Security

PrintNightmare – enable Print Spooler service

Enables Print Spooler, which will not protect against PrintNightmare.

Read More

PrintNightmare – disable Print Spooler service

Disables Print Spooler, which will protect against PrintNightmare.

Read More

PrintNightmare – ACL unlock

Removes ACL change in the ‘PrintNightmare – ACL lock’ script.

Read More

PrintNightmare – ACL lock

Changes ACL to prevent any printer modifications. This protects against PrinterNightmare, but must be reverted to make any changes to printers.

Read More
Dell Driver Update

Dell Security Advisory Update DSA-2021-088 install

Downloads and runs Dell’s removal tool for the vulnerable driver. Prints results to the procedure log. Can report using $DBUtil$.

Read More

Cisco Umbrella – Uninstall

Script will uninstall the Cisco Umbrella Roaming DNS client. You can run a report using tags $Umbrella$ or $OOD$ (for fails)

Read More

Open .js files in notepad

Imports a reg file to default .js extension action to Edit (instead of Open), and sets the Edit command to notepad.exe.

Read More

Enable Powershell

Sets permissions on powershell.exe to allow users to run powershell scripts. This reverses the effect of the Disable Powershell script. Can edit the first line of this script to change the user group if needed.

Read More

Disable PowerShell

Sets permissions on powershell.exe to prevent users from running powershell scripts. This will also prevent Kaseya from running powershell commands "as user" as well. Can edit the first line of this script to change the user group if needed.

Read More

XMR Endpoint Check

Procedure to check the endpoints for the mining exploit. Created by Douglas Sanchez (douglas.sanchez@kaseya.com) You MUST create a custom field called “XMR” as documented in Kaseya’s article 1-29-18 Modified by Chris A – Virtual Administrator to add Tags, and reduce un-needed entries Review the following video to build a report off the tags. The tag…

Read More