/add-users.html +++ b/add-users.html @@ -19,7 +19,7 @@
immy.bot

Appearance

Adding Users

Have the person attempt to login to ImmyBot. Have them request access:

image

Approve that access from a yellow indicator at the top of the screen.

image

- + \ No newline at end of file diff --git a/assets/troubleshooting.md.iT2DN9nj.js b/assets/troubleshooting.md.FIP7nqZ9.js similarity index 90% rename from assets/troubleshooting.md.iT2DN9nj.js rename to assets/troubleshooting.md.FIP7nqZ9.js index 1fb32f7d..448b4c86 100644 --- a/assets/troubleshooting.md.iT2DN9nj.js +++ b/assets/troubleshooting.md.FIP7nqZ9.js @@ -23,9 +23,9 @@ import{_ as c,D as p,c as d,b as s,w as t,a4 as o,U as r,m as e,o as a,I as i,a "StatusCode": 0, "ErrorException": { "ClassName": "System.Net.WebException", - "Message": "No such host is known. (XXXX.immy.bot:443)"

To correct it, you need to exclude DNS filtering for your instances hostnames, which are found under Show more > integrations > Fetch IP Address and Hostnames

If Powershell is failing to start on the endpoint within 60 seconds a timeout will occur.

Here is a suggestion on a cause and possible fix for that one https://www.reddit.com/r/PowerShell/comments/rx68fw/powershell_slow_to_open_long_load_timesfixed

Security Software Exclusions

Ideally you would instruct your security software would support excluding code signed by

CN=Immense Networks LLC, O=Immense Networks, L=Baton Rouge, S=Louisiana, C=US

Exclusions based on code signing certificate are an industry standard feature and should be a standard feature in any best-in-class security software. However, if your security software is unable to exclude based on code signing certificate, create an exclusion for your instance's Script Path.

Your script path can be found under Settings->Preferences->Script Path

image

ThreatLocker

  1. Application Control-> Applications
  2. Create New Application
  3. Put the following value into Certificate and click Add
CN=Immense Networks LLC, O=Immense Networks, L=Baton Rouge, S=Louisiana, C=US
  1. Add your instance’s script pathimage Ultimately it should look like this: image
  2. Create a New Application Policy image

Sophos Central

Tenant Specific Manual Addition:

  1. Launch Client Shell
  2. Navigate to Global Settings - Allowed Applications
  3. Select "Add apps"
  4. In the "allow by:" dropdown, select certificate and add the following
CN=Immense Networks LLC, O=Immense Networks, L=Baton Rouge, S=Louisiana, C=US

Event Log Method: If Sophos reports that Immy Bot has been blocked, you have the option of going to the Event Log and and select the option to allow by Certificate. This will only work if Sophos has picked up an alert for a process signed by the Immy Bot code signing certificate

Partner Global Templates

  1. Navigate to Settings & Policies - Global Templates and select the template you would like to modify
  2. Once in the template, navigate to Global Settings - Allowed Applications
  3. Follow steps 3 and 4 listed in the Tenant Specific section above

BitDefender

BitDefender will intermittently block script execution unless you disable Aggressive scanning mode or add a your instance's Script Path to your policy's exclusion list.

CrowdStrike

CrowdStrike uses AI to decide what to allow and disallow. Periodically this AI will mark the ImmyBot Agent or ImmyBot Ephemeral Agent as malicious. This usually happens after we update it. Marking it as a false positive in your CrowdStrike portal will train the global AI to not treat it as malicious.

Microsoft Defender for Endpoint

Add a your instance's Script Path to your policy's exclusion list. https://docs.microsoft.com/en-us/mem/intune/configuration/device-restrictions-configure#create-the-profile

Cylance

Cylance blocks our websocket making the ImmybotAgent log look like this:

2022-09-21 12:24:26.562 -04:00 [INF] Process exiting.
+    "Message": "No such host is known. (XXXX.immy.bot:443)"

To correct it, you need to exclude DNS filtering for your instances hostnames, which are found under Show more > integrations > Fetch IP Address and Hostnames

If Powershell is failing to start on the endpoint within 60 seconds a timeout will occur.

Here is a suggestion on a cause and possible fix for that one https://www.reddit.com/r/PowerShell/comments/rx68fw/powershell_slow_to_open_long_load_timesfixed

Security Software Exclusions

Ideally you would instruct your security software would support excluding code signed by

CN=Immense Networks LLC, O=Immense Networks, L=Baton Rouge, S=Louisiana, C=US

Exclusions based on code signing certificate are an industry standard feature and should be a standard feature in any best-in-class security software. However, if your security software is unable to exclude based on code signing certificate, create an exclusion for your instance's Script Path.

Your script path can be found under Settings->Preferences->Script Path

image

ThreatLocker

  1. Application Control-> Applications
  2. Create New Application
  3. Put the following value into Certificate and click Add
CN=Immense Networks LLC, O=Immense Networks, L=Baton Rouge, S=Louisiana, C=US
  1. Add your instance’s script pathimage Ultimately it should look like this: image
  2. Create a New Application Policy image

Sophos Central

Tenant Specific Manual Addition:

  1. Launch Client Shell
  2. Navigate to Global Settings - Allowed Applications
  3. Select "Add apps"
  4. In the "allow by:" dropdown, select certificate and add the following
CN=Immense Networks LLC, O=Immense Networks, L=Baton Rouge, S=Louisiana, C=US

Event Log Method: If Sophos reports that Immy Bot has been blocked, you have the option of going to the Event Log and and select the option to allow by Certificate. This will only work if Sophos has picked up an alert for a process signed by the Immy Bot code signing certificate

Partner Global Templates

  1. Navigate to Settings & Policies - Global Templates and select the template you would like to modify
  2. Once in the template, navigate to Global Settings - Allowed Applications
  3. Follow steps 3 and 4 listed in the Tenant Specific section above

BitDefender

BitDefender will intermittently block script execution unless you disable Aggressive scanning mode or add a your instance's Script Path to your policy's exclusion list.

  1. Edit the policy->Antimalware->Settings->In-policy Exclusions
  2. Add a folder exclusion for your Script Path

CrowdStrike

CrowdStrike uses AI to decide what to allow and disallow. Periodically this AI will mark the ImmyBot Agent or ImmyBot Ephemeral Agent as malicious. This usually happens after we update it. Marking it as a false positive in your CrowdStrike portal will train the global AI to not treat it as malicious.

Microsoft Defender for Endpoint

Add a your instance's Script Path to your policy's exclusion list. https://docs.microsoft.com/en-us/mem/intune/configuration/device-restrictions-configure#create-the-profile

Cylance

Cylance blocks our websocket making the ImmybotAgent log look like this:

2022-09-21 12:24:26.562 -04:00 [INF] Process exiting.
 2022-09-21 12:24:40.106 -04:00 [DBG] Closing Websocket...
 2022-09-21 12:24:49.743 -04:00 [INF] Marked ConnectionState as disconnected.
 2022-09-21 12:24:50.171 -04:00 [ERR] Application shutting down (App lifetime token cancelled)
 System.IO.IOException: Cannot access a closed stream.
-at System.Net.Http.HttpConnection.RawConnectionStream.WriteAsync(ReadOnlyMemory\`1 buffer, CancellationToken cancellationToken)

To correct it, you need to bypass SSL Inspection for your instances hostnames/IPs, which are found under Show more > integrations > Fetch IP Address and Hostnames

SentinelOne

Sentinel requires BOTH your instance's Script path and the ImmyBot Agent process excluded. With only the script path excluded, devices will regularly have issues running the ImmyBot Agent to download the ephemeral agent. This is apparent in two cases:

  1. Importing devices - The new agent can't download the ephemeral agent to start running inventory.
  2. Updating ImmyBot Agents - The new agent can't download the corresponding new ephemeral agent when attempting to run deployments or scripts.

You can also set your Exclusion Mode to "Interoperability - Extended".

DNSFilter

There have been reports indicating that DNSFilter, along with potentially other DNS filtering tools, is not directly blocking subdomain.immy.bot but has failed to resolve some DNS queries.

Specifically, in the case of DNSFilter, it was confirmed that ImmyBot was not being blocked. However, the failure in DNS resolution meant that connection attempts to the backend were unsuccessful.

Explicitly allowing the DNS for subdomain.immy.bot (replacing "subdomain" with your specific ImmyBot instance subdomain) was verified to resolve the issue of failed DNS resolutions.

For guidance on managing allow and block lists, please refer to: https://help.dnsfilter.com/hc/en-us/articles/1500008111381-Allow-and-Block-Lists

Group Policy Objects

Computer Configuration | Policies | Administrative Templates | Windows Components | Windows PowerShell | Turn on Script Execution (Enabled)

User Configuration | Policies | Administrative Templates | Windows Components | Windows PowerShell | Turn on Script Execution (Enabled)

These GPOs have been known to cause issues with running scripts.

`,53);function w(C,S,k,I,A,v){const n=p("Mermaid");return a(),d("div",null,[h,(a(),s(o,null,{default:t(()=>[i(n,{id:"mermaid-32",class:"eita",graph:"graph%20TD%0A%20%20%20%20CheckImmyAgentLogs%5BCheck%20ImmyAgent%20Logs%20in%20C%3A%5CProgramData%5CImmyBot%5CLogs%5D%20--%3E%20DidEphemeralAgentStart%5BImmybot.Agent.Ephemeral.exe%20start%3F%5D%0A%20%20%20%20DidEphemeralAgentStart%20--%3E%20%7CYes%7CCheckEphemeralAgentLogs%5BCheck%20Ephemeral%20Agent%20logs%20in%20C%3A%5CProgramData%5CImmyBot%5CScripts%5C*%5C*.log%5D%0A%20%20%20%20DidEphemeralAgentStart%20--%3E%20%7CNo%7CBlockedBySecuritySoftware%5BExclude%20Script%20Path%20from%20Security%20Software%5D%0A%20%20%20%20CheckEphemeralAgentLogs%20--%3E%20EphemeralAgentConnect%5BDid%20Ephemeral%20Agent%20Websocket%20Connect%3F%5D%0A%20%20%20%20EphemeralAgentConnect%20--%3E%7CYes%7CDidSuccessfullyIdentifyAfterFix%0A%20%20%20%20EphemeralAgentConnect%20--%3E%20%7CNo%7CTryNoSSLInspect%5BPut%20on%20network%20without%20SSL%20Inspection%5D%0A%20%20%20%20TryNoSSLInspect%20--%3E%20DidSuccessfullyIdentifyAfterFix%5BEphemeral%20Agent%20Connect%20After%20Fix%3F%5D%0A%20%20%20%20DidSuccessfullyIdentifyAfterFix%5BMachine%20Identify%20Successfully%3F%5D%20--%3E%20%7CNo%7CEmailSupport%0A%20%20%20%20DidSuccessfullyIdentifyAfterFix%5BMachine%20Identify%20Successfully%3F%5D%20--%3E%20%7CYes%7CDone%0A%20%20%20%20EmailSupport%5B%22Email%20logs%20from%20C%3A%5CProgramData%5CImmyBot%5CLogs%20and%20C%3A%5CProgramData%5CImmyBot%5CScripts%5C*%5C*.logs%20to%20support%40immy.bot%22%5D%0A"})]),fallback:t(()=>[l(" Loading... ")]),_:1})),m,g,f,b,(a(),s(o,null,{default:t(()=>[i(n,{id:"mermaid-73",class:"eita",graph:"graph%20LR%0A%20%20%20%20ImmyBot%20--%3E%20%7CParallel%7CAutomate%5BRun%20script%20to%20download%20and%20run%20Ephemeral%20Agent%20via%20Automate%5D%0A%20%20%20%20ImmyBot%20--%3E%20%7CParallel%7CControl%5BRun%20script%20to%20download%20and%20run%20Ephemeral%20Agent%20via%20Control%5D%0A%20%20%20%20ImmyBot%20--%3E%20%7CParallel%7CImmyAgent%5BRun%20script%20to%20download%20and%20run%20Ephemeral%20Agent%20via%20ImmyAgent%5D%0A%20%20%20%20ImmyBot%20--%3E%20%7CParallel%7CN-Central%5BRun%20script%20to%20download%20and%20run%20Ephemeral%20Agent%20via%20N-Central%5D%0A%20%20%20%20Automate%20--%3E%20Immybot.Agent.Ephemeral.exe%0A%20%20%20%20Control%20--%3E%20Immybot.Agent.Ephemeral.exe%0A%20%20%20%20ImmyAgent%20--%3E%20Immybot.Agent.Ephemeral.exe%0A%20%20%20%20N-Central%20--%3E%20Immybot.Agent.Ephemeral.exe%0A%20%20%20%20Immybot.Agent.Ephemeral.exe%20--%3E%20cmd.exe%20--%3E%20powershell.exe%20--%3E%20Invoke-PSPipeHost.ps1%0A"})]),fallback:t(()=>[l(" Loading... ")]),_:1})),y])}const P=c(u,[["render",w]]);export{E as __pageData,P as default}; +at System.Net.Http.HttpConnection.RawConnectionStream.WriteAsync(ReadOnlyMemory\`1 buffer, CancellationToken cancellationToken)

To correct it, you need to bypass SSL Inspection for your instances hostnames/IPs, which are found under Show more > integrations > Fetch IP Address and Hostnames

SentinelOne

Sentinel requires BOTH your instance's Script path and the ImmyBot Agent process excluded. With only the script path excluded, devices will regularly have issues running the ImmyBot Agent to download the ephemeral agent. This is apparent in two cases:

  1. Importing devices - The new agent can't download the ephemeral agent to start running inventory.
  2. Updating ImmyBot Agents - The new agent can't download the corresponding new ephemeral agent when attempting to run deployments or scripts.

You can also set your Exclusion Mode to "Interoperability - Extended".

DNSFilter

There have been reports indicating that DNSFilter, along with potentially other DNS filtering tools, is not directly blocking subdomain.immy.bot but has failed to resolve some DNS queries.

Specifically, in the case of DNSFilter, it was confirmed that ImmyBot was not being blocked. However, the failure in DNS resolution meant that connection attempts to the backend were unsuccessful.

Explicitly allowing the DNS for subdomain.immy.bot (replacing "subdomain" with your specific ImmyBot instance subdomain) was verified to resolve the issue of failed DNS resolutions.

For guidance on managing allow and block lists, please refer to: https://help.dnsfilter.com/hc/en-us/articles/1500008111381-Allow-and-Block-Lists

Group Policy Objects

Computer Configuration | Policies | Administrative Templates | Windows Components | Windows PowerShell | Turn on Script Execution (Enabled)

User Configuration | Policies | Administrative Templates | Windows Components | Windows PowerShell | Turn on Script Execution (Enabled)

These GPOs have been known to cause issues with running scripts.

`,54);function w(C,S,k,I,A,v){const n=p("Mermaid");return a(),d("div",null,[h,(a(),s(o,null,{default:t(()=>[i(n,{id:"mermaid-32",class:"eita",graph:"graph%20TD%0A%20%20%20%20CheckImmyAgentLogs%5BCheck%20ImmyAgent%20Logs%20in%20C%3A%5CProgramData%5CImmyBot%5CLogs%5D%20--%3E%20DidEphemeralAgentStart%5BImmybot.Agent.Ephemeral.exe%20start%3F%5D%0A%20%20%20%20DidEphemeralAgentStart%20--%3E%20%7CYes%7CCheckEphemeralAgentLogs%5BCheck%20Ephemeral%20Agent%20logs%20in%20C%3A%5CProgramData%5CImmyBot%5CScripts%5C*%5C*.log%5D%0A%20%20%20%20DidEphemeralAgentStart%20--%3E%20%7CNo%7CBlockedBySecuritySoftware%5BExclude%20Script%20Path%20from%20Security%20Software%5D%0A%20%20%20%20CheckEphemeralAgentLogs%20--%3E%20EphemeralAgentConnect%5BDid%20Ephemeral%20Agent%20Websocket%20Connect%3F%5D%0A%20%20%20%20EphemeralAgentConnect%20--%3E%7CYes%7CDidSuccessfullyIdentifyAfterFix%0A%20%20%20%20EphemeralAgentConnect%20--%3E%20%7CNo%7CTryNoSSLInspect%5BPut%20on%20network%20without%20SSL%20Inspection%5D%0A%20%20%20%20TryNoSSLInspect%20--%3E%20DidSuccessfullyIdentifyAfterFix%5BEphemeral%20Agent%20Connect%20After%20Fix%3F%5D%0A%20%20%20%20DidSuccessfullyIdentifyAfterFix%5BMachine%20Identify%20Successfully%3F%5D%20--%3E%20%7CNo%7CEmailSupport%0A%20%20%20%20DidSuccessfullyIdentifyAfterFix%5BMachine%20Identify%20Successfully%3F%5D%20--%3E%20%7CYes%7CDone%0A%20%20%20%20EmailSupport%5B%22Email%20logs%20from%20C%3A%5CProgramData%5CImmyBot%5CLogs%20and%20C%3A%5CProgramData%5CImmyBot%5CScripts%5C*%5C*.logs%20to%20support%40immy.bot%22%5D%0A"})]),fallback:t(()=>[l(" Loading... ")]),_:1})),m,g,f,b,(a(),s(o,null,{default:t(()=>[i(n,{id:"mermaid-73",class:"eita",graph:"graph%20LR%0A%20%20%20%20ImmyBot%20--%3E%20%7CParallel%7CAutomate%5BRun%20script%20to%20download%20and%20run%20Ephemeral%20Agent%20via%20Automate%5D%0A%20%20%20%20ImmyBot%20--%3E%20%7CParallel%7CControl%5BRun%20script%20to%20download%20and%20run%20Ephemeral%20Agent%20via%20Control%5D%0A%20%20%20%20ImmyBot%20--%3E%20%7CParallel%7CImmyAgent%5BRun%20script%20to%20download%20and%20run%20Ephemeral%20Agent%20via%20ImmyAgent%5D%0A%20%20%20%20ImmyBot%20--%3E%20%7CParallel%7CN-Central%5BRun%20script%20to%20download%20and%20run%20Ephemeral%20Agent%20via%20N-Central%5D%0A%20%20%20%20Automate%20--%3E%20Immybot.Agent.Ephemeral.exe%0A%20%20%20%20Control%20--%3E%20Immybot.Agent.Ephemeral.exe%0A%20%20%20%20ImmyAgent%20--%3E%20Immybot.Agent.Ephemeral.exe%0A%20%20%20%20N-Central%20--%3E%20Immybot.Agent.Ephemeral.exe%0A%20%20%20%20Immybot.Agent.Ephemeral.exe%20--%3E%20cmd.exe%20--%3E%20powershell.exe%20--%3E%20Invoke-PSPipeHost.ps1%0A"})]),fallback:t(()=>[l(" Loading... ")]),_:1})),y])}const P=c(u,[["render",w]]);export{E as __pageData,P as default}; diff --git a/assets/troubleshooting.md.iT2DN9nj.lean.js b/assets/troubleshooting.md.FIP7nqZ9.lean.js similarity index 98% rename from assets/troubleshooting.md.iT2DN9nj.lean.js rename to assets/troubleshooting.md.FIP7nqZ9.lean.js index 9125937f..2e185dcc 100644 --- a/assets/troubleshooting.md.iT2DN9nj.lean.js +++ b/assets/troubleshooting.md.FIP7nqZ9.lean.js @@ -1 +1 @@ -import{_ as c,D as p,c as d,b as s,w as t,a4 as o,U as r,m as e,o as a,I as i,a as l}from"./chunks/framework.Q7Se86sZ.js";const E=JSON.parse('{"title":"Troubleshooting","description":"","frontmatter":{},"headers":[],"relativePath":"troubleshooting.md","filePath":"troubleshooting.md"}'),u={name:"troubleshooting.md"},h=r("",9),m=e("p",null,"Top 3 reasons for Identification Failures",-1),g=e("ol",null,[e("li",null,"SSL Inspection blocking our websocket"),e("li",null,"Security Software blocking PowerShell"),e("li",null,"Incorrect time is preventing SSL/TLS connection")],-1),f=e("p",null,"To understand the various reasons identification can fail, it helps to understand how ImmyBot executions PowerShell",-1),b=e("ol",null,[e("li",null,"RMM or ImmyAgent runs Immybot.Agent.Ephemeral.exe"),e("li",null,"Immybot.Agent.Ephemeral.exe establishes a secure websocket to wss://subdomain.immy.bot and runs Invoke-PSPipeHost.ps1"),e("li",null,"Immybot.Agent.Ephemeral.exe feeds Invoke-PSPipeHost.ps1 PowerShell over a pipe from the websocket session")],-1),y=r("",53);function w(C,S,k,I,A,v){const n=p("Mermaid");return a(),d("div",null,[h,(a(),s(o,null,{default:t(()=>[i(n,{id:"mermaid-32",class:"eita",graph:"graph%20TD%0A%20%20%20%20CheckImmyAgentLogs%5BCheck%20ImmyAgent%20Logs%20in%20C%3A%5CProgramData%5CImmyBot%5CLogs%5D%20--%3E%20DidEphemeralAgentStart%5BImmybot.Agent.Ephemeral.exe%20start%3F%5D%0A%20%20%20%20DidEphemeralAgentStart%20--%3E%20%7CYes%7CCheckEphemeralAgentLogs%5BCheck%20Ephemeral%20Agent%20logs%20in%20C%3A%5CProgramData%5CImmyBot%5CScripts%5C*%5C*.log%5D%0A%20%20%20%20DidEphemeralAgentStart%20--%3E%20%7CNo%7CBlockedBySecuritySoftware%5BExclude%20Script%20Path%20from%20Security%20Software%5D%0A%20%20%20%20CheckEphemeralAgentLogs%20--%3E%20EphemeralAgentConnect%5BDid%20Ephemeral%20Agent%20Websocket%20Connect%3F%5D%0A%20%20%20%20EphemeralAgentConnect%20--%3E%7CYes%7CDidSuccessfullyIdentifyAfterFix%0A%20%20%20%20EphemeralAgentConnect%20--%3E%20%7CNo%7CTryNoSSLInspect%5BPut%20on%20network%20without%20SSL%20Inspection%5D%0A%20%20%20%20TryNoSSLInspect%20--%3E%20DidSuccessfullyIdentifyAfterFix%5BEphemeral%20Agent%20Connect%20After%20Fix%3F%5D%0A%20%20%20%20DidSuccessfullyIdentifyAfterFix%5BMachine%20Identify%20Successfully%3F%5D%20--%3E%20%7CNo%7CEmailSupport%0A%20%20%20%20DidSuccessfullyIdentifyAfterFix%5BMachine%20Identify%20Successfully%3F%5D%20--%3E%20%7CYes%7CDone%0A%20%20%20%20EmailSupport%5B%22Email%20logs%20from%20C%3A%5CProgramData%5CImmyBot%5CLogs%20and%20C%3A%5CProgramData%5CImmyBot%5CScripts%5C*%5C*.logs%20to%20support%40immy.bot%22%5D%0A"})]),fallback:t(()=>[l(" Loading... ")]),_:1})),m,g,f,b,(a(),s(o,null,{default:t(()=>[i(n,{id:"mermaid-73",class:"eita",graph:"graph%20LR%0A%20%20%20%20ImmyBot%20--%3E%20%7CParallel%7CAutomate%5BRun%20script%20to%20download%20and%20run%20Ephemeral%20Agent%20via%20Automate%5D%0A%20%20%20%20ImmyBot%20--%3E%20%7CParallel%7CControl%5BRun%20script%20to%20download%20and%20run%20Ephemeral%20Agent%20via%20Control%5D%0A%20%20%20%20ImmyBot%20--%3E%20%7CParallel%7CImmyAgent%5BRun%20script%20to%20download%20and%20run%20Ephemeral%20Agent%20via%20ImmyAgent%5D%0A%20%20%20%20ImmyBot%20--%3E%20%7CParallel%7CN-Central%5BRun%20script%20to%20download%20and%20run%20Ephemeral%20Agent%20via%20N-Central%5D%0A%20%20%20%20Automate%20--%3E%20Immybot.Agent.Ephemeral.exe%0A%20%20%20%20Control%20--%3E%20Immybot.Agent.Ephemeral.exe%0A%20%20%20%20ImmyAgent%20--%3E%20Immybot.Agent.Ephemeral.exe%0A%20%20%20%20N-Central%20--%3E%20Immybot.Agent.Ephemeral.exe%0A%20%20%20%20Immybot.Agent.Ephemeral.exe%20--%3E%20cmd.exe%20--%3E%20powershell.exe%20--%3E%20Invoke-PSPipeHost.ps1%0A"})]),fallback:t(()=>[l(" Loading... ")]),_:1})),y])}const P=c(u,[["render",w]]);export{E as __pageData,P as default}; +import{_ as c,D as p,c as d,b as s,w as t,a4 as o,U as r,m as e,o as a,I as i,a as l}from"./chunks/framework.Q7Se86sZ.js";const E=JSON.parse('{"title":"Troubleshooting","description":"","frontmatter":{},"headers":[],"relativePath":"troubleshooting.md","filePath":"troubleshooting.md"}'),u={name:"troubleshooting.md"},h=r("",9),m=e("p",null,"Top 3 reasons for Identification Failures",-1),g=e("ol",null,[e("li",null,"SSL Inspection blocking our websocket"),e("li",null,"Security Software blocking PowerShell"),e("li",null,"Incorrect time is preventing SSL/TLS connection")],-1),f=e("p",null,"To understand the various reasons identification can fail, it helps to understand how ImmyBot executions PowerShell",-1),b=e("ol",null,[e("li",null,"RMM or ImmyAgent runs Immybot.Agent.Ephemeral.exe"),e("li",null,"Immybot.Agent.Ephemeral.exe establishes a secure websocket to wss://subdomain.immy.bot and runs Invoke-PSPipeHost.ps1"),e("li",null,"Immybot.Agent.Ephemeral.exe feeds Invoke-PSPipeHost.ps1 PowerShell over a pipe from the websocket session")],-1),y=r("",54);function w(C,S,k,I,A,v){const n=p("Mermaid");return a(),d("div",null,[h,(a(),s(o,null,{default:t(()=>[i(n,{id:"mermaid-32",class:"eita",graph:"graph%20TD%0A%20%20%20%20CheckImmyAgentLogs%5BCheck%20ImmyAgent%20Logs%20in%20C%3A%5CProgramData%5CImmyBot%5CLogs%5D%20--%3E%20DidEphemeralAgentStart%5BImmybot.Agent.Ephemeral.exe%20start%3F%5D%0A%20%20%20%20DidEphemeralAgentStart%20--%3E%20%7CYes%7CCheckEphemeralAgentLogs%5BCheck%20Ephemeral%20Agent%20logs%20in%20C%3A%5CProgramData%5CImmyBot%5CScripts%5C*%5C*.log%5D%0A%20%20%20%20DidEphemeralAgentStart%20--%3E%20%7CNo%7CBlockedBySecuritySoftware%5BExclude%20Script%20Path%20from%20Security%20Software%5D%0A%20%20%20%20CheckEphemeralAgentLogs%20--%3E%20EphemeralAgentConnect%5BDid%20Ephemeral%20Agent%20Websocket%20Connect%3F%5D%0A%20%20%20%20EphemeralAgentConnect%20--%3E%7CYes%7CDidSuccessfullyIdentifyAfterFix%0A%20%20%20%20EphemeralAgentConnect%20--%3E%20%7CNo%7CTryNoSSLInspect%5BPut%20on%20network%20without%20SSL%20Inspection%5D%0A%20%20%20%20TryNoSSLInspect%20--%3E%20DidSuccessfullyIdentifyAfterFix%5BEphemeral%20Agent%20Connect%20After%20Fix%3F%5D%0A%20%20%20%20DidSuccessfullyIdentifyAfterFix%5BMachine%20Identify%20Successfully%3F%5D%20--%3E%20%7CNo%7CEmailSupport%0A%20%20%20%20DidSuccessfullyIdentifyAfterFix%5BMachine%20Identify%20Successfully%3F%5D%20--%3E%20%7CYes%7CDone%0A%20%20%20%20EmailSupport%5B%22Email%20logs%20from%20C%3A%5CProgramData%5CImmyBot%5CLogs%20and%20C%3A%5CProgramData%5CImmyBot%5CScripts%5C*%5C*.logs%20to%20support%40immy.bot%22%5D%0A"})]),fallback:t(()=>[l(" Loading... ")]),_:1})),m,g,f,b,(a(),s(o,null,{default:t(()=>[i(n,{id:"mermaid-73",class:"eita",graph:"graph%20LR%0A%20%20%20%20ImmyBot%20--%3E%20%7CParallel%7CAutomate%5BRun%20script%20to%20download%20and%20run%20Ephemeral%20Agent%20via%20Automate%5D%0A%20%20%20%20ImmyBot%20--%3E%20%7CParallel%7CControl%5BRun%20script%20to%20download%20and%20run%20Ephemeral%20Agent%20via%20Control%5D%0A%20%20%20%20ImmyBot%20--%3E%20%7CParallel%7CImmyAgent%5BRun%20script%20to%20download%20and%20run%20Ephemeral%20Agent%20via%20ImmyAgent%5D%0A%20%20%20%20ImmyBot%20--%3E%20%7CParallel%7CN-Central%5BRun%20script%20to%20download%20and%20run%20Ephemeral%20Agent%20via%20N-Central%5D%0A%20%20%20%20Automate%20--%3E%20Immybot.Agent.Ephemeral.exe%0A%20%20%20%20Control%20--%3E%20Immybot.Agent.Ephemeral.exe%0A%20%20%20%20ImmyAgent%20--%3E%20Immybot.Agent.Ephemeral.exe%0A%20%20%20%20N-Central%20--%3E%20Immybot.Agent.Ephemeral.exe%0A%20%20%20%20Immybot.Agent.Ephemeral.exe%20--%3E%20cmd.exe%20--%3E%20powershell.exe%20--%3E%20Invoke-PSPipeHost.ps1%0A"})]),fallback:t(()=>[l(" Loading... ")]),_:1})),y])}const P=c(u,[["render",w]]);export{E as __pageData,P as default}; diff --git a/azure-graph-permissions-setup.html b/azure-graph-permissions-setup.html index 818ab4d3..d4b5c731 100644 --- a/azure-graph-permissions-setup.html +++ b/azure-graph-permissions-setup.html @@ -19,7 +19,7 @@
immy.bot

Appearance

AzureAD/365 Graph Permissions

Your first ImmyBot tenant will be automatically linked to the Azure tenant that you signed up for ImmyBot with. You can link other ImmyBot tenants to Azure from the tenant Azure tab.

Linking to an Azure Tenant

After creating an ImmyBot tenant, link it to an Azure tenant by navigating to the Azure tab in ImmyBot and entering the Azure tenant's principal id or domain and clicking Save.

Azure Permission Level

Once your ImmyBot tenant has been linked to Azure, you can set the Azure Permission Level from the tenant Azure tab. This allows ImmyBot to:

  1. Sync all users from the Azure tenant
  2. Sync all users from your customer's tenants (if your Azure tenant is a Partner tenant)
  3. Install the 365 applications a user is licensed for (Apps for business/Apps for entrprise/Project/Visio)
  4. Deploy software to Teams, On-Premises Security Groups (Ex. Everyone in the Engineering Team gets AutoCAD 2022)

The Azure Permission Level has two modes: Default and Custom

NB: In both the Default and Custom modes, you must manually provide consent for each customer you want to sync!
NB: When consenting to an Azure customer, you must authenticate using an administrator account from that customer!
Consent can be initiated from within ImmyBot by clicking on the Consent (or Reconsent) button for the customer on either the Azure Settings page or on the Azure tab of the ImmyBot tenant linked to the customer.

Default

In this mode, you don't need to create an app registration. You consent as an administrator, allowing ImmyBot access users in your tenant and your customers tenants (if you have established GDAP relationships with your customers and have consented with an admin from that customer).

Custom

In this mode, you create an App Registration and provide its Application (client) Id and Secret to ImmyBot, allowing you to customize the permissions Immy has to you and your customer's environments.

Create an App Registration

Navigate to: https://aad.portal.azure.com/

Important! Your app registration must have a Web redirect uri of https://<your-domain>.immy.bot/consent-callback, replacing <your-domain> appropriately

Grant Permissions

See the screenshots below for the minimum permissions.

image

image

Create Client Secret

Assign GDAP Permissions to ImmyBot Service Principal

  • Create a Security Group in Azure AD called "ImmyBot Security Group"
  • Add the ImmyBot Service Principal to that group
  • For each customer in the Partner Center, add the "ImmyBot Security Group" and add the "Directory Readers" and "Global Reader" role.

Copy the Application (client) ID and Client Secret Value into the form in ImmyBot.

Common Issues

AADSTS500113: No reply address is registered for the application

This error occurs when the redirect uri is not set correctly on the custom app registration. Please follow these steps to set the redirect uri correctly:

  1. Navigate to the Azure Portal
  2. Navigate to the Microsoft Entra ID blade
  3. Navigate to the App Registrations blade
  4. Select the app registration you created for ImmyBot
    • You may need to change the filter to "All Applications"
    • You can paste the Application (client) ID of your custom app registration into the search box to find it image
  5. Navigate to the Authentication blade
    • Select "Add a platform"
    • Select "Web" as the type image
    • Enter https://<your-domain>.immy.bot/consent-callback as the redirect uri, replacing <your-domain> appropriately
    • Click "Configure" image
- + \ No newline at end of file diff --git a/build-your-own-integration.html b/build-your-own-integration.html index 58e0e2f5..7502a572 100644 --- a/build-your-own-integration.html +++ b/build-your-own-integration.html @@ -442,7 +442,7 @@ } $Integrationimage - + \ No newline at end of file diff --git a/connectwise-automate-integration-setup.html b/connectwise-automate-integration-setup.html index 0ede57b3..5f06a5b6 100644 --- a/connectwise-automate-integration-setup.html +++ b/connectwise-automate-integration-setup.html @@ -21,7 +21,7 @@
immy.bot

Appearance

ConnectWise Automate

Setting up this integration allows you to

  1. Import customers from Automate
  2. Import computers from Automate
  3. Manage all computers in Automate without deploying the ImmyBot Agent
  4. Map customers from Manage to ImmyBot tenant based on existing Automate<->Manage relationship

Create ImmyBot Role

ImmyBot requires the following permissions in Automate

  • Core
    • Clients.Read
    • Clients.Show All
    • Computers.Show All
    • Computers.Edit (For moving existing computers to new locations
    • Computers.Delete (For retiring duplicate computers)
    • Groups.Show All
    • Locations.Show All
    • Patch Manager.Read (Required if you want Immy to apply approved Windows Updates)

Immy-CWA-User Class Manager-Permissions

Create ImmyBot User

Enable Google MFA for ImmyBot User

The integration requires Google for MFA. Duo is not supported as Duo does not expose the MFA token anywhere for us to use and doesn't appear to be the standard TOTP like Google uses. You will need to exclude the integration user from your Duo deployment if using Duo and configure the Google MFA plugin for Automate for this user.

image

Import your customers

Alternatively, you can create/map only certain customers.

When you map a customer from an RMM, the computers will undergo Identification

- + \ No newline at end of file diff --git a/connectwise-control-integration-setup.html b/connectwise-control-integration-setup.html index 6a906107..0fa546d9 100644 --- a/connectwise-control-integration-setup.html +++ b/connectwise-control-integration-setup.html @@ -29,7 +29,7 @@ DELETE FROM SessionConnectionEvent WHERE (EventType = 70) AND (Time < DATETIME('now', '-7 day')) - + \ No newline at end of file diff --git a/connectwise-manage-integration-setup.html b/connectwise-manage-integration-setup.html index 8eb478cf..2f54e02c 100644 --- a/connectwise-manage-integration-setup.html +++ b/connectwise-manage-integration-setup.html @@ -19,7 +19,7 @@
immy.bot

Appearance

ConnectWise Manage

Setting up this integration allows you to

  1. Deploy Software to machines covered by a certain agreement type
  • Example: Deploy Huntress to all customers with a Managed Security Agreement
  1. (Preferred) Deploy Software to machines covered by an Agreement with a specific Addition
  • Example: Deploy SentinelOne to all computers that have SentinelOne as an Addition on their agreement

If you use Automate, setup the Automate integration first and import your customers from there. Importing customers from Manage generally results in many unnecessary Tenants being created in ImmyBot. You can link Automate to Manage to leverage the existing mappings between Automate<->Manage instead of manually mapping your Manage customers

Create an ImmyBot Role with the following permissions

  • Company -> Company Maintenance -> Inquire Level (All)
  • Finance -> Agreements -> Inquire Level (All)
  • Procurement -> Product Catalog -> Inquire Level (All)
  • Procurement -> Product -> Inquire Level (All)
  • System -> API Reports -> Inquire Level (All)

Create an API Member

Go to System -> Members and create a new API Member

Create a new API key

Plugin the API Keys in ImmyBot

Create a new PSA Link and fill in the Provider Info

CW Manage Pod v1

Setting up this integration allows you to Look up the contact's email address in Immy and shows you their computers (Immy does User Computer Affinity behind the scenes so you don't have to do it manually). Technicians can jump into their computers or push software via the ticket.

image

Go to Show More -> Integrations

Add CW Manage Pod

Go to ConnectWise -> Setup Tables -> Manage Hosted API -> +

image

- + \ No newline at end of file diff --git a/getting-started.html b/getting-started.html index 918f0ac1..38cf19e6 100644 --- a/getting-started.html +++ b/getting-started.html @@ -19,7 +19,7 @@
immy.bot

Appearance

Getting Started / Thinking with Immy

The goal of ImmyBot is to setup a computer knowing only the customer and the end user.

Thinking with Immy means thinking in terms of how things "Should" be.

You teach Immy how things "should" be by creating Deployments.

How things "Should" be is often dependent on external factors. For example

  • Customer A should have SentinelOne because they pay for it
  • Person A should have Visio 365 because he has a license for it

Luckily, deployments can be conditionally applied based on the result of scripts that reach out to external sources

This is out of the box functionality in ImmyBot. I'm just showing you how it works to illustrate the power of the rules engine.

Overview

ImmyBot deploys 2 things:

  1. Software
  2. Tasks

Tasks are for anything that isn’t software, think Bitlocker, Power Options, etc.

  • You can use Tasks to configure software by selecting a "Configuration Task" for the software
  • Configuration Tasks are useful for configuring the application (even if the application wasn't installed by ImmyBot)
  • Configuration Tasks run after Immy determines the software is installed
  • Configuration Task parameters are available in all scripts related to the software

ImmyBot tests everything it does before and after it does it.

  • Software
    • Version Detection - Runs before install to determine if installation is necessary, and after to verify the desired version is installed
      • DisplayName
        • Contains
        • Regex
        • Traditional (Wildcard *)
      • UpgradeCode (For MSI based installs)
      • Script
        • Must return a version or null
    • Test Script - If software is installed, the failure of this test (the test script returning $false) will trigger a "Repair" action (default Uninstall/Install) of the application
      • Example: Check to verify Foxit PDF Editor is the Preview handler extension is working in Windows Explorer, reinstalling the PDF Editor usually corrects this scenario
  • Tasks
    • Test script (When using separate scripts)
    • Combined script returns $false when $method is 'test'

Example: Adobe Reader

We find that most MSPs install Adobe Reader by default so ImmyBot includes a Recommended Deployment that states

  • "the latest version of Adobe Reader should be installed for all Workstations and Portable Devices"

When this rule applies (i.e. it isn't disabled or overridden by a more specific rule) ImmyBot will do the following:

  1. Find the latest available version of Adobe Reader by running the Adobe Reader "dynamic version" script that uses a public API to return the latest full version number of Adobe Reader, as well as the URL to download it, the latest patch version of Adobe Reader, and the URL to download it.
  2. Determine the installed version (if any) by looking for Adobe Reader in Add/Remove Programs on the machine
  3. Queue an Install or Upgrade task (depending on the previous step)
  4. Set Adobe Reader to be the default PDF handler by running the "configuration task" that verifies that Reader is the default handler for .PDF files for each user on the machine.
- + \ No newline at end of file diff --git a/halo-integration-setup.html b/halo-integration-setup.html index 6363df4b..1bac493f 100644 --- a/halo-integration-setup.html +++ b/halo-integration-setup.html @@ -19,7 +19,7 @@
immy.bot

Appearance

HaloPSA

Setting up this integration allows you to

  1. Deploy Software to machines covered by a certain contract type
  • Example: Deploy Huntress to all customers with a Managed Security Contract
  1. (Preferred) Deploy Software to machines covered by an Contract with a specific recurring invoice item
  • Example: Deploy SentinelOne to all computers that have SentinelOne on a recurring invoice as a recurring invoice item on their contract

Create an ImmyBot Application under /config/integrations/api/applications

  • Under the details section, select the Client ID and Secret Authentication Method
  • Generate and copy the Client ID and Client Secret
  • The Login Type should be "Agent", and you should select an "Agent to log in as"

Permissions:

  • read:customers -> Yes
  • read:contracts -> Yes
  • read:items -> Yes
  • edit:items -> Yes (*should not be needed > 2.99, API bug will not allow listing items without edit rights)
  • read:invoices -> Yes
  • read:software -> Yes
  • read:assets -> Yes (*future feature of the integration will include asset population, not currently necessary)
  • edit:assets -> Yes (*future feature of the integration will include asset population, not currently necessary)

Plug in the Client ID and Client Secret in ImmyBot

Create a HaloPSA Integration Link and fill in the Integration Settings

image

Embedded Ticket Tab

HaloPSA version 2.125.5, introduced a new feature called Custom Tabs. You can configure these Custom Tabs to point to a web address, similar to an iframe.

Within HaloPSA, configure the tab as follows:

image

This tab will then show on all tickets in the system, like this:

image

- + \ No newline at end of file diff --git a/hashmap.json b/hashmap.json index 01002c94..5c6369d5 100644 --- a/hashmap.json +++ b/hashmap.json @@ -1 +1 @@ -{"readme.md":"8dBE8h8q","connectwise-automate-integration-setup.md":"OMw3Hnaq","azure-graph-permissions-setup.md":"HbNTHVeq","connectwise-manage-integration-setup.md":"yVBPWwaD","halo-integration-setup.md":"7lgOh6lD","onboarding.md":"SCpUpMQC","getting-started.md":"QWE9A8tA","releases-2020.md":"YQUUk8hF","immy-commands.md":"neOz-T9Y","recommended-deployments.md":"bJn8zbiP","troubleshooting.md":"iT2DN9nj","connectwise-control-integration-setup.md":"96Tx51Uh","index.md":"savCj9OT","windows-sandbox.md":"eGW9ttyg","scripts.md":"t_iGcB5k","ncentral-integration-setup.md":"TtQQssP1","releases.md":"GukbY6KE","add-users.md":"TPrk5VcE","user-roles.md":"2kRKvpRc","releases-2021.md":"VzdP9D8Q","releases-2022.md":"SAdko67G","terminology.md":"sIQXfQph","build-your-own-integration.md":"BCYySqpS","faq.md":"sXJ9RXSw","markdown-examples.md":"0fDP8ump"} +{"add-users.md":"TPrk5VcE","connectwise-manage-integration-setup.md":"yVBPWwaD","getting-started.md":"QWE9A8tA","onboarding.md":"SCpUpMQC","faq.md":"sXJ9RXSw","halo-integration-setup.md":"7lgOh6lD","releases-2020.md":"YQUUk8hF","ncentral-integration-setup.md":"TtQQssP1","markdown-examples.md":"0fDP8ump","connectwise-automate-integration-setup.md":"OMw3Hnaq","recommended-deployments.md":"bJn8zbiP","windows-sandbox.md":"eGW9ttyg","index.md":"savCj9OT","terminology.md":"sIQXfQph","immy-commands.md":"neOz-T9Y","troubleshooting.md":"FIP7nqZ9","scripts.md":"t_iGcB5k","user-roles.md":"2kRKvpRc","connectwise-control-integration-setup.md":"96Tx51Uh","build-your-own-integration.md":"BCYySqpS","readme.md":"8dBE8h8q","azure-graph-permissions-setup.md":"HbNTHVeq","releases-2022.md":"SAdko67G","releases-2021.md":"VzdP9D8Q","releases.md":"GukbY6KE"} diff --git a/immy-commands.html b/immy-commands.html index ab313704..67955057 100644 --- a/immy-commands.html +++ b/immy-commands.html @@ -96,7 +96,7 @@ $versionString = $url -split '/' | select -Last 1 -Skip 1 $latestVersion = $SoftwareVersions | sort SemanticVersion | select -last 1 $createdVersion = Add-SoftwareVersion -SoftwareVersion $latestVersion -SemanticVersion $versionString -Url $url

Get-AllLocalScripts

Coming Soon

Get-AllGlobalScripts

Coming Soon

CW Automate Commands

Invoke-CWAQuery

Coming Soon

Invoke-CWARestMethod

Coming Soon

Get-CWARestPages

Coming Soon

- + \ No newline at end of file diff --git a/index.html b/index.html index 7b385def..d498ecc8 100644 --- a/index.html +++ b/index.html @@ -19,7 +19,7 @@
immy.bot

Appearance

- + \ No newline at end of file diff --git a/markdown-examples.html b/markdown-examples.html index 18ab4ad0..906527cd 100644 --- a/markdown-examples.html +++ b/markdown-examples.html @@ -51,7 +51,7 @@ ::: details This is a details block. :::

Output

INFO

This is an info box.

TIP

This is a tip.

WARNING

This is a warning.

DANGER

This is a dangerous warning.

Details

This is a details block.

More

Check out the documentation for the full list of markdown extensions.

- + \ No newline at end of file diff --git a/ncentral-integration-setup.html b/ncentral-integration-setup.html index 7414baf9..bc283b0c 100644 --- a/ncentral-integration-setup.html +++ b/ncentral-integration-setup.html @@ -21,7 +21,7 @@
immy.bot

Appearance

N-Central Integration

Setting up this integration allows you to

  1. Import customers from N-Central
  2. Import computers from N-Central
  3. Manage all computers in N-Central without deploying the ImmyBot Agent

Create ImmyBot Role in N-Central

ImmyBot currently requires the following role permissions to operate correctly:

Devices

  • Devices View
    • All Devices -> Read Only
  • Direct Support
    • Command Prompt -> Manage
    • File System -> Manage
  • Remote Control
    • Custom -> Manage
    • Take Control -> Manage
  • Network Devices
    • Add/Import Devices -> Manage
    • Edit Device Settings -> Manage

Create an "ImmyBot" role in your N-Central instance using above roles.

Create ImmyBot user in N-Central

Create a new "ImmyBot" user in the instance with the "ImmyBot" role applied.

Login to the new ImmyBot user to get MFA code and accept EULA

Once you have created the new ImmyBot user account, you must attempt to login so that you may retrieve the MFA key, and complete any initial setup. After entering the accounts email and password, there will be a MFA QR code displayed. You MUST press the "CAN'T SCAN IT?" button to get the Base32-encoded MFA key. After saving the key, use a site such as this to get the current token from the key, or temporarily scan the QR code on a device to complete sign-in.

TIP

Make sure you accept the EULA when you login, otherwise the computers will not import!

Add integration for N-Central

After completing setup in N-Central, it's time to add the integration to ImmyBot. Navigate to the "Integrations" page in ImmyBot, and create a new "N-Central" integration. Input all the N-Central user account data to the fields on the right.

Press the "Verify Credentials" button, then, if completed successfully, press the button again to save the integration.

Import your customers

Alternatively, you can create/map only certain customers.

When you map a customer from an RMM, the computers will undergo Identification

Troubleshooting

My customers are showing up but no computers

Login to N-Central as the ImmyBot User and accept the EULA

- + \ No newline at end of file diff --git a/onboarding.html b/onboarding.html index 949339b1..1293d6f8 100644 --- a/onboarding.html +++ b/onboarding.html @@ -19,7 +19,7 @@
immy.bot

Appearance

Setup your first Computer

When you first login to ImmyBot the Getting Started Wizard will be prompt you to create your ImmyBot flash drive, and plug it into the new computer.

THIS IS A ONE TIME PROCESS, YOU DO NOT NEED TO CREATE A FLASH DRIVE FOR EACH CLIENT. YOU WILL CHANGE THE CLIENT AFTER THE MACHINE IS IN IMMYBOT

image

We recommend unboxing a physical computer (Dell, HP, or Lenovo) so we can demonstrate applying the latest manufacturer BIOS and driver updates.

If you insist on testing on a virtual machine, do the following to receive the PPKG inside an ISO, then mount it to the VM, and press the Windows Key 5 times when you are at the Region Selection screen. If you are past the region selection screen, simply double click the PPKG from the mounted disk

image

image

Once the computer is identified, you will be directed to that computer to begin the Onboarding process:

image

ImmyBot needs:

  1. Customer
  2. Primary User (That will be using the computer, optional but recommended)

image

You only have one customer and one person right now, and it’s your MSP and you. That’s fine, we’ll pretend we’re setting up a computer for you and your MSP.

TIP

Customers can be imported from your RMM or PSA, or by setting up the Azure integration

TIP

People are imported from your customers' Azure AD via the Azure integration

An "Onboarding" session will be created for this computer, and ImmyBot will apply the "Recommended Deployments"

TIP

You can add your own Deployments and re-run this session as many times as you like until everything is to your liking.

- + \ No newline at end of file diff --git a/recommended-deployments.html b/recommended-deployments.html index 7edcfaba..f251c196 100644 --- a/recommended-deployments.html +++ b/recommended-deployments.html @@ -19,7 +19,7 @@
immy.bot

Appearance

Recommended Deployments

Create Profile for Primary User

This allows Immy to set default browser and pdf editors.

Remember how Microsoft made default PDF handler and default browser user level settings? These settings are stored in the profile of the user. Specifically in the user’s registry. But this is a new computer, and there is no user registry because the user hasn’t logged into the computer, and therefore a profile doesn’t exist for us to specify those settings. Rather than requiring you to ask the user for their password, we fetch their SID from AzureAD. If we find that the user is synced from Active Directory, we will use the SID from Active Directory. If the user is cloud only, we use their Azure AD SID. For the more discerning you may be wondering how we deal with the UserChoice hash, the anti-tamper mechanism preventing the automatic setting of these preferences.

Microsoft 365 Apps

Immy installs the apps the selected user is licensed for. Immy contains recommended deployments for

  • Apps for business
  • Apps for enterprise
  • Project
  • Visio

You may be tempted to disable these because you are afraid Immy will install all of these apps on every computer. These deployments are limited using a “Metascript” filter that reaches out to the Microsoft Graph API to determine whether the selected user has a license for the product in question.

Dell/Lenovo/HP Updates

ImmyBot will install the latest updates from Dell, HP, and Lenovo, including driver updates and BIOS updates.

You may be tempted to disable these Deployments as you don’t want HP updates applying to your Dell. This won’t happen. Each deployment uses a Filter script to ensure that these updates only apply to the appropriate machines

Adobe Reader

You may be tempted to disable this deployment because not all of your customers use Adobe Reader. You should instead leave it enabled and handle exceptions to the rule. See more under “Deployment Resolution”

Set Computer Name and Domain Join

This is one that I’d advise you to turn off, and instead customize for each customer. We leave it as a recommended deployment mostly to raise awareness that ImmyBot has the capability, but fully expect you to override it to suit your needs.

- + \ No newline at end of file diff --git a/releases-2020.html b/releases-2020.html index fe944a0d..40660d1c 100644 --- a/releases-2020.html +++ b/releases-2020.html @@ -21,7 +21,7 @@
immy.bot

Appearance

Releases in 2020

0.38.2

Released 2020-12-29

New Features

Updated the export default name to be meaningful.

image

image

Added a Uri datatype for maintenance task parameters.

image

This parameter is available as a Uri type in power shell for users to us inside of scripts.

image

Improvements

  • When creating new software versions, we will default the new version's settings to the previous version's settings. This is generally more reliable that using the analysis results by default. If there is no previous version, then we will still use the analysis results as default.

  • Adds the result message to the action column in the deployment excel export to help indicate success/failure.

  • Using the new Uri datatype no additional parsing will be needed to convert a string to a Uri inside of the script.

  • Made the system update page show current version release notes

  • Added current release update notes; Switched to using cards for displaying releases

  • Display computer provider type button for each RMM Link instead of type and hid disabled links

  • Updates the Schedules List to show the same Target fields that the Deployment List shows.

    • image

Bug Fixes

  • Fixed issue with saving global maintenance task with non-file parameters
  • Fixed an issue when uploading an installer Immy would not try and match it to an existing software.
  • Fixed a bug on the upload software version page where clicking the next button was not loading the next screen.
  • Fixed a bug when saving cross tenant deployments where we did not clear the tenant field if the deployment was previously for a specific tenant.
  • Fixed issues with the session list page not showing correct results when the time filter was applied.
  • Fixed an issue where we could show non IP addresses for a computer's external IP field when the External IP Inventory script runs
  • Fixed an issue where BITS Download would not fallback to basic download if the command timed out.
  • Fixed issue with showing the updated by and update by by person on the Schedules List page.
  • Hid the Download ImmyAgent link when ImmyAgent RMMLink is disabled.
  • When detecting software version after install a newer version than expected will no longer cause a failure for that action.
    • This fixes the case in where some software auto update themselves right after installation.

0.38.1

Released 2020-12-23

Bug Fixes

  • Corrected issue preventing Maintenance Tasks from being saved

0.38.0

Released 2020-12-21

New Features

Maintenance Tasks Files

image

  • Specify a default file if the user doesn't specify one
  • Include utilities with maintenance tasks by marking the parameter as hidden

image

Log Highlighting

image

  • Highlights the important logs for a software or task so they are more easily recognized.

Safely create Uris for REST APIs

image

Example
powershell
Add-UriQueryParameter -Uri 'https://my.thingwithqueryparams.com/items' -Parameter @{'Filter'='subject like "hello"'}
Output 
https://my.thingwithqueryparams.com:443/items?Filter=subject+like+%22hello%22

Accessing Azure KeyVault

powershell
$Headers = Get-ImmyAzureAuthHeader -Endpoint Keyvault
 Invoke-RestMethod 'https://<yourvault>.vault.azure.net/secrets/secretname?api-version=7.1' -Header $Headers | Select -Expand Value

image

Access arbitrary Azure authenticated resource URIs

powershell
$Headers = Get-ImmyAzureAuthHeader -ResourceUri 'https://vault.azure.net'
 Invoke-RestMethod 'https://<yourvault>.vault.azure.net/secrets/secretname?api-version=7.1' -Header $Headers

Improvements

  • Added the capability for ImmyAgent Provisioning packages to be downloaded an ISO. image
  • Added date/time tooltips to session times to see specifically when a session started
  • Removed automatic software evaluation run from computer details page
  • Adds Open remote session buttons to the computer deployment list.
  • Adds a checkbox to include/exclude offline computers from the computer list page.
  • Configuration task parameters are now available in software test scripts.
  • Added OS Name and Manufacturer to the Computer Overview tab.
  • Added dependency badges to maintenance action items
  • Added default to maintenance action table to hide actions with No Action to reduce clutter.
  • Removed unnecessary show preview div from Computer Details->Software tab
  • Removed automatic software evaluation from Computer Details page
  • Added Remote Session button on Edit Deployment page
  • Added offline computer checkbox filter to computer list page
  • Fixed test script result parsing and added config task variables to it
  • Removed legacy TestResult syntax from SoftwareVersion scripts
  • Added date tooltips to sessions/actions times
  • Set JobArgs to Suppress reboots when running action from Computer Details; Needs Attention
  • Moved the drag handle for RMM Priority ordering to the left side
  • Start system required inventory in overwrite existing command
  • Added dependency badge to maintenance session action list item and action table
  • Refactored to keep GetAuthConnectionString() private and added -Endpoint KeyVault as an alias for the resourceUri
  • Added parametersetnames to Get-ImmyAzureAuthHeader to differentiate between orthogonal use cases
  • Default to hiding 'No Action' in the computer actions table
  • Removed string expansion from MetascriptHost to prevent need for backticks in Set-ComputerName Metascript
  • Decreased timeout for the pending reboot check as this could cause sessions to hang for an unnecessarily long period of time if the script doesn't respond

Bug Fixes

  • Fixed 'Rerun' button action not suppressing reboots.
  • Fixed maintenance action start and end time issues showing the wrong times
  • Fixed an issue where the computer would show online even though all agents were disabled.
  • Maintenance Task parameters and built in variables values are preserved and no longer string expanded in the Metascript context, allowing you to pass these values unaltered to scripts run via Invoke-ImmyCommand
  • Fixed UTC/local issues with action start and end time
  • Fixed online status for disabled RMMLinks

0.37.10

Released 2020-12-15

Bug Fixes

  • Fixes an issue on the computer software list where some fields were not immediately updating.
  • Reduces padding of each item in the software list
  • Fixed issue where scripts would occasionally fail to execute as the user even though the user is logged in
  • Invoke-ImmyCommand no longer returns System.Object instead of $null, making it easier to detect null results
  • $using variables no longer throw a null reference exception when the value is null in the parent context
  • $using variables will issue a warning when they are not present in the parent context, previously a NullReferenceException was thrown both when the variable was declared but had a null value and when the variable was not declared. (Sometimes null is a valid value)

0.37.9

Released 2020-12-14

Bug Fixes

  • Fixed regression in 0.37.8 that broke inventory for most machines

0.37.8

Released 2020-12-12

New Features

  • Adds a helpful alert letting the user know that user scripts with a user action trigger of Run once at login, Run at every login, and Active Setup at login will run immediately if the user is logged in.

Bug Fixes

  • Fixes an issue running some inventory scripts against computers running PowerShell 2.0 (And possibly other PS versions, causing inventory to fail and computer names to be displayed as GUIDs)
  • Un-reversed order of first and last names on edit deployment page
  • Adds missing maintenance task category to the maintenance task details page
  • Fixes an issue where we were not properly updating the maintenance action if the desired state was Update If Found and the software was not present`
    • Now properly resolves the action result to Success, the Action Type to No Action, and the Action Reason to Software Missing.
  • Fixes issue where RunAsUser fails because user is not a local admin
  • Fixed issue where Immy was pre-selecting incorrect Software after analyzing non-MSI installers
  • Fixes error when using 'Update if Found' with ninite packages.

0.37.7

Released 2020-12-10

Enhancements

  • Allows for saving scripts while focused in the editor by pressing Ctrl S.
  • Adds an alert prompting to save changes when navigating away from a modified script

Bug Fixes

  • Fixes a permission issue when searching the computer list by primary user
  • Fixed object serialization issue from Windows Server 2003 machines

0.37.6

Released 2020-12-09

Bug Fixes

  • Fixes an issue where CW Control RMM Links were failing if the CW Control URL contained a specific route.
  • Fixes the excel export on the Deployment page's Affected Computers panel
  • Fixes a bug on script details form where the scripts timeout was not showing the correct value
  • Fixes a bug when viewing the script details in a modal, where the default timeout was not being supplied.
  • Resolves issue where Immy incorrectly reports "User is not logged in" when a user is logged in over RDP
  • Fixes a bug on the computer details page sessions tab where sessions for other computers show up if you change the time filter
  • Fixes a bug in the computer list page, if the computer name is missing, we now show the device id

Enhancements

  • If a provider fails to initialize, it will be automatically disabled to increase the overall health of Immy.

0.37.5

Released 2020-12-08

New Features

  • Function Scripts! Keep your code dry! You can now call scripts from other scripts. Simply create a new script with category Function, define your logic, and then call the function from another MetaScript.
  • Adds a new column to the session table called "Type" to indicate whether the session was "Scheduled" or "Manual".

Bug Fixes

  • Fixed duplicate persons issue. Syncing persons from azure users now checks if there is an existing person with the same user principal name (email) and will update that person instead of creating a new one.
  • Fixes an issue where the onboarding form's primary user selector was returning people outside of the selected tenant (Only an issue for MSP users).
  • Fixes a bug where the New and Copy as New buttons were missing from the script selector.
  • Fixed an issue with Immybot using the incorrect software version when deploying the "latest" version
  • You can now analyze a version without specifying the "Installer Executable Path" if the file is a zip file
  • Renamed metascript Get-RmmProvider to Get-RmmInfo and added the information required to retrieve EDFs for Clients and Computers from Automate
  • Addresses memory performance issues with the computer list page
  • Fixes some default properties when loading the maintenance task form in a modal. Fixes a bug in Invoke-ImmyCommand where providing the same $using variable with different capitalization threw a duplicate variable error.

Enhancements

  • Added logic to auto select an existing software by upgrade code on the software version upload page
  • Updates the deployment form's software, version, and configuration task "View" buttons

0.37.4

Released 2020-12-08

Bug Fixes

  • Fixed an issue with inventory scripts being retried every minute on devices that return exceptions

0.37.3

Released 2020-12-01

Bug Fixes

  • Fixed issue with terminal not rendering output when launched from Edit button on session logs
  • Fixes an issue where the suggested rmm link name conflicted with an existing name
  • Set the Hangfire Redis MaxStateHistoryLength to 5 to fix issues with uncontrolled memory leak

0.37.2

Released 2020-11-24

Hotfixes

  • Fixed several broken maintenance session links that were not bringing the user to the correct page.
  • Fixed an error in metascripts about the use of duplicate $__using variables.
  • Fixed an issue rendering the xterm terminal within the script editor modal.

0.37.1

Released 2020-11-23

Hotfixes

  • Fixed filter scripts to only return a single computer when run for a maintenance session. Not doing this was causing memory to balloon up unnecessarily.

0.37.0

Released 2020-11-23

Enhancements

Check out our new documentation site! https://docs.immy.bot/

Actionable Software Inventory
  • Updated the Software tab to now provide actionable buttons for software and maintenance tasks that are not compliant
Automatic Onboarding
  • Plug in the USB drive and setup begins automatically without having to login to Immy
    • Create a new Windows 10 Setup USB Package and enable the auto-onboarding option
  • Added a new tab called Sessions that allows a user to easily see computer sessions without leaving the computer details page
  • Added an Onboarding tab to the computer details page to allow easier changing of customer and primary user
Script Engine
  • Simplified Filter Script syntax, removed -TargetType and -TargetGroupFilter as these are selectable in the UI
  • Added xterm.js to the Script Editor for better handling of large return payloads
  • Write-Host output is no longer suppressed when run within Invoke-ImmyCommand
  • Write-Debug, Write-Verbose, Write-Warning, and Write-Error all work both within Metascripts, and scripts run via Invoke-ImmyCommand (Note: $DebugPreference and $VerbosePreference need to be set to 'Continue' as the PowerShell default will suppress the output from these cmdlets)
  • Write-Host in Metascripts and Cloudscripts supports -ForegroundColor, -BackgroundColor and -NoNewLine parameters
  • Terminal now formats Errors and many other objects according to the PowerShell 7 default
  • PowerShell 7 $ErrorView= 'ConciseView' is now supported
  • Exceptions thrown within scripts now show the script line instead of a backend stack trace
  • Added $AzureTenantId variable to all scripts

Stability

  • Fixed memory leak in the user affinity job that was causing instances to hang on an error page
  • Added availability health checks for some azure resources to help diagnose issues faster.

Hotfixes

  • Fixed an issue where renaming a computer did not immediately show the change in the browser
  • Fixed an issue with sending test emails from the smtp page. It would sometimes incorrectly throw an error about enabling authentication
  • Added Update If Found desired state for Ninite Software
  • Fixed selecting a software on the deployment page to auto select "Installed" and "Latest" as the default options
  • Fixed an issue where it was not possible to view global maintenance task scripts from within the Maintenance Task interface
  • ImmyAgent no longer executes Batch/CommandLine as PowerShell

Security

  • Get-ImmyComputer no longer returns computers from other tenants when run by a non-MSP user

0.36.4

Released 2020-11-19

Bug Fixes

  • Moved the pending reboot check from the beginning of the session to the beginning of the execution phase so computers do not reboot during detection. Computers usually run detection during the day and we do not want to reboot computers while they are being used.

0.36.3

Released 2020-11-13

Bug Fixes

  • Fixes bug where rebooting a computer would sometimes hang the maintenance session
  • Fixes a typo reading for onboarding -> ready for onboarding
  • Fixed issue preventing a computer from rebooting if necessary before it starts a maintenance session
  • Fixes an issue where an action would immediately fail if the computer failed to reboot
    • e.g. A software is supposed to be uninstalled and then reinstalled. After the uninstall, a reboot may be attempted. If it fails, we will now still attempt the reinstall anyway.
  • Fixes a critical bug that could allow a person to be incorrectly associated with another tenant.

0.36.2

Released 2020-11-04

Bug Fixes

  • Fixed an issue where the Update Now and Postpone buttons were missing on the maintenance email when they were set to be shown by its schedule.

0.36.1

Released 2020-11-02

Bug Fixes

  • Run Maintenance button at the top of the Computer Details Page now suppresses reboots by default
  • Edit PSALink page no longer throws exception when CWManage API returns duplicate companies
  • Updated task type and task category label names on the task form
  • Fixed a null reference exception when calling Get-ImmyComputer passing in InventoryKeys

0.36.0

Released 2020-10-26

Features

  • New and improved Computer Details Page that shows much more details
  • Added Inventory Task feature
  • Added a System Status Page that shows script execution metrics for enabled RMM Providers
  • Added a System Update Page that allows an administrator to update to newer versions of ImmyBot when they are released
  • Implemented Downgrade logic for software

Enhancements

  • Optimized script execution when using the CW Control RMM Provider
  • Optimized background job scheduling
  • Re-designed the Computer List Page
  • Merged the Onboarding and Pending Computer Pages into one page called New Computers
  • Made the ImmyAgent more scalable
  • Added a loading animation when filtering the Computer List Page
  • When a session expires and the page is reloaded, you will now be redirected back to the page you were on

Bug fixes

  • Fixed CW Control extension to work on latest version of CW Control (2020.11)
  • Fixed session failing with Ninite fails to download
  • Fixed a CORS issue when new instances are registered with uppercase characters
  • Fixed an edge case when scripts erroneously indicate they have been modified when pressing cancel
  • Removed validation requirement for username in SMTP settings
  • Fixed Automate Computers with UTC+0 (UK) do not sync due an issue with using DateTime.Subtract(0)
  • Fixed an error occurring on Windows 7/PS 2.0
  • Fixed an edge case where a server got caught in an endless reboot
  • Removed the WiFi SSID minimum length for PPKGs
  • Fixed a bug where license files did not download before running the Test script
  • Fixed an issue where User Context Scripts were returning 'gt' is not recognized
  • Fixed a bug where maintenance tasks were performed out of order when there was a software dependency
  • Fixed a bug on the Deployment Page where selecting a domain controller was causing an error
  • Fixed a bug in metascripts where Get-ImmyComputer -TargetType TenantDomainControllers was failing
  • Fixed bug where the Users List showed a System user
  • Fixed a bug where bulk software detection failed on PS 2.0 and PS 3.0 when using [Guid]::new
  • Fixed a bug where the CW Automate Provider was not leveraging the 301 command
  • Fixed a bug where the ImmyAgent did not start on VMware VMs due to lack of BoardSerialNumber
  • Fixed some edge cases where sessions kept getting stuck in the Created status
  • Fixed a bug where the ImmyAgent was defaulting to 10 seconds for the script execution
  • Fixed a bug where the software selector on the license form was showing parameters for linked maintenance tasks
  • Fixed a bug where maintenance task fields Hidden and Default Values were not saving on Create
  • Fixed a bug in the package analyzer where it was throwing Key Not Found for Inno version 6 installers
  • Fixed a bug with Deployments using a desired state of Uninstall/NotPresent that was causing failures due to missing required parameters
  • Fixed a bug with maintenance task parameters not being provided to software install scripts
  • Fixed a bug where users could not open the Maintenance Session Details Page for computers they onboarded
  • Fixed a bug where deployments for maintenance tasks with password parameter types were unable to be deployed
  • Fixed a bug where the Current User user action trigger was not available for scripts created on the software version form
  • Fixed a bug where the RMM to PSA auto client mapping failed when the RMM returns non-unique external ids
  • Fixed a bug where non-msp users could not access software or deploy the ImmyAgent

0.35.16

Released 2020-10-23

This is the first release in the release cycle

- + \ No newline at end of file diff --git a/releases-2021.html b/releases-2021.html index bc4d62a3..7722a18a 100644 --- a/releases-2021.html +++ b/releases-2021.html @@ -35,7 +35,7 @@ $Parameters = $using:Parameters $Parameters.ComputerName }

Timezone Support for Schedules

image

image

My Customers (CSP Preconsent)

image

Software List Type Filter

image

Bug Fixes

0.38.4

Released 2021-01-15

Improvements

Bug Fixes

0.38.3

Released 2021-01-04

Improvements

Computer Software list loads instantly

image

Parameter Ordering

Bug Fixes

Releases in 2020

Go to 2020 releases

- + \ No newline at end of file diff --git a/releases-2022.html b/releases-2022.html index be04fcbc..6e2e7a6d 100644 --- a/releases-2022.html +++ b/releases-2022.html @@ -19,7 +19,7 @@
immy.bot

Appearance

Releases in 2022

0.54.7

Released 2023-01-04

Improvements

  • Improved error messages when the error is coming from an integration's API, such as the CW Automate API, CW Manage API, or CW Control ImmyBot extension API.
  • Added manufacturer to duplicate agent table
  • Added Device ID to the computer overview details

Bug Fixes

  • Fixed a potential issue where a computer architecture could not be found while trying to resolve a dynamic software version
  • Fixed a transient issue that was causing detection to fail when it could have continued
  • Fixed an issue where pending connectivity sessions would not be triggered for a computer that came online due to a manual resolution for a conflicting agent
  • Fixed an issue during identification where the device id of "00000000-0000-0000-0000-000000000000" was allowed as a valid GUID. It is not valid, and new devices with this GUID will be assigned a new one.

0.54.6

Released 2022-12-27

Improvements

  • Only MSP Admins have access to the Tenant Mappings tab now

Bug Fixes

  • Fixed an issue where schedules with an invalid cron expression were allowed to be saved
  • Existing invalid cron expressions will be converted to a valid cron expression when possible, using NCronTab validation functions.
  • Fixed an issue where system and user scripts could possibly timeout before an ephemeral agent was ever established
  • Fixed an issue with downloading the immy agent installer as an .iso file
  • Fixed an issue preventing computers from being deleted
  • Mitigated an issue with N-Central which eventually resulted in N-Central hangs and crashes
  • Fixed a transient issue related to starting Ephemeral Agents on some N-Central devices the first time

0.54.5

Released 2022-12-22

Bug Fixes

  • Fixed an issue with deleting actions that caused sessions to fail
  • Fixed an issue saving some database calls due to issues from the migration to flex database servers
  • Fixed an issue with saving scripts that incorrectly fail with a message that the name is not unique

0.54.4

Released 2022-12-19

Improvements

  • Added bulk cancel and bulk rerun buttons to the maintenance session list page Added Split-Path cmdlet as well as $ActionId, $SessionId and $SessionGroupId to the included variables
  • Improved Ephemeral Agent connection speed
  • Discontinued use of WMI CreateProcess which flags AV, specifically Windows Defender for Endpoint
  • Made modifications to the light color theme to improve readability

Bug Fixes

  • Fixed several issues with the NCentral integration. Should be more stable overall.
  • Fixed an issue where preview/deploy from the dashboard table header were not getting enqueued and would crash instances by running too many sessions as once.
  • Fixed an issue with saving local software versions where it would respond with an error about certain fields being required when they shouldn't be
  • Fixed an issue with the Stop-ImmySession cmdlet where it was not setting the session or stage status to Cancelled
  • Fixed issues with our BITS download where it could get potentially stuck trying to download when an ephemeral agent could not be established
  • Fixed an issue with computers getting set to needs onboarding incorrectly when an agent gets assigned to an existing computer that is not new
  • Centered the text in the "Session #xxx in progress" button
  • Fixed an issue with saving the SMTP form
  • Fixed an issue where session logs could repeat "Reboots have been suppressed during business hours" over and over

0.54.3

Released 2022-11-23

Improvements

  • Improved enqueueing of maintenance sessions based on priority. Adhoc > Onboarding > Scheduled maintenance
  • Removed service bus form options for CW Control as the service bus is now always used
  • Added a health check to the CW Control integration to report unhealthy when the extension is not up to date
  • Updated the connected indicator on the computer details page to have a yellow lightning bolt when the ephemeral agent is connected
  • Scripts are now allowed to run for computers that have an ephemeral agent connected even if the agents all report disconnected
  • Updated the batch actions on the tenant list page to include tenant preferences. e.g. You can now update tenant business hours in bulk
  • Clicking "Attempt Identification Again" or "Rety x failed agents" on the identification tab now immediately triggers identification where before it would take up to 60 seconds

Bug Fixes

  • Made computer feature usage calculator no longer count computers that have zero agents
  • Fixed a race condition in the Ephemeral Agent that would cause scripts to hang and sessions to timeout

0.54.2

Released 2022-11-17

Improvements

  • Improved our identification de-dupe logic to automatically associate re-installed agents to the correct computers
  • Added more identification logs for some edge case scenarios to help with debugging
  • Added onboarding text to dashboard underneath onboarding computers
  • Slightly improved performance of preview/deploy functionality on the dashboard page
  • Increased the width of the tag selector in the ImmyBot Installer form and on the computer details page

Bug Fixes

  • Fixed some issues where newly identified agents would always skip onboarding
  • Fixed an issue where non-msp admins could not view tag deployments limited to their tenant
  • Added missing times to the time dropdown for scheduling adhoc deployments
  • Fixed descriptions on the maintenance task get/set/test script dropdowns
  • Fixed some mobile styling issues with the navigation bar and on computer list page

0.54.1

Released 2022-11-14

Bug Fixes

  • Fixed an issue with CW Control syncs causing CW Control agents to re-sync into ImmyBot unnecessarily

0.54.0

Released 2022-11-11

CW Control Updates

We added support for the breaking changes introduced in CW Control 22.9. We addressed stability issues with Control crashing due to the ImmyBot extension. On the Control integration form, make sure you check off the new options for using the Service Bus for better performance.

Pending Identification Updates

Agent identification now has logging to help you find root causes for why some agents fail to have scripts run against them. View them in Computers -> Pending Identification -> Show Identification Logs

You can also see the identification logs for successfully identified agents under the Computer -> Agents tab.

We now utilize the serial numbers for devices that come from trusted manufacturers (currently Lenovo, Dell, and HP). If a computer already exists in ImmyBot for a trusted manufacturer, any additional agents with that computer's serial number will skip identification and automatically be associated.

Improvements

  • Fixed issue where Intellisense would throw null reference exception when completing variables
  • Updated CW Control integration to support CW Control 22.9 (extension version 0.3.0)
  • Added immy subscription information to billing details page
  • Made subscription portal show within immy frontend instead of a link to chargebee
  • Updated the default combined maintenance task script to leverage the latest function scripts in Immy. The new script is Get-WindowsRegistryValue -Path "HKLM:\Software\Wow6432Node\MySoftwareVendor\MySoftware" -Name EnableFeature | Registry-ShouldBe -Value 1
  • License files are now downloaded before running a configuration task's test script during detection in case the script relies on the presence of the license file
  • Added a new tenant preference "Exclude from Cross-Tenant Deployments and Schedules". When a tenant is excluded, all cross-tenant deployments and schedules targeting the tenant or its computers will not be applied when full maintenance is ran. This is particularly useful for Co-Managed IT situations that don't don't want your cross-tenant schedules or deployments.
  • Improved startup time of instances in situations where there was a large number of recently added agents
  • Added "Change Tenant" in batch actions for the computers table

0.53.12

Released 2022-11-09

Bug Fixes

  • Removed the ImmyBot Agent from the Tenant -> Mappings table
  • Reduced metric reporter frequency to 30 minutes

0.53.11

Released 2022-10-20

Bug Fixes

  • Fixed a null reference exception that was occurring when sending the maintenance session follow-up email
  • Fixed a potential exception that could occur in the N-Central API
  • Fixed an exception that occurred when trying to retrieve the online agents for a computer
  • Fixed an uncommon issue where some dynamic version scripts were throwing a null reference exception
  • Fixed an uncommon exception with ImmyBot Agent connection events that caused the event to not get saved
  • Fixed an issue with syncing devices from CW Automate where it would potentially take a few minutes and block other requests
  • Fixed an issue where some CW Control and N-Central agents were not automatically onboarding when they should
  • Fixed issue where Get-ImmyComputer -InventoryKeys metascript was not auto populating the available keys
  • Fixed an issue with incorrect breadcrumbs sometimes showing on the computer list page
  • Added a missing debug log that indicates when an ImmyBot agent fails to provide inventory data
  • Fixed a bug where we were dropping both dedupe markers over the same agent instead of different agents
  • Fixed an issue with maintenance sessions reporting failed after re-running an action successfully
  • Fixed an issue where loading the deployments list would throw a ArgumentNullException
  • Fixed an issue with some Chocolatey and Ninite logs not showing up under a maintenance action's phases

0.53.10

Released 2022-10-05

Bug Fixes

  • Fixed an issue with displaying large software icon sizes on the Library -> Ordering page

0.53.9

Released 2022-10-05

Improvements

  • SVGs now render correctly when uploaded as software icons
  • Increased some low timeout values on the ephemeral agent that were causing devices with slow network connections to fail
  • Changed the Pending Identification tab to default sort descending by Date Added since the most recent machines are the ones we are usually looking for.

Bug Fixes

  • Fixed an issue with the ImmyBot Agent connected/disconnected events not propagating for pc reboots and pending connectivity sessions
  • Reduced likelyhood of Output CircularBuffer has already over-run requested index error in scripts
  • Ephemeral Agent reconnection is now prevented upon receiving a 500 status code. This was previously causing agents to stay running indefinitely.
  • Fixed an issue on the system update page where the new releases dropdown was not stretching the width like the current release dropdown

0.53.8

Released 2022-9-22

Improvements

  • The "Suppress Reboots During Business Hours" flag no longer relies on offline behavior. If you are suppressing reboots during business hours and you run a session during business hours, then Immy will suppress reboots. Business hours are now checked on every script execution, and the RebootPreference variable passed to scripts will also be updated to Suppress if it was not already set. We did this so that scripts that handle reboots can safely rely on this variable.
  • The customer list on the Azure page no longer shows the MSP tenant as a selectable option in the Linked Tenant dropdown since the MSP tenant is mapped by default
  • Refactored how we handle ImmyBot agent connected and disconnected events. Instances that heavily utilize the ImmyBot agent will have significantly improved performance.
  • The Enable Automatic Onboarding field on the PPKG form is now disabled and shows an alert if the onboarding preference is globally disabled or disabled for the selected tenant.

Bug Fixes

  • Fixed an issue with loading the AzureAD module for metascripts. This issue was causing all scripts that relied on AzureAD commands to fail.
  • Fixed an issue where syncing the connected state of large numbers of ImmyBot agents would prevent other system jobs from being performed
  • Fixed an issue where configuration tasks for already compliant software were executing at the very end of a maintenance session instead of in the expected order
  • Fixed an issue where the default upgrade strategy was set to none instead of install over
  • Fixed a permission issue where non-admins could not refresh the connectivity status of a computer
  • Fixed an issue with downloading the ImmyAgent installer as an .iso file where the extension was incorrectly set to .ppkg
  • Fixed an issue where software set to perform an update would incorrectly report compliant when the software did not specify an upgrade strategy and the upgrade was never performed. The action will now fail and report "Upgrade failed: No Upgrade Strategy specified on the software."
  • Fixed an issue with maintenance action execution ordering. If the currently executing action has dependencies, it will now immediately execute the dependencies instead of waiting until the end of the session.
  • Fixed an issue with selecting a license on the deployment details page where the selected license was not shown upon refreshing

0.53.7

Released 2022-09-14

Improvements

  • Increased the timeout of the Ephemeral Agent's Ping RPC method from 1 second to 5 seconds. 1 second was too short and was unnecessarily causing scripts to fail on machines with high network latency.
  • Added a warning message whenever the Ephemeral Agent's Ping RPC method takes over 1 second to respond to help identify machines with high network latency

Bug Fixes

  • Fixed an issue with schedules where updating a schedule from a single tenant to cross tenant would delete the schedule. This was happening due to a bug in a database constraint between schedules and tenants.
  • Fixed an issue where the connectivity status button on the computer details page was not actually refreshing the agent's connectivity status
  • Fixed an issue where repairing a software would trigger full maintenance

0.53.6

Released 2022-09-12

Improvements

  • Added Set-ImmyDeviceId cmdlet to be used during Inventory to keep the UUID of the machine up to date and prevent new computers from getting created when the UUID of the machine has changed due to a feature update.

Bug Fixes

  • Fixed an issue where the "Determine Desired Version" phase was running before the "Detect Installed Version" phase. "Detect Installed Version" needs to run first so we can pass the detected version to scripts that may rely on it when determining the desired version.
  • Fixed an issue where dynamic versions were not properly installing dependent versions

0.53.5

Released 2022-09-09

Bug Fixes

  • Fixed an issue from 0.53.4 where some code changes were unintentionally included in the release which caused downloading the PPKG to fail

0.53.4

Released 2022-09-08

Improvements

  • For maintenance task test scripts, we made Immy tolerant of non-Boolean values by displaying a warning when non-Booleans are found on the pipeline along with helper text for preventing output pollution.
  • Updated the ImmyBot Agent to support installing beta versions

Bug Fixes

  • Fixed a scripting error that caused Immy to indicate there was no output when there was definitely output

0.53.3

Released 2022-08-30

Software Test Script Changes

We now execute the software test script during the detection stage for software that have updates available.

Before, if a software needed to be upgraded, we would not run the software's test script in detection. We would perform the upgrade and then run the test script afterwards. However, if the test failed, the action would fail without any remediation.

Now, if a software needs to be upgraded, and it has a test script, the test script will run in detection. If the test script fails, then the repair strategy will be performed instead of the upgrade strategy. The test script will still be run after the upgrade as it did before.

General Improvements

  • Updated the error text for schedule cron expressions to indicate that a schedule can run at most once per day.
  • The ImmyBot Agent service sometimes throws an exception about a missing file CliWrap.dll, which causes the agent to bork. When we encounter this exception, we now auto restart the service to resolve the issue.
  • Improved the session log message "Detection stage failed: Software Action Id is not specified on the provided configuration task action" to include more information to help diagnose the issue. It is usually because the deployment contains out-of-date data and needs to be updated.
  • Improved the performance of loading the main computer list when sorting by computer name
  • Test methods containing multiple outputs now return the result of ANDing those outputs together to compute the overall result.
  • Updated Quick Deploy to allow you to choose a desired state. e.g. "Install, Uninstall, Update If Found, Ignore" or "Enforce, Monitor, Audit"
  • Added detection of stuck/non-responsive jobs such as the agent identification job, which can initiate a self-restart of backend.
  • Added reboot preference dropdown to quick deploy and override forms
  • Moved several action columns on tables to the left side for consistency and best compatibility with mobile views.
  • Added an option to schedules and adhoc-deplyoments to send detection emails even when all actions are compliant. This is to allow users whose computers are already up to date to still receive a maintenance email.
  • Updated the script list page and session log component to use the Monaco script editor
  • Added the CW Automate icon to the main computer list. Clicking the icon opens up the computer in CW Automate.
  • Added "Date Added" to the computer list and made it sortable
  • Added a simple "new" tag on the computer list for computers that have been added to ImmyBot within the last 24 hours
  • Added an 'X' button to easily remove linked tenants from integrations

Bug Fixes

  • After a task is created, the Runs Against property is now disabled. Changing this value after it is created can cause issues for deployments that are referencing it.
  • Fixed an issue with Ephemeral Agent resilient script output logic that would fail to re-connect if the script had never had any output prior to connection loss. (Ex. SonicWall VPN installer script)
  • Added missing triggered by text on the session details page when the session was triggered by a schedule or automatic onboarding
  • Fixed a width issue on some dropdown buttons
  • Fixed an issue with the integration client list re-sorting after you link/unlink a tenant

0.53.2

Released 2022-08-19

Bug Fixes

  • Fixed an error that showed on the schedules list when a schedule existed that did not specify a time zone
  • Fixed issue introduced in 0.53.1 where the current immy version stopped displaying in the sidebar
  • Fixed issue introduced in 0.53.1 where the maintenance item ordering page broke
  • Fixed issue introduced in 0.53.1 where showing/adding parameters on the maintenance task page broke
  • Fixed an issue where monitor results were only showing the last line of output instead of all output
  • Fixed an issue where monitor results were overflowing into other components
  • Fixed an issue where re-running actions while showing action details would not displaying logs as they came in
  • Fixed an issue introduced for instances that signed up after the release of 0.53.0 where identification would fail due to some missing database configurations

0.53.1 (un-published)

Released 2022-08-18

Improvements

  • Added a Trigger Now button to the Azure User Sync preference on the preferences page
  • Added a description to the PPKG reset windows checkbox - "Will perform a reset of windows with the remove user data option"

Bug Fixes

  • Fixed an issue with agent identification where users were seeing the following error - Failed attempt to differentiate existing agent and pending agent: 42883: procedure sp_create_computer_from_agent(integer, uuid, boolean, text, text, text, unknown, boolean) does not exist POSITION: 6
  • Updated the alert of the person list page to match the available actions
  • Fixed an issue where the software configuration task edit link was missing
  • Fixed an issue where the branding logo alt text was still hardcoded to "Immense Networks" instead of the value provided by the branding
  • Fixed an issue with cancelling a detection only session from the computer details page -> software tab.

0.53.0

Released 2022-08-16

UI Improvements

Dark Mode

image

Deploy Software from Dashboard

image

Session Details

imageimage

Moved commonly used Main Menu items to the top, moved less commonly used items under sub-menus

image

Integrations - New look and feel

image

Integrations - Embedded Documentation

image

Script Editor

Moved Script items into the left pane

image

New Integration - HaloPSA

Deploy software/tasks to customers with specified recurring invoice items

New Parameter Type - KeyValuePair

image

image

Improvements

  • ImmyAgent now detects 'dirty' shutdown events of the ImmyAgent with a shutdown.dirty file.
  • Added a description to /schedules "Show Postpone Button" checkbox
  • Improved the integration details page by embedding the integration's documentation
  • Added a button that triggers an immediate Azure AD Sync and a note about automatic Azure AD Sync
  • Started improving the dashboard page. Added the ability to trigger actions for items in the dashboard
  • Added cmdlets Expand-String and New-LiteralString cmdlets to help deal with strings that should or should not be expanded before being sent to a remote machine.
  • Upgraded Intellisense Engine and Monaco Editor to latest versions
  • Moved live chat button to the header navbar so it doesn't potentially block buttons on the page
  • Added 8 new Ephemeral Agent Timeline events
  • Added "Script Bytes Received" metric to system status page
  • Fixed an issue with quick assign not setting the correct desired state when running the detection only session
  • Made minor improvements to the getting started wizard
  • Moved script details into script editor sidebar for convenience

Bug Fixes

  • ImmyAgent now sends 'online' events when we reconnect to IoTHub from an ungraceful network loss to prevent session hangs after the computer restarts
  • Fixed an issue with the Automate integration where we were unable to retrieve more than 50 Windows patches
  • ImmyAgent now handles exceptions returned from an instance during registration, and will continually retry instead of shutting down.
  • Fixed a typo in the SMTP port placeholder text
  • Fixed an issue with quick assign not setting the correct desired state when running the detection only session
  • Fixed an issue with checking online/offline status of agents during a session
  • Fixed an issue where a deployment referenced a specific version even when the desired state did not require one. This was causing actions to fail
  • Fixed an issue with displaying the account dropdown on mobile
  • Fixed incorrect tooltip on install Immy agent icon in the computer list
  • Fixed an issue with the Automate integration where we were unable to retrieve more than 50 Windows patches.
  • Fixed issue where piping to Format-Table would result in an error or no output
  • Remove disabling of Cortana from PPKG builder output, as it is no-longer supported & may break newer OOBE installs.
  • Fixed issue with version restriction selector on License Edit page
  • Fixed issue with licenses deleting when saving a license with no tenant selected
  • Fixed issue displaying Customers on Azure Sync page
  • Fixed an issue with runnable script editor not including the user's tenantId in readonly cloud script editors
  • Fixed agent bug that prevents 'online' event on IoTHub reconnection
  • Fixed agent bug that would cause the agent to not retry transient registration failures
  • Only show Postpone and Update if "start immediately" not checked

0.52.7

Released 2022-07-11

Improvements

  • The script list page now persists your filters after refreshing or leaving the page.
  • Fixed width issues in the maintenance item column on the deployment list page
  • Reduced required permissions for N-Central integration. See the new N-Central integration docs for details
  • Added a new PowerShell cmdlet Stop-ImmySession that will cancel the maintenance session it is currently running in

Bug Fixes

  • Fixed some potential issues around agent connected/disconnected events
  • Fixed potential N-Central exception with re-sending messages
  • Fixed potential issue with 'missing' devices from N-Central due to possible filter contamination in N-Central

0.52.6

Released 2022-06-27

Improvements

  • Set the default install script for new software to the "Manual Install Script" and the upgrade strategy to "Install Over" whenever we don't have another specific install script to provide
  • Set the default software installer type to "Installer File"
  • Updated the example New-DynamicVersion script
  • We now show a confirmation modal when choosing the "Wiped" option for resolving an agent identification conflict.
  • You can now see Cloud Sessions from the main Sessions list!
  • Added warnings when the ephemeral agent is failing to establish a connection to help users identify causes for failing script execution
  • Fixed an issue with the detection stage stuck running when it fails to execute scripts in the beginning of the stage
  • Improved timeline connected/disconnected events. There were edge cases that would show multiple connects/disconnects back to back.
  • Removed timeline computer online/offline events to avoid confusion. These events were never actually based on a computer coming online or going offline. We simply emitted "online" when an agent connected and happened to be the only online agent. Similarly for "offline" events, we only emitted the event when an agent disconnected and all agents were offline. ImmyBot does not actively check whether a machine is online or offline. It only checks whether it has any connected agents to use. This concept will be further improved upon to help resolve issues with agents incorrectly reporting connected/disconnected.
  • Removed link to software/task on deployment list since people are clicking it thinking it is the edit deployment link
  • Moved the software/task selector back above the target selector on the deployment edit page
  • Removed the media nav item since it's not actually useful

Bug Fixes

  • Moved "Update If Found" from underneath "Installed" to the same level as "Installed" for clarity. A software can be "installed, uninstalled, ignored, or updated if found"
  • Fixed an issue with cloud task previews failing with "device offline"
  • Fixed an issue where the ImmyBot agent update action would not run when the agent was offline
  • Fixed an issue with the agent updates stage, onboarding stage, and resolution stage not honoring pending connectivity
  • Fixed an issue where the resume and cancel session buttons were incorrectly showing for postponed sessions
  • Fixed an issue with CW Control and CW Automate health error messages excluding important details that can help diagnose the problem
  • Fixed an issue where we were not checking if a configuration task is actually marked as a configuration task. This resulted in tasks getting run when they should not have.

0.52.5

Released 2022-06-13

N-Central Beta Updates

  • Fixed an issue with exceptions that may occur inside the N-Central device-sync job causing memory to bloat
  • You can now get registration tokens from the NCentral integration via new PSCmdlet Get-NCentralRegistrationToken

image

Other Improvements

  • Under "Preferences", the description of the User Affinity Sync feature says it will run every 4 hours; this is incorrect. Verbiage was changed to indicate it will run every 24 hours.
  • On the integration details page, a confirmation modal has been added when clicking the "Bulk create tenants..." button to prepare users that this will cause code execution for linked clients.
  • Added more improvements to online/offline agent handling during maintenance sessions
  • Updated the online/offline event receiver for CW Control to return immediately in an effort to close requests faster

0.52.4

Released 2022-05-31

Improvements

  • Removed unnecessary checkboxes from the Computers table on the "Edit Schedule" page
  • Immy live chat now supports screenshare! Immy support can now request access to view your screen to help resolve issues faster.

Bug Fixes

  • Fixed an issue with the maintenance email actions requiring authentication

0.52.3

Released 2022-05-27

Improvements

  • ImmyAgents no longer need to see a valid board serial number in order to complete registration or rekey. Instead, ImmyAgent may fall back on and rely on an 'ImmyHWID' (Immy hardware id), when a board serial is not available. ImmyHWIDs are derived from CPU, BIOS, MOBO, GPU, and TPM information where available.
  • Updated maintenance sessions to listen on agent connected/disconnected events instead of computer online/offline events which have faster responses and higher success rates
  • When a new agent comes into ImmyBot, we now kick off the identification job immediately if it isn't already running in an effort to speed up identification
  • Added session logs for dependencies indicating what they are for. e.g. Software A depends on Software B → If not installed then install.
  • The actions in the maintenance email (Reboot Now, Update Now, and Postpone), now link to a form on the ImmyBot instance instead of linking directly to the backend api. The reason for this is because some spam filters will automatically follow links in an email, which has accidentally caused computer reboots. Moving the link to a form allows spam filters to no longer be able to trigger the action automatically.

Bug Fixes

  • Fixed an issue causing the computer details page to sometimes not load
  • Fixed an issue with the ImmyAgent rekey request not being received
  • Fixed an issue where Get-ImmyComputer was incorrectly reporting offline
  • Fixed an issue where configuration file parameters were not being downloaded when the configuration task did not have any enabled scripts
  • Fixed an issue with displaying the dependency badges on maintenance actions
  • Fixed an issue with the schedule's day of week selector cutting off the last characters of "Wednesday"
  • Fixed an issue with the CompareTo-ImmyBotVersion metascript
  • Fixed an issue with some maintenance action start times showing "2021 years ago" instead of "Unavailable" when the action never started
  • Bump Azure IoTHub packages to resolve some connection issues with the ImmyAgent

0.52.2

Released 2022-05-25

Ephemeral Agent and Identification Improvements

  • ALL scripts now run through the ephemeral agent, even during identification and computer de-dupe logic 🎉
  • Additional exception information is now visible in Identification Failed tab, and in session output. This furthers insight for users to understand and fix potential reasons why the providers may have failed to run our agent. image
  • Fixed an issue where the date was not being set correctly when adding a AgentIdentificationFailure log, leading the user to think this issue happened at the beginning of time!

Other Improvements

  • Added computer batch actions button on the tenants -> tenant details -> computers tab
  • You can no longer create a schedule that executes within one hour of detection. This is a safety measure to help prevent reboots during business hours
  • Added a checked to the schedules page for "Execute maintenance immediately after detection" to make it easier for those that do actually want to run execution after detection. When checked, you cannot set the execution time.
  • The schedule list "Next Run" column now sorts correctly and also shows the browser's local "Next Run" time
  • Added clarity to session logs when we are checking if an agent is online
  • Quick deploy actions now use Offline Behavior: Apply on Connect
  • Auto onboarding sessions now use Offline Behavior: Apply on Connect
  • Computer list batch actions - Run Maintenance now uses Offline Behavior: Apply on Connect
  • On the schedule details page, renamed "Target Category" to "Runs Against", and changed the options to "Computers" or "Cloud"

Bug Fixes

  • Fixed an issue with the primary user not being found when sending emails after an onboarding session
  • Fixed an issue with checking off "Send follow-up email" on the onboarding form where it would not actually send the email
  • Fixed an issue with unhealthy integration messages not showing the real error message
  • Fixed an issue with unhealthy integration agents showing on the computer onboarding form
  • Added missing script parameter $LicenseFilePath to detection scripts and configuration tasks
  • Removed maintenance tasks from accidentally showing in the software prerequisite dropdown
  • Updated the computer batch actions sidebar to have better clarity
  • Fixed an issue with loading the deployment list when a deployment existed for a computer or person that no longer existed
  • Fixed an issue where Get-ImmyAzureAuthHeader -UseMspTenant was failing if the Tenant didn't have an Azure mapping
  • Fixed an issue where Get-ImmyAzureAuthHeader -UseMspTenant was returning an access token for the Tenant instead of the MSP
  • Fixed an issue where some failed sessions were getting marked as pending connectivity
  • Fixed some more issues around offline/online agent detection during sessions
  • Implemented a HTTP Concurrency limit for requests to N-Central to prevent issues with too many requests hitting their backend
  • Fixed an issue with not being able to skip onboarding
  • Fixed an issue with the "Retry X failed computers" where it was re-attempting to identify all failed computers
  • Fixed an issue with "Analyze Installer" not returning any data
  • Fixed an issue with script output in session logs not being truncated to the last 5 lines
  • Fixed an issue with the Immy Agent installation request not reporting whether the integration is disabled or unhealthy

0.52.1

Released 2022-05-18

Bug Fixes

  • Fixed an issue where tag deployments were not resolving during full maintenance
  • Fixed an issue where cloud deployments were not resolving during full maintenance

0.52.0

Released 2022-05-18

Tags

You can now add tags to computers, and deploy software to tags! Manage tags under the settings link on the sidebar. Tags help in scenarios where workstations are shared by a variety of users and there is otherwise not a common property to target with a filter script.

Tags can be added to computers as a batch action on the computer list page.

image

Tags can also be added to a computer on the details page.

image

Tags can be deployed as a cross-tenant target scope.

image

Tags can also be deployed as a single-tenant target scope.

image

Tags can be added to an ImmyBot installer to automatically set tags for new computers

image

Exclude Computer From Maintenance

You can now specify that a computer be excluded from maintenance. Excluded computers will not be allowed to run any type of maintenance session.

Settings -> Preferences -> Company Preferences -> Computers Excluded From Maintenance

or

Tenants -> Select a tenant -> Preferences tab -> Computers Excluded From Maintenance

image

Immy Chat Integration

Added in 0.51.5

We added LiveChat to Immy to make it easier for you to get support

Session Script Execution Improvements

Before executing a script on a device, we now check if it is online. If it is not online, we verify whether any of its agents are incorrectly reporting online and refresh the status appropriately. If it is still not online, we will wait up to 30 minutes for it come back online. If it is still not online, then we will mark the session as Pending Connectivity (only for Apply On Connect) or cancel the session due to the computer being offline.

Other Improvements

  • On Immy startup, we now sync the online/offline state of all ImmyBot agents
  • Added an hourly job to pull the latest online/offline state of all ImmyBot agents
  • Updated parts of the frontend codebase with typescript to prevent accidental bugs
  • Improved performance of loading certain pages that relied on fetching clients from a provider
  • On the deployment details page, deploying to over 10 computers will now prompt to confirm this is the action you want to take
  • Active Ephemeral Agents will now prevent Windows from going to sleep to keep sessions from halting
  • A new preference has been added to aid in development of Ephemeral agent, as-well as diagnosing of bugs
  • Added Offline Behavior selector to the computer onboarding form and set the default option to "Apply On Connect"
  • The Run Maintenance button on the computer details page now defaults Offline Behavior to "Apply On Connect"
  • The Run Maintenance button on the computer details and list pages now provide a dropdown for the reboot preference
  • The Run Maintenance button on the computer details and list pages now have a confirmation modal
  • Azure groups now include devices as long as you grant ImmyBot the Device.Read.All permission
  • Azure groups now include all sub groups
  • Improved the action logs and result message for failed dependencies
  • Added a Preferences tab to the Tenant details page
  • Updated PowerShell Editor Services from 3.1.5 to 3.3.5

Bug Fixes

  • Fixed an issue in the ephemeral agent that prevented the agent from exiting when finished running PowerShell
  • Fixed an issue with uninstall strings in the registry not containing quotes around paths with spaces
  • Fixed an issue where devices with unknown operating systems (non windows) were coming into Immy
  • Fixed an issue where dependencies for software set to update if found would run even if the software was not found
  • Fixed an issue where command line uninstall scripts with spaces in the path were not being wrapped in quotes
  • Fixed an issue where the access request button was not visible when access requests were disabled
  • Fixed an issue where failed dependencies were being removed instead of failed
  • Fixed an issue with the branding preview and test email not showing the mascot name

0.51.5

Released 2022-05-06

Chat with ImmyBot

  • Added a live chat button to ImmyBot as another option for support requests

Bug Fixes

  • COMMAND LINE WORKS AGAIN! Fixed an issue where Command Line (non-PowerShell) scripts would not run correctly, resulting in software uninstalls not working as expected
  • Fixed an issue where maintenance actions with a prerequisite dependency would not execute after the dependency finished successfully
  • Fixed an issue where Immy support would be unable to regain access after expiration
  • Fixed an issue with the "Show Details" link on the computer software tab not opening
  • Increased the timeout for the ImmyBot Agent to connect from 20 seconds to 60 seconds since setting up the ephemeral agent on some machines may take longer
  • Fixed an issue with configuration tasks not displaying underneath the software action
  • Fixed an issue with configuration tasks not running when using quick deploy

0.51.4

Released 2022-04-27

Deployment List Improvements

  • Removed the button "Show Recommended Deployments"
  • Recommended deployments and the ability to "Approve/Dismiss" them now show up in the list
  • Updated the group by filter and added two new filters.

image

Session Log Improvements

  • Made several logs more concise
  • Added action name and stage name to the top level logs
    • image
  • Checking the box to the left of actions do a better job of filtering to the relevant logs for that action
    • image

Bug Fixes

  • Fixed a performance issue with a timeline events database query
  • Fixed an issue that was causing the Ephemeral Agent to not extract on machines running Windows PowerShell 4 or below
  • Fixed issue where ImmyBot would not verify dependencies for software that is already compliant

0.51.3

Released 2022-04-21

Bug fixes

  • Fixed an issue with upgrading to 0.51.3 where the instance would fail to start if you had a branding that did not specify a from address (which is now required)

0.51.2

Released 2022-04-21

Branding Updates

  • Added color picker for Text Color and Table Header Text Color
  • Branding Logo and Mascot images are now optional
  • Added live branding preview

image

Other Improvements

  • Added more details such as the reboot preference to the session details page. Also added a snazzier stage indicator.
    • image
  • Changed access request default options to Three Days and Admin
  • Maintenance Tasks now have the "Ignore" option just like software and will take precedence over other deployments for the same task and target group.
  • Added desired software state "Any" as an available option for software that use dynamic versions
  • Maintenance emails no longer show software actions that have a desired state of "Update If Found" and no detected version.

Bug Fixes

  • Fixed an issue with saving a tenant's default time zone
  • Fixed an issue with the software/task selector not correctly selecting tasks on the schedule and dashboard page
  • Fixed an issue with chocolatey items not showing in the software/task selector
  • Removed ability to use metascripts to define schedule targets (since metascripts do not resolve to list of computers)
  • Fixed an issue with configuration task file parameters not getting downloaded before the software's action runs
  • Fixed an issue where the Cloud Script execution context was not selected by default when creating a new dynamic version script from a software
  • Handled some common application initialization failures more gracefully
  • Fixed an issue with metascripts being able to override certain variables that were automatically provided.

0.51.1

Released 2022-04-12

Integration Health

Integrations can now have a health status of Healthy, Degraded, Unhealthly, or Disabled.

  • Healthy: All is well
  • Degraded: Started experiencing issues in the last few minutes
  • Unhealthy: Consistently experiencing issues (integration is no longer usable)
  • Disabled: Integration has been explicitly turned off by a user

Unhealthy integrations will return to healthy automatically when transient issues subside.

An alert with the latest message is shown on the integration details page.

image

A badge has been added to the integration list and on the computer details -> agents tab.

image

image

The "Download ImmyBot Agent Installer" dropdown will now be disabled if the integration is unhealthy or disabled.

image

Other Improvements

  • Schedules can no longer be created with cron expressions using a * , - or / in the minute or hour position to help prevent to frequent scheduling.
  • Important: Schedules that are currently using a * , - or / in the minute or hour position will be automatically disabled in this version.
  • Software items in emails show "Up to Date" after successfully updating instead of "Update Available" which causes confusion whether the software has actually updated
  • Quick Assign and Assign actions are no longer disabled when the computer is already running a maintenance session
  • Added OS version after the OS name in the computer details overview info
  • MSP non-admins can now see the recommended deployments on the list page to know that they exist
  • Added detected version to items in the software tab
  • Removed the integration priority table and details since they are no longer applicable
  • When a maintenance session is manually resumed, the name of the user that resumed it now shows up in the logs. Or if it was resumed from an email, then it will indicate that a user clicked the "Update Now" button in the email.
  • Added field for maintenance task notes.

Bug Fixes

  • Fixed an issue where the dynamic version response was incorrectly cached when the script was shared for multiple software and required different output for each software
  • Fixed an issue where the software detection radio options were disabled and unable to be changed
  • Fixed an issue where the "Skip x onboarding computers" button would disable even if you had computers selected
  • Undid the change that disabled the onboarding tab since it was a bad decision
  • Fixed an issue with slug not saving when creating a tenant

0.51.0

Released 2022-04-08

Onboarding Form: Maintenance Task Parameter Override

  • New checkbox added to maintenance task parameters on the deployment details page: 'Allow override from computer onboarding'

    image

  • The checked parameters will show on the computer onboarding form, allowing the user to override the value just for the onboarding session

    image

Other Improvements

  • Implemented a Get-Hash cmdlet in the Metascript engine useful for interacting with APIs like NinjaRMM and Mimecast that require HMACSHA1 signatures

  • We moved the Target Selector above the Software / Task Selector on the deployment page since it felt more natural to answer "Who am I creating a deployment for?" before answering "What am I creating a deployment for?"

  • Software Display Name Regex detection now supports capture groups to pull the version

    image

  • Added Azure ID column to the User List page

  • Improved handling of integration API routes

  • Added a "Do not remember" option when overriding an "Update If Found" deployment, and added more options for overriding certain desired states.

    image

  • Added Tenant Slug. $TenantSlug is now exposed for all scripts executed against a computer. You can also conveniently edit the tenant slug directly in the Tenant List.

    image

  • Hid the maintenance item selector behind a checkbox on the schedule details page since it was causing some confusion

    image

Bug Fixes

  • Fixed an issue where dynamic versions that throw a terminating exception were not displaying the exception message under the maintenance action
  • Fixed an issue with the "New Version" notice not showing up
  • Fixed an issue preventing the Getting Started Wizard modal from showing
  • Fixed an issue with configuration tasks running before the software was deemed compliant
  • Fixed an issue with non-msp users not being able to create configuration tasks from the software details page
  • Fixed various issues with deploying Ninite software
  • Fixed issue with software repair not re-installing software
  • [Global Software Only] Fixed an issue with saving a custom download installer script to a global software
  • Removed double base64 encoding that triggered alerts in BitDefender and Arctic Wolf
  • Fixed the script documentation link
  • Fixed issues with Invoke-ImmyCommand forcing terminating errors instead of honoring the error action preference set by the script
  • Fixed an issue with configuration task parameters not being provided to the test script when run during detection
  • Fixed an issue with loading deployments when you have multiple of the same provider type enabled
  • Fixed issues with loading CW Control, Automate, and Manage target groups on the deployment details page
  • Fixed some exceptions that were occurring when sending emails
  • Removed duplicate "Should not be present" text showing in the maintenance actions list

0.50.13

Released 2022-04-1

Capture Version from DisplayName with Regex

For software that puts its version in the DisplayName instead of the DisplayVersion field like this:

image

You can now use a capture group to capture the version from the DisplayName

Example

HexCmp 2.34.1 can be captured with

regex
HexCmp (\d+\.\d+)

Script Editor Improvements

Within filter scripts, Get-ImmyComputer -InventoryKeys now shows valid InventoryKeys

image

0.50.12

Released 2022-03-29

Improvements

  • Made the software override options more similar to the quick deploy options
  • The ImmyBot Agent no longer writes and executes scripts from C:\Windows\Temp\ImmyBot.
  • You can now add a Tenant Slug under the "Edit" tab on the Tenant Details page. This value is exposed as the variable $TenantSlug for scripts that run against this tenant's computers.

Bug Fixes

  • Fixed an issue preventing the 'Getting Started Wizard' from showing
  • Fixed an issue with non-MSP users not being able to create configuration tasks from the software details page
  • Fixed an issue with the 'New Version' notice not showing up
  • Fixed an issue with configuration tasks running before the software was deemed compliant
  • Fixed an issue where dynamic versions that threw a terminating exception were not displaying the exception message under the maintenance action

0.50.11

Released 2022-03-21

Improvements

  • Added ability to choose "install" when overriding "update if found" deployments on the quick deploy form

Bug Fixes

  • Fixed an issue where deployments with the same target type were resolving "update if found" as a higher priority than "latest version"
  • Fixed an issue where scripts run in Control were visible in the Commands tab
  • Fixed an issue where registry manipulation scripts would fail with ProviderNotFound: Microsoft.PowerShell.Core\Registry

0.50.10

Released 2022-03-14

Intellisense Improvements

Intellisense no longer restarts when syntax error is detected.

Quickfix Actions work

image

image

No more duplicate definition on hover

image

Bug Fixes

  • Fixed an issue with downloading ImmyBot Agent EXEs which would intermittently fail
  • Fixed an issue where an unreachable integration could cause ImmyBot background jobs to not start up correctly
  • Fixed a null reference that could occur when re-running a maintenance action
  • Refactored some ephemeral agent PowerShell code for easier testing

0.50.9

Released 2022-03-08

Bug Fixes

  • Fixed a bug that was causing new instances of Immybot to crash when starting up

0.50.8

Released 2022-03-04

Onboarding Deployments

The Onboarding target type has been moved to a separate checkbox so that you can limit deployments to onboarding only AND use the target type filters.

ImmyAgent Improvements

Updated internal infrastructure to utilize our new extended verification code-signing certificate.

We currently sign:

  1. ImmyAgent executable & MSI/EXE/PPKG Installers
  2. Ephemeral Agent executable
  3. Static PoSH run on computers

In addition to being more secure, this ensures our software is no-longer flagged by SmartScreen.

IMPORTANT NOTE

Customers utilizing software such as ThreatLocker MUST ensure our new certificate is whitelisted, as our new EV cert required "LLC" to be present on our CN and O.

image

Bug Fixes

  • Improved exception handling during maintenance sessions
  • Fixed an issue with re-running cloud scripts from a session log where it would throw an exception
  • Fixed some performance issues and improved caching of function scripts

0.50.7

Released 2022-02-25

Maintenance Task Serial Execution

A maintenance task now has the option to "Execute Serially".

When checked, this maintenance task is guaranteed to only have one instance active at a time.

e.g. If three maintenance sessions have an action for a maintenance task that executes serially, then one session will execute the maintenance task while the other two wait for it to complete. Once the first completes, the second will execute. Once the second completes, the third will execute.

This is useful for maintenance tasks that rely on the state of subsequent executions.

Other Improvements

  • Added a Status and Types column to the CW Manage client list on the integration details page so you can easily filter your list to clients you want to create tenants for. Also made the Linked Tenants column filterable to "Linked" or "Not linked". The Bulk create tenants for unassigned clients is now Bulk create tenants for filtered unassigned clients and will only bulk create tenants for those visible rows matching the table filters.
  • Added checks to ensure that the identification job is running properly

Bug Fixes

  • Fixed an error that was preventing the computer overview page from loading
  • Fixed an issue with scripts running multiple times if you opened, closed, and re-opened a script editor
  • Fixed issues with the CW Control integration not updating the device name, os name, and serial number of the agent

0.50.6

Skipped

0.50.5

Released 2022-02-18

Improvements

  • Updated ImmyBot from dotnet 5 to dotnet 6
  • Non-existent items on the deployment ordering page are now automatically removed
  • Added description below the "Suppress reboots during business hours" checkbox to indicate that it is only applied for maintenance sessions that resume after a device comes back online
  • Deployments can now be disabled which will exclude them from being applied during full maintenance sessions. This can be useful if you want to stop a deployment from happening without deleting it.
  • ImmyAgent PPKG's should now work on Windows Home editions
  • Improved the load time of the maintenance session list for instances that have 1+ million sessions

Bug Fixes

  • Removed unnecessary device online check when running metascripts through the script editor
  • Fixed issue with parameters not getting provided to scripts that are re-run from maintenance session logs
  • Fixed a format exception that occurred when attempting to schedule adhoc deployments to run after midnight
  • Fixed a null reference exception thrown when using the "Limited" option on the "Software Access Level" field
  • Fixed issue with the "Last logged on user" fields not showing on the computer overview tab
  • Updated the error text of user scripts to indicate whether or not there is currently a logged in user
  • Fixed an argument exception that occurred when trying to uninstall a software by product code
  • Fixed an internal issue with migrating items to global
  • Fixed an issue with maintenance action timeline events that was preventing them from showing in the list
  • Fixed a bug where cancelling scripts from the editor would not close the PowerShell stream reader
  • Updated broken links to https://docs.immy.bot
  • Fixed a poor performing query with instances that have millions of maintenance sessions
  • Fixed issue allowing you to click the install Immy agent button on computers that did not have an online agent to install it with
  • Fixed issue where local accounts created by the PPKG were not being hidden
  • Fixed potential issue where local accounts created by the PPKG were not being added to the local administrators group if the local administrators group name wasn't called 'Administrators'

0.50.4

Skipped

0.50.3

Released 2022-02-11

ImmyBot Agent Updates

  • Fixed a bug where agent installers that were created before 0.50.0 were failing to register on new devices
  • Increased the verbosity of logging during agent installation for easier debugging
  • Fixed a null reference issue occurring on startup
  • Updated the MSI uninstallation to remove the config.json and registration.json files located under C:\ProgramData\ImmyBotAgentService.

Improvements

  • Increased the Ephemeral Agent named-pipe connection timeout from 10s -> 60s to allow computers with extremely poor PowerShell initialization time likely due to system issues to still run scripts
  • Added software / task descriptions to deployment details page and license details page. The descriptions are accessible by clicking the the question mark button

Bug Fixes

  • Fixed an issue where filter scripts and software auto update scripts were not showing any output in the script editor
  • Fixed a label issue on tenant category schedules and tenant category deployments
  • Fixed an issue on the schedule details page where the maintenance item selector would should a blank selection by default image
  • Removed unnecessary code that fetched software twice during detection
  • Fixed an issue where the selected computers on the new computers page would de-select automatically
  • Put in an update to the CW Control ImmyBot extension to work on CW Control 21.15+. CW Control 21.15 introduced a breaking change to the API.
  • Fixed an issue where cross tenant device group target types were taking precedence over tenant specific target types

0.50.2

Released 2022-02-09

Bug Fixes

  • Fixed an issue with azure sync job creating duplicate users in the MSP tenant
  • Fixed an issue where a disabled integration could not be deleted

0.50.1

Released 2022-02-08

Improvements

  • When ImmyBot restarts, it will now attempt to restart any maintenance session that was active when it shutdown. Before, it would only attempt to restart scheduled sessions
  • Restarting maintenance sessions should now be idempotent. If an action was running when the backend rebooted, then it will be restarted.
  • Removed some thread blocking code to improve performance

Bug Fixes

  • Fixed issue with Microsoft.PowerShell.Security functions not found in metascripts
  • Fixed an issue with "Uninstall By Package Info" failing to uninstall via product code
  • Fixed an issue where pending connectivity sessions were not triggering for computers that had exactly one agent

0.50.0

Released 2022-02-07

Intellisense (beta)

Intellisense can be enabled on the application preferences page (disabled by default). Having intellisense inside the script editor is going to make your life much easier when it comes to writing ImmyBot scripts.

This feature is considered beta and there may be a few bugs present that will be get patched over the next few releases.

image

image

image

image

Other Improvements

  • Added navigation link for tenant on the computer overview tab and the maintenance session list
  • Improved performance of filtering maintenance action table and dashboard results
  • Improved performance for instances that have a large number of ImmyBot agents by optimizing some database calls
  • Added compression support for JavaScript and CSS assets to decrease the initial page load time

Bug Fixes

  • Fixed an issue with some deployments not resolving to computers that are auto-onboarding
  • Fixed an issue where clicking Include Offline in the Onboarding computer list would be de-selected after 5 seconds
  • Fixed an error that showed on the tenant details page for ImmyWorkbench instances that do not have schedules enabled

0.49.9

Released 2022-02-02

Improvements

  • Inventory during a maintenance session now runs before resolving deployments since a deployment may rely on inventory data. e.g. Filter Scripts

0.49.8

Released 2022-01-27

Bug Fixes

  • Fixed a bug with quick deploy where maintenance actions were failing due to Parameter <X> is marked required... and no value has been set

0.49.7

Released 2022-01-26

Improvements

  • General cleanup/refactoring to improve performance
  • Added an index that improves some maintenance session queries

Bug Fixes

  • Fixed an issue with uploading licenses and software installers with users who have names that contain non-Latin1 characters
  • Fixed an issue where failed audit tasks were showing as compliant
  • Fixed an issue where the maintenance item selector was not showing correct results for the Tenant target category
  • Fixed an issue uploading an MSI where the Uninstall MSI By ProductCode script was being used on the software instead of the correct Uninstall MSI By UpgradeCode. The Uninstall MSI By ProductCode is now set on the software version. The software upgrade strategy is also defaulted to install/over instead of none.
  • Fixed several issues around script timeouts and memory management
  • Fixed an issue with some slow computer list queries
  • Fixed an issue with software test scripts causing detection to fail due to missing required maintenance task parameters

0.49.4

Released 2022-01-19

Improvements

  • Significantly improved performance of re-initializing maintenance sessions upon the server starting up
  • Immy will now wait for one or more of a device's agents to reconnect when the device goes offline while attempting to run a script

Bug Fixes

  • Fixed an issue with application restarts taking a long time to re-enqueue pending maintenance sessions
  • Fixed an issue with some exceptions that occur in maintenance sessions causing the sessions to be stuck in the "Created" status

0.49.3

Released 2022-01-18

Improvements

  • Reduced the number of concurrent inventory jobs that can run to preserve performance until it can be refactored
  • Delivery of Ephemeral Agents on computers that don't support TLS v1.2 no longer spit out scary looking error. Instead, it now shows a warning that it will fallback to TLS v1.0.

image

  • Monitor maintenance tasks now run during execution except for previews which still run during detection

Bug Fixes

  • Fixed an issue with maintenance item specific schedules causing sessions to get stuck in created
  • Fixed an issue with ephemeral agents not working correctly on Win7 x64-era machines
  • Fixed issue with immy version not showing in footer

0.49.2

Released 2022-01-18

Bug Fixes

  • Fixed an issue where scripts run from the editor could throw the error: An item with the same key has already been added. DebugPreference

0.49.1

Released 2022-01-17

Improvements

  • The $VerbosePreference and $DebugPreference in a metascript now get passed down to the computer
  • The top navbar on smaller screen sizes is now accessible from a collapsible button
  • Added docs nav icon linking to https://docs.immy.bot
  • Standardized task verbiage in the UI
  • Added an additional task type filter on the task list page for "All, Computer, Cloud, Configuration"
  • Write-Progress now appends to the session log output
  • Added a health check for when the Hangfire server crashes and fails to restart
  • Changed chocolatey actions to no longer use a hardcoded path C:\ProgramData\chocolatey\bin\choco.exe. We now retrieve the path by using Get-Command choco -ErrorAction Stop | select -expand Source. This ensures we can run chocolatey when it is not in installed in the default location (Looking at you SyncroRMM).
  • Deployment filter scripts can now utilize function scripts
  • Added license description field
  • Improved performance of resolving azure group deployments

Bug Fixes

  • Resolved issue where computers running non-English version of Windows could not run any scripts. This issue also prevented successful identification for those computers.
  • Resolved parameters not being passed to user-context scripts
  • Fixed an issue with boolean deployment parameters not honoring false
  • Fixed an issue with adhoc deployments not using the parameters specified on the page
  • Fixed an issue with sessions showing passed when it should show partial passed
  • Fixed issue where duplicating deployments did not copy over the parameter values
  • Fixed issue with [ctrl-s] saving scripts from the editor
  • Fixed a bug where software from deleted deployments were still showing in the assigned software tab
  • Fixed a bug where the ephemeral agent retry logic was being ignored
  • Fixed an issue with the logs panel failing to stay scrolled to the bottom
  • Fixed an issue where inventory session logs were not showing up correctly
  • Fixed an issue where needs attention actions were showing "unavailable" for the date time
  • Fixed word wrapping on maintenance task parameter text
  • Fixed a bug where deployments targeting "All computers / No Filter" would show "Workstations and portable devices" instead
  • Fixed a bug where uploading files for global maintenance tasks would fail
  • Fixed a bug where schedule and deployment provider specific target data was not loading properly

0.49.0

Released 2022-01-11

Improved Performance

In this release, codenamed "Cheetah" we achieved a 20x improvement in script execution performance through the use of WebSockets, Named Pipes, and removing code that is no longer necessary since the introduction of the Ephemeral Agent.

We also made restarting machines faster by using the new event driven Wait-ImmyComputer cmdlet when waiting for computers to reconnect after a reboot.

Apply on Connect

Problem to solve

Computers that are offline never receive maintenance. These computers need a way to update when they miss their maintenance window.

Solution

You can now specify the offline behavior for computers on schedules and ad-hoc deployments.

image

When offline behavior is set to Apply On Connect, a session will get marked as image when the device is offline. When the device comes online, the session will resume.

image

Since devices can come online at anytime, the option to Suppress Reboots During Business Hours is checked by default.

If a device is offline before the detection stage, then it will run the detection stage when it comes online.

If a device is offline before the execution stage, then it will only run the execution stage when it comes online. It will not re-run detection.

Maintenance emails are only sent out once regardless if the device goes offline.

Timeline

On the computer details overview tab, there is now a section called Timeline that shows particular events that have occurred for the computer.

image

The events we are currently showing are:

  1. Agent disconnected
  2. Agent connected
  3. Maintenance action started (only shows if the action required execution)
  4. Maintenance action completed (only shows if the action required execution)

More events will be added in the future.

Other Improvements

  • Improved performance of determining desired state of deployments during maintenance
  • Improved performance of some update queries
  • Added a new metascript cmdlet Wait-ImmyComputer that returns as soon as a computer has connectivity
  • Added & Updated Ephemeral Agent connection statistics in 'System Status' page to report data/data-rate metrics about the underlying Ephemeral Agent connection to the backend

Bug Fixes

  • Fixed an issue where software download scripts were timing out after 60 seconds if the script didn't specify its own timeout
  • Fixed an issue where changes made to a configuration task parameters from the software page were not saving
  • Fixed issues displaying incorrect text in the target type column on the deployment and schedule list pages
  • Fixed a bug where you could not remove a software download script
  • Fixed a bug with Add-UriQueryParameter where it did not accept array values or parse existing parameters
  • Fixed an issue with Ephemeral Agent "end-of-stream" response exceptions resulting in termination of stage
  • Fixed various issues with agent connection events and improved performance
  • Fixed an issue where immy agent registrations could cause resource depletion in the backend's IoT service
  • Fixed the timezone selector to show the region to differentiate the options
  • Fixed a bug where dynamic versions could depend on itself and cause an infinite loop

Releases in 2021

Go to 2021 releases

- + \ No newline at end of file diff --git a/releases.html b/releases.html index 51101765..4ccd96bc 100644 --- a/releases.html +++ b/releases.html @@ -26,7 +26,7 @@ Write-Host "Waiting for Hook" $Hook | Wait-ImmyWebHook Write-Host "Got WebHook!"

Atomic and Cache Cmdlets

Added 3 new Cmdlets, Set-CacheKeyExpiration , Invoke-CommandCached, and Invoke-AtomicCommand

image

image

image

Other Improvements

Bug Fixes

0.57.6

Released 08-10-23

Improvements

Bug Fixes

0.57.5

Released 08-08-23

Bug Fixes

0.57.4

Released 08-07-23

Improvements

Bug Fixes

0.57.3

Released 07-14-23

Improvements

Bug Fixes

0.57.2

Released 07-11-23

Bug Fixes

0.57.1

Released 06-30-23

Fixed an issue for new instances deployed without an IoTHub being unable to install Immy Agents.

0.57.0

Released 06-29-23

Agent Delivery - Whitelist cdn.immy.bot

Make sure to whitelist cdn.immy.bot in your endpoint protection tools.

The ImmyBot Agent and the Ephemeral Agent are now served from a Cloudflare CDN at https://cdn.immy.bot

ImmyBot Remote Control (Remotely) - BETA

Initial support for remote control is here!

The newest version of the ImmyBot Agent will support the ability to establish remote control sessions.

Remote control can be established by clicking the "Open Remote Session" dropdown and then clicking the "ImmyBot Agent" option.

image

You can also select the initial Windows session within which to start remote control.

Task Deprecation & Supersedence

Old tasks can now be deprecated in favor of newer tasks.

You can deprecate a task by supply a "Superseded By" task on the task form. You can additionally supply a parameter migration script that will migrate the parameters specified by the deprecated deployment to the parameters of the superseding one.

image

Schedule using the computer's timezone and Active Hours

The schedule details page has been cleaned up and re-organized for easier understanding.

We are introducing two new ways to schedule execution against a computer.

  1. Use the computer's timezone for execution

    A common complaint is that it is hard to schedule maintenance for a group of computers that are all in different timezones. Another complaint is that scheduling maintenance against laptops for people who travel is difficult because they are constantly changing timezones.

    You now have the option to schedule maintenance at a particular time according to the timezone specified by the computer.

  2. Start execution after active hours if available

    For computers that are running Windows 10+, you can opt into using the Active Hours specified by the computer instead of executing at the specified time on the schedule.

    For now, if active hours are used, execution will be scheduled in the middle of non-active hours. e.g. If active hours ends at 1pm and starts again at 10pm, we will schedule execution at 5pm.

Active Hours as Business Hours

When active hours are used to schedule maintenance for a computer, checks against business hours will resolve to active hours. This is necessary because we don't want to accidentally reboot the computer when in use, when "Suppress Reboots During Business Hours" is checked on the schedule.

Both "Use computer's timezone for execution", and "Start execution after active hours if available" are available for use on the deployment details page as well.

Pending Ephemeral Agent Session Status

A new session status has been added called Pending Ephemeral Agent Session.

Anytime during a maintenance session, if we fail to establish an ephemeral agent, the session will go into Pending Ephemeral Agent Session. The action it was performing when the failure occurred will not be failed so that it can resume when the ephemeral agent is finally connected. A background service will continually attempt to establish an ephemeral agent on sessions that are marked with this status.

With this change, we were able to remove the Script Execution Circuit Breaker that has not proved to be very useful.

Terminating Exceptions

System scripts will now throw terminating exceptions if we fail to establish an ephemeral agent or an actual terminating exception was thrown in the script.

Metascripts will also now throw terminating exceptions when an ephemeral agent fails to establish when using Invoke-ImmyCommand. You must now explicitly use a try/catch in order to prevent the terminating exception from ending the script.

This behavior will prevent software and tasks from continuing script execution in the event of a terminating exception, which will prevent false-positive results and report better errors.

User Script Terminating Exceptions

When running Invoke-ImmyCommand -Context "User", an additional parameter will be available called TerminateFromNoLoggedOnUser. When set, the script with throw a terminating exception when there is no logged on user. By default, user scripts will not throw a terminating exception when there is no logged on user.

Made pending-connectivity session triggering more robust

Session Preflight Scripts

A new script category has been added called "Preflight". Preflight scripts run after an ephemeral agent is established and before we attempt to run any other script against a computer. If the preflight scripts do not return any exceptions, then preflight is consider "passed" and scripts can be executed as normal. Otherwise, if any preflight script fails, script execution will not be allowed against a computer.

The major reason we added preflight scripts was to detect whether a computer is currently applying windows updates. Agents can report online and connected while windows updates are applying. However, it's possible that certain actions will not perform successfully while the computer is applying those updates. If we attempt to start or resume a session while windows updates are applying, we run the risk of rebooting the computer during an update and potentially bricking it.

The first global preflight script that has been added will check if the computer is currently applying windows updates and will throw an exception if it is, preventing script execution on the computer until windows updates are completed.

Pending Preflight Session Status

A new session status has been added called "Pending Preflight". When a preflight script fails during a session, the session will go into "Pending Preflight". The action that was actively being performed when the preflight script failed will not failed so that it can be resumed when the computer passes preflight. A background service will continually attempt to run preflight against a computer until it passes. Once preflight passes, the session will continue.

Built-In ImmyBot Agent Software

Before 0.57.0, we had hardcoded an action to perform the ImmyBot Agent update, which resulted in a lot of failures.

The built-in agent update now utilizes the ImmyBot Agent software located in the global repository.

Before

image

After

image

Prepared removal of Azure IotHub for the ImmyBot Agent

The 0.57.0 ImmyBot agent introduces a new method of establishing a connection to the backend using WebSockets.

With this approach, we will be able to remove dependency upon the Azure IoT Hub and provide a more reliable connection to devices.

Other Improvements

Bug Fixes

0.56.5

Released 2023-05-11

Improvements

Bug Fixes

0.56.4

Released 2023-05-08

Bug Fixes

0.56.3

Released 2023-05-04

Improvements

Bug Fixes

0.56.2

Released 2023-04-27

Improvements

Bug Fixes

0.56.1

Released 2023-04-24

Improvements

Bug Fixes

0.56.0

Released 2023-04-17

Tenant and Person tags

Support has been added for Person and Tenant tags.

A tag no longer has a "type". A tag can be assigned to any person, computer, or tenant.

Deploying a software or maintenance task with a tag target type now resolves computers for the following:

  1. computers that have the tag
  2. computers for tenants that have the tag
  3. primary computers for people who have the tag

Deploying a cloud task can now target tags assigned to tenants, as well as integrations that support client groups.

Now that tags can target tenants, you can create a schedule that targets tags to run a single schedule across multiple tenants.

Tags for tenants can be assigned on the tenant list and tenant details pages.

Tags for persons can be assigned on the person list and person details pages.

ImmyBot Session Support Requests

You can now request support from Immy technicians from maintenance sessions. When requesting support, you can:

Global Script Editor

Below are some of the new features in the script editor!

image

image

image

image

You can access the script editor from the top navbar or in the sidebar under Library -> Script Editor

image

image

Parameter Value View

Sometimes deployment parameters result in an exception when performing the binding. This can happens when the parameter types have been updated but the values have not.

You can now toggle the parameter form to a value view that provides you the ability to remove/reset values that may be causing issues.

image

Tenant Software

The Tenant Details Page now has a Software tab that displays a grid of software that was detected on endpoint machines and could be matched to software in the global database. The result set is grouped by global software name/ID and sorted descending by total installs (i.e. number of devices that have it installed). Each group has a Deploy button, which will open a new deployment for the software that targets all computers under that tenant.

image

Other Improvements

Bug Fixes

0.55.13

Released 2023-04-03

Bug Fixes

0.55.12

Released 2023-03-31

Improvements

Bug Fixes

0.55.11

Released 2023-03-22

Bug Fixes

0.55.10

Released 2023-03-21

Bug Fixes

0.55.9

Released 2023-03-16

Improvements

Bug Fixes

0.55.8

Released 2023-03-15

Improvements

Bug Fixes

0.55.7

Released 2023-03-14

Improvements

Bug Fixes

0.55.6

Released 2023-03-08

Improvements

Bug Fixes

0.55.5

Released 2023-02-28

Improvements

Bug Fixes

0.55.4

Released 2023-02-24

Improvements

Bug Fixes

0.55.3

Released 2023-02-21

Improvements

Bug Fixes

0.55.2

Released 2023-02-14

Improvements

Bug Fixes

0.55.1

Released 2023-02-09

Improvements

Bug Fixes

0.55.0

Released 2023-02-07

Stale Computers

A new "Stale" tab has been added to the Computers List page showing devices that have not had a recent agent connection event. By default, the staleness threshold is 30 days. This value can be configured from the System Preferences page.

image

This feature can be used to cleanup old computers when you are coming close to the maximum limit for computers.

Dynamic Maintenance Task Parameters (PowerShell Param Blocks)

Maintenance task parameters can now be defined dynamically using a script's param() and dynamicparam{} block.

image

PowerShell has a robust parameter definition and validation engine. By leveraging it, we give ourselves features like:

When deploying Onboarding tasks, you can define which parameters should be visible to the technician, while hiding others or setting their defaults in the Deployment. image

GDAP Support

"GDAP Customer Syncing" option has been added to the Azure settings page. Enabling this option does the following:

Please see the GDAP Customer Syncing documentation for usage details.

Important! If you are using a custom app registration (also known as the CSP App Registration), your app registration must have a Web redirect URI of https://<your-domain>.immy.bot/consent-callback, replacing <your-domain> appropriately. Please see the updated custom app registration docs for details on how to add the redirect URI

Other Improvements

Bug Fixes

0.54.8

Released 2023-01-17

Bug Fixes

Releases in 2022

Go to 2022 releases

- + \ No newline at end of file diff --git a/scripts.html b/scripts.html index 6a959b8f..56c5961e 100644 --- a/scripts.html +++ b/scripts.html @@ -60,7 +60,7 @@ extraQueryParameters = $null)] $OAuthInfo ) - + \ No newline at end of file diff --git a/terminology.html b/terminology.html index 2a281ea4..0682410b 100644 --- a/terminology.html +++ b/terminology.html @@ -19,7 +19,7 @@
immy.bot

Appearance

Terminology

Tenants

These are your Customers. We recommend syncing Tenants from CW Automate or Azure.

User Computer Affinity

ImmyBot periodically runs whoami /upn on all computers and keeps a rolling list of the last 10 UPNs. It assigns the Primary User of the computer to the "Person" (Synced from Azure) with the matching UPN.

For environments without AzureAD, ImmyBot will lookup the UPN of the Person from a Domain Controller in the computer's Tenant

Deployment

Deployments were originally called "Assignments" and are still called Assignments under the hood.

Note: You won't see the word "Assignment" in the user interface anywhere, but we plan to re-rename "Deployment" back to "Assignment" it in a future release.

A deployment is a rule that assigns Software or Tasks (Collectively known as "Maintenance Items") to a Target.

Deployments are conceptually similar to Group Policies in that they assign settings to a group of users or computers.

DO NOT BE AFRAID TO SAVE YOUR DEPLOYMENTS. THEY DO NOT APPLY AUTOMATICALLY.

If you DO want your Deployments to be applied automatically, you need to create a Schedule.

Deployment Resolution

Also known as

  • Creating Exceptions
  • "Winning" Deployments
  • Dealing with Snowflakes

Like Group Policies have a "Winning Policy", ImmyBot must have a "Winning Deployment" for a given Maintenance Item on a computer.

Let's say you have a customer "Contoso" that uses Adobe Acrobat instead of Adobe Reader, and you would like that to be installed instead.

First, create a Deployment that sets the desired state of Adobe Reader to Uninstalled for Contoso

Then, create a Deployment that Installs Adobe Acrobat for their computers

Target

A "Target" is a grouping of computers (or Tenants in the case of "Cloud Tasks")

ImmyBot's ability to resolve Targets to a group of computers is perhaps its most powerful feature.

For example, you can select a Group of users from AzureAD (which includes on-prem synced groups, and Teams) and ImmyBot will automatically resolve that to the list of computers in use by the people in that group.

If you enable PSA integration, a Target could be all computers covered under a certain type of Agreement, or computers covered by an Agreement that includes a certain product.

This is particularly useful for security software, help desk portals, or anything else in your stack that you may only want to be installed for customers that are paying you for it.

Offboarding

Conversely, you could create Deployments that remove your stack for customers you are offboarding.

  • Create an "Offboarding" product in your PSA
  • Create a deployment for each of the pieces of software you would like removed setting the desired state to Uninstalled
  • Target all customers with the "Offboarding" product on their agreement

Note: ImmyBot even honors the date range on additions, making scheduled offboarding easier if say the customer wants your software removed on the last day of the month.

Maintenance Session

A Maintenance Session is conceptually similar to running gpupdate /force

In other systems, different types of maintenance happen on their own schedule. Windows Updates may run on Tuesday night, but Third Party updates may run on Wednesday night, and auto-fix tasks may run whenever an alert is fired for a failed monitor, which has its own polling interval.

By forcing all automation to happen in a sequential set of actions we call a Maintenance Session, we can deliver predictability not only as to what changes will be made, but also when.

This also provides a cohesive mechanism for setting up a new computer. At best in traditional RMMs you can assign Monitors that detect the absence of required software and run Install scripts when they are missing, but this doesn't scale as pre-requisites and exclusions are required.

Imagine if Group Policy could reliably deploy any type of software, and gpupdate /force worked reliably off-net, and when you ran it, it gave you real-time feedback about exactly what it was doing. Also imagine that it could optionally notify the end user before and after with a branded email telling them exactly what is being done, that optionally lets them cancel.

That's a Maintenance Session.

You can view Maintenance Sessions for all computers under Computers->Sessions

Or, you can view Maintenance Sessions for a specific Computer under the Sessions tab for that Computer

Maintenance Session Stages

Detection Stage

During the Detection Stage, ImmyBot "Detects" which Maintenance Actions are necessary to bring the computer into compliance. These Actions are added to the Maintenance Session.

This is a read-only process, and typically done while the user is active. This is so ImmyBot can notify the user of changes that will occur later during the Execution Stage. By doing this during the day, and scheduling Execution for later, we are giving the end user the best possible chance to be aware of the upcoming maintenance, Postponing if you allow. The Postpone feature is very popular among engineers that do may need to leave renderings and analysis tasks running overnight.

Execution Stage

Maintenance Action

A Maintenance Session has one or more Maintenance Actions. A Maintenance Action could be to install software, apply a Windows Update, or run a Task.

The image below depicts a typical Maintenance Session with many Maintenance Actions

Software

Software, in the context of ImmyBot refers to Software objects in My Software or Global Software.

My Software - Initially empty. When you upload your own software to ImmyBot, it goes into My Software

Global Software - Read-Only, managed by the ImmyBot team.

At the bare minimum, Software requires a Detection Method. Software can have many Software Versions.

Pre-Requisities

This is a VERY powerful, and critically underrated feature in ImmyBot. ImmyBot resolves dependencies recursively, with built-in circular reference detection.

Common uses for Pre-Requisites include

  • Ensuring a piece of software is installed before installing another
    • C++ Redistributables before 3CX Client
    • Office is installed before an Outlook Add-in
  • Ensuring a piece of software is uninstalled before install another
    • Removing Adobe Acrobat Reader before installing Adobe Acrobat Professional

Install required dependencies

Ordering Maintenance Actions

Detection Method

A Detection Method is required in order to know whether or not a piece of Software is installed on a machine.

For Software, the detection method must returns the version of the software installed on the machine, if any.

For Tasks, the Detection Method is the "test" mechanism, which must return true or false to indicate whether or not the machine is in compliance.

Software Version

Task

A Task (aka Mainenance Task) is a catch-all for anything that isn't software.

or

Task Modes

Enforce

Runs the "test" script, if the test returns false, runs "set", then runs "test" again to verify.

Audit

Runs the "test" script which should return true or false. It can output whatever it wants, but the last output should be boolean.

Monitor

Runs the "get" script, which can return anything. Useful for collecting data like Bitlocker Keys, Quickbooks Licenses, or any other piece of information you are interested in.

Scripts

From the above diagrams, you can see that scripts are the building blocks for higher level objects like Software and Tasks.

Execution Context

System

Run as a service on the machine

User

Will attempt to run as the logged on user

Metascript

Runs in the ImmyBot backend, and can spawn code on the system by using Invoke-ImmyCommand

Cloud Script

Runs in the ImmyBot backend, but intended to be run against a Tenant (perhaps for the purpose of getting or setting some setting in 365/Azure or some other system with an API). These are used exclusively in Tasks targetting "Tenants".

Schedules

Used to run maintenance periodically on machines. Can optionally be limited to a single Maintenance Item.

NOTE You must also have a Deployment for the Maintenance Item to set the desired state. Imagine a scenario where you need to ensure a single piece of software is up-to-date on all computers except for a CNC machine. Create 2 deployments, the first setting the desired state to Installed->Latest for all computers, then a second stating that the desired state is Ignored for the CNC machine. When you create the schedule, the software will be ignored for the CNC machine.

Integrations

To ImmyBot, an RMM is a system that provides a list of computers, and a mechanism to run PowerShell scripts on them.

To avoid having to deploy the ImmyAgent to existing machines, ImmyBot optionally integrates with RMMs like ConnectWise Automate and ConnectWise Control and uses their agents instead. These systems are not as performant as the ImmyAgent, but can suppliment ImmyBot functionality.

For example, if you add an RMM Link for ConnectWise Control, you can open a remote session to the computer directly within ImmyBot:

If you add an RMM integration for ConnectWise Automate, Scheduled Maintenance Sessions will apply all Approved Windows Updates using the ConnectWise Automate API based on your Approval Policies in Automate Patch Manager.

You can even add multiple RMMs of the same type, which is often useful in merger and acquisition scenarios. You may choose to use ImmyBot as your single pane of glass to manage both, or simply let ImmyBot be a neutral third party for facilitating the consolidation of RMM agents to the parent company's RMM.

Identification

Because the same computer often exists in multiple RMMs (Like how CW Automate typically installs CW Control Automatically), ImmyBot prevents duplicates by identifying the computer by a unique id. We DO NOT use MAC Address! This unique id persists even if you wipe and reload the machine.

When a new machine is detected, it first goes to New Computers->Actively Identifying

It uses the following script to collect the UUID from the machine:

gwmi Win32_ComputerSystemProduct | select -expand UUID

This value is static even if you wipe and reload the machine, although we have VERY rarely seen this value change following a BIOS upgrade or due to a mainboard fault. We chose this value instead of Mac Address or Hard Drive serial number because of issues other systems have with USB Ethernet cables and hard drive replacement. We did not use serialnumber because we learned that many computers do not have serial numbers.

In practice, this value works almost too well. Machines you just wiped and expect to find in New Computers, are often associated to their pre-wiped computer objects. To find them, you often have to search for the serial number of the computer in the Computer List. In 0.40.1 we began using the Windows OfflineInstallationID value to identify when an existing computer has been wiped so we can set its status to "Needs Onboarding" which causes it to show up under New Computers as expected.

If it is a machine ImmyBot has seen before, it will be associated to the existing Computer, and you will find a new entry under the Computer's Agents tab. Under the hood we call these entries "RmmComputers".

Computers can have one or more RmmComputers(Agents). You can think of these as logical "pathways" to the computer. We only need one to be online to function.

- + \ No newline at end of file diff --git a/troubleshooting.html b/troubleshooting.html index 178e63b8..ce8f931c 100644 --- a/troubleshooting.html +++ b/troubleshooting.html @@ -12,7 +12,7 @@ - + @@ -43,13 +43,13 @@ "StatusCode": 0, "ErrorException": { "ClassName": "System.Net.WebException", - "Message": "No such host is known. (XXXX.immy.bot:443)"

To correct it, you need to exclude DNS filtering for your instances hostnames, which are found under Show more > integrations > Fetch IP Address and Hostnames

If Powershell is failing to start on the endpoint within 60 seconds a timeout will occur.

Here is a suggestion on a cause and possible fix for that one https://www.reddit.com/r/PowerShell/comments/rx68fw/powershell_slow_to_open_long_load_timesfixed

Security Software Exclusions

Ideally you would instruct your security software would support excluding code signed by

CN=Immense Networks LLC, O=Immense Networks, L=Baton Rouge, S=Louisiana, C=US

Exclusions based on code signing certificate are an industry standard feature and should be a standard feature in any best-in-class security software. However, if your security software is unable to exclude based on code signing certificate, create an exclusion for your instance's Script Path.

Your script path can be found under Settings->Preferences->Script Path

image

ThreatLocker

  1. Application Control-> Applications
  2. Create New Application
  3. Put the following value into Certificate and click Add
CN=Immense Networks LLC, O=Immense Networks, L=Baton Rouge, S=Louisiana, C=US
  1. Add your instance’s script pathimage Ultimately it should look like this: image
  2. Create a New Application Policy image

Sophos Central

Tenant Specific Manual Addition:

  1. Launch Client Shell
  2. Navigate to Global Settings - Allowed Applications
  3. Select "Add apps"
  4. In the "allow by:" dropdown, select certificate and add the following
CN=Immense Networks LLC, O=Immense Networks, L=Baton Rouge, S=Louisiana, C=US

Event Log Method: If Sophos reports that Immy Bot has been blocked, you have the option of going to the Event Log and and select the option to allow by Certificate. This will only work if Sophos has picked up an alert for a process signed by the Immy Bot code signing certificate

Partner Global Templates

  1. Navigate to Settings & Policies - Global Templates and select the template you would like to modify
  2. Once in the template, navigate to Global Settings - Allowed Applications
  3. Follow steps 3 and 4 listed in the Tenant Specific section above

BitDefender

BitDefender will intermittently block script execution unless you disable Aggressive scanning mode or add a your instance's Script Path to your policy's exclusion list.

CrowdStrike

CrowdStrike uses AI to decide what to allow and disallow. Periodically this AI will mark the ImmyBot Agent or ImmyBot Ephemeral Agent as malicious. This usually happens after we update it. Marking it as a false positive in your CrowdStrike portal will train the global AI to not treat it as malicious.

Microsoft Defender for Endpoint

Add a your instance's Script Path to your policy's exclusion list. https://docs.microsoft.com/en-us/mem/intune/configuration/device-restrictions-configure#create-the-profile

Cylance

Cylance blocks our websocket making the ImmybotAgent log look like this:

2022-09-21 12:24:26.562 -04:00 [INF] Process exiting.
+    "Message": "No such host is known. (XXXX.immy.bot:443)"

To correct it, you need to exclude DNS filtering for your instances hostnames, which are found under Show more > integrations > Fetch IP Address and Hostnames

If Powershell is failing to start on the endpoint within 60 seconds a timeout will occur.

Here is a suggestion on a cause and possible fix for that one https://www.reddit.com/r/PowerShell/comments/rx68fw/powershell_slow_to_open_long_load_timesfixed

Security Software Exclusions

Ideally you would instruct your security software would support excluding code signed by

CN=Immense Networks LLC, O=Immense Networks, L=Baton Rouge, S=Louisiana, C=US

Exclusions based on code signing certificate are an industry standard feature and should be a standard feature in any best-in-class security software. However, if your security software is unable to exclude based on code signing certificate, create an exclusion for your instance's Script Path.

Your script path can be found under Settings->Preferences->Script Path

image

ThreatLocker

  1. Application Control-> Applications
  2. Create New Application
  3. Put the following value into Certificate and click Add
CN=Immense Networks LLC, O=Immense Networks, L=Baton Rouge, S=Louisiana, C=US
  1. Add your instance’s script pathimage Ultimately it should look like this: image
  2. Create a New Application Policy image

Sophos Central

Tenant Specific Manual Addition:

  1. Launch Client Shell
  2. Navigate to Global Settings - Allowed Applications
  3. Select "Add apps"
  4. In the "allow by:" dropdown, select certificate and add the following
CN=Immense Networks LLC, O=Immense Networks, L=Baton Rouge, S=Louisiana, C=US

Event Log Method: If Sophos reports that Immy Bot has been blocked, you have the option of going to the Event Log and and select the option to allow by Certificate. This will only work if Sophos has picked up an alert for a process signed by the Immy Bot code signing certificate

Partner Global Templates

  1. Navigate to Settings & Policies - Global Templates and select the template you would like to modify
  2. Once in the template, navigate to Global Settings - Allowed Applications
  3. Follow steps 3 and 4 listed in the Tenant Specific section above

BitDefender

BitDefender will intermittently block script execution unless you disable Aggressive scanning mode or add a your instance's Script Path to your policy's exclusion list.

  1. Edit the policy->Antimalware->Settings->In-policy Exclusions
  2. Add a folder exclusion for your Script Path

CrowdStrike

CrowdStrike uses AI to decide what to allow and disallow. Periodically this AI will mark the ImmyBot Agent or ImmyBot Ephemeral Agent as malicious. This usually happens after we update it. Marking it as a false positive in your CrowdStrike portal will train the global AI to not treat it as malicious.

Microsoft Defender for Endpoint

Add a your instance's Script Path to your policy's exclusion list. https://docs.microsoft.com/en-us/mem/intune/configuration/device-restrictions-configure#create-the-profile

Cylance

Cylance blocks our websocket making the ImmybotAgent log look like this:

2022-09-21 12:24:26.562 -04:00 [INF] Process exiting.
 2022-09-21 12:24:40.106 -04:00 [DBG] Closing Websocket...
 2022-09-21 12:24:49.743 -04:00 [INF] Marked ConnectionState as disconnected.
 2022-09-21 12:24:50.171 -04:00 [ERR] Application shutting down (App lifetime token cancelled)
 System.IO.IOException: Cannot access a closed stream.
 at System.Net.Http.HttpConnection.RawConnectionStream.WriteAsync(ReadOnlyMemory`1 buffer, CancellationToken cancellationToken)

To correct it, you need to bypass SSL Inspection for your instances hostnames/IPs, which are found under Show more > integrations > Fetch IP Address and Hostnames

SentinelOne

Sentinel requires BOTH your instance's Script path and the ImmyBot Agent process excluded. With only the script path excluded, devices will regularly have issues running the ImmyBot Agent to download the ephemeral agent. This is apparent in two cases:

  1. Importing devices - The new agent can't download the ephemeral agent to start running inventory.
  2. Updating ImmyBot Agents - The new agent can't download the corresponding new ephemeral agent when attempting to run deployments or scripts.

You can also set your Exclusion Mode to "Interoperability - Extended".

DNSFilter

There have been reports indicating that DNSFilter, along with potentially other DNS filtering tools, is not directly blocking subdomain.immy.bot but has failed to resolve some DNS queries.

Specifically, in the case of DNSFilter, it was confirmed that ImmyBot was not being blocked. However, the failure in DNS resolution meant that connection attempts to the backend were unsuccessful.

Explicitly allowing the DNS for subdomain.immy.bot (replacing "subdomain" with your specific ImmyBot instance subdomain) was verified to resolve the issue of failed DNS resolutions.

For guidance on managing allow and block lists, please refer to: https://help.dnsfilter.com/hc/en-us/articles/1500008111381-Allow-and-Block-Lists

Group Policy Objects

Computer Configuration | Policies | Administrative Templates | Windows Components | Windows PowerShell | Turn on Script Execution (Enabled)

User Configuration | Policies | Administrative Templates | Windows Components | Windows PowerShell | Turn on Script Execution (Enabled)

These GPOs have been known to cause issues with running scripts.

- + \ No newline at end of file diff --git a/user-roles.html b/user-roles.html index 94bfa6a8..cdc4faab 100644 --- a/user-roles.html +++ b/user-roles.html @@ -19,7 +19,7 @@
immy.bot

Appearance

User Roles

MSP Admin

  • Full Access, no restrictions

MSP Non-Admin

  • Cannot create/edit/delete Schedules
  • Cannot create/edit/delete Users
  • Cannot create/edit/delete Cross Tenant Deployments
  • Can create/edit/delete Single-Tenant and Individual Deployments
    • NOTE: You can disable this in Settings->Preferences with the "Allow Non-Admin Users to Manage Deployments" setting
  • Can access terminal on all machines and edit scripts
    • NOTE: You can disable this in Settings->Preferences with the "Allow Non-Admins and Non-MSP Users to Use Terminal and Edit Scripts"
      • Disabling this prevents these users from being able to run arbitrary code on devices

Customer (Tenant) Admin

  • Can view/edit Computers, Licenses and Deployments for their Tenant
  • Can create users in their tenant
  • Software they upload is owned by their tenant and are not visible to other tenants
  • Licenses they create are owned by their tenant and are not visible to other tenants

Customer (Tenant) Non-Admin

  • Cannot create Schedules
  • Cannot create Cross Tenant Deployments
  • Cannot create Users
  • Can create Deployments scoped to individual Computers and People
- + \ No newline at end of file diff --git a/windows-sandbox.html b/windows-sandbox.html index 9e443ae9..d118290d 100644 --- a/windows-sandbox.html +++ b/windows-sandbox.html @@ -19,7 +19,7 @@
immy.bot

Appearance

Testing with Windows Sandbox

Windows Sandbox is a fast loading disposable container in Windows that loses all settings when shutdown or restarted. It is very convenient for testing software deployments. It should be noted that not all software is compatible with Windows Sandbox, particular software that installs drivers or requires restarts.

If you haven't used Windows Sandbox before, you can enable it by opening Windows PowerShell as Admin and running the following command:

powershell
Enable-WindowsOptionalFeature -FeatureName "Containers-DisposableClientVM" -All -Online -NoRestart

Download Windows Sandbox file (.wsb)

Wait for ImmyBot Agent to install

Onboard the Sandbox

This will create an "Onboarding" Session (sessions are like running gpupdate) that will apply all applicable Deployments (deployments are like Group Policies)

- + \ No newline at end of file