Using LGPO.EXE with Atera Scripts

jeff
jeff Member Posts: 15

I have several policy file variations that I use to quickly push policies to workstation. In the past, I've physically visited the workstation and run something from a thumb drive like:

LGPO.EXE /t .\technicians_pol.txt /v

and it works great. I'd like to start pushing through Atera using the Scripts function, but the LGPO program doesn't seem to have a strictly command line version. As far as I can tell, you have to use a policy file with the LGPO command. Has anyone found a way to to this that doesn't include copying a bunch of temporary files to the local machine or using a file server connection? I could connect everyone to my computer as I push them out, but even if I don't setup a persistent connection, it would suck if I'm pushing something out to 50 computers to have all of those connection to my computer. Any thoughts would be great.

Thanks,

Jeff

Tagged:

Comments

  • mbudke
    mbudke Member Posts: 137 ✭✭✭

    Hi @jeff ,

    I don't have much experience with LGPO.exe but maybe you can write the "technicians_pol.txt" through the script and just delete the file afterwards.

    Then the commands are part of your script and you do not require a separate fileshare.

    Matthias

  • jeff
    jeff Member Posts: 15

    I was thinking of putting the file up on an available http source and using CURL to transfer it from a script command, but the possible security concerns of putting even an innocuous file like that in a public space made me rethink it. When you say, "write the "technicians_pol.txt" through the script," how are you proposing to write/create the file? Does Atera have a "write" file function, are you thinking of piping content to a local file, or something else? I hadn't thought about piping text to a file using Atera scripts until your reply. I might give that a try and see what happens. Please note that we block unsigned PowerShell scripts, so other than single line commands that can be run through batch files, Powershell is not an option. I've already dug into the painfully complex and difficult options for signing my own scripts, but with my limited resources, can't reasonably sign my own scripts.

    On a side note, last week, I successfully did a test transfer of a script created file from an endpoint to my "IT" computer from several workstations, but had to run the script as the logged in user instead of system user for it to function. The same security issues concerns me where a central and open repository would be a security weakness that I'd rather not have to figure out and spend resources on protecting. It would be nice if the Atera agent could facilitate creating/transferring local files through it's secure agent. Does anyone know if there is a function like that?

    Thanks,

    Jeff

  • mbudke
    mbudke Member Posts: 137 ✭✭✭

    Hi @jeff ,

    indeed I was thinking about piping the data into a file but if that is not allowed in your IT environment it might not be an option.

    How about using a SharePoint or alternative product which is available on each computer so you can store the data over there and synchronize it with the correct client software? This would vanish the http download but as a negative side effect would give the enduser potential insights in your scripts.

  • Samuel MONIER
    Samuel MONIER Member, Cerified Business Partner Posts: 18 ✭✭✭

    @jeff Hi Jeff. For that need, I use a S3 repository (Object Storage).
    In my script, I use a http download with powershell command "Invoke-WebRequest -Uri"
    It works fine, and available from everywhere.

  • jeff
    jeff Member Posts: 15

    No, piping to a file is fine in my environment. We just block powershell scripts that aren't signed, which means just about every powershell script that exists. I can still pipe through a .BAT file and I can do single line PS commands from a .BAT file, so unless something unexpected happens, it should work fine, possibly, mayby. :D I haven't gotten around to playing with it yet, but I'll update if it works out well and reliably.

    Thanks.

  • jeff
    jeff Member Posts: 15

    Hi Samuel,

    That is interesting. I don't do much with S3. I did have a client several years ago who had a backup program that piped to the Amazon S3 cloud, but they moved to an established turnkey system after some problems. What would be the benefit of S3 over an ?open/shared? S3 file?

    Thanks.

  • Samuel MONIER
    Samuel MONIER Member, Cerified Business Partner Posts: 18 ✭✭✭

    Hi Jeff,

    For that part, I use S3 storage on Scaleways. It's a low cost storage solution.
    Available from everywhere (for all my customers, no need to access to specific server or anything else).
    You can create a HTTPS link for each files.
    So it's easy to use for scripts and automations needs.