A discussion was had about the possibility of using SecureDX to kill Citrix sessions that showed indicators of being accessed through stolen Netscaler cookies. The group explored different potential solutions, including Citrix Security Analytics and potential AI-based solutions being looked into by ControlUp in the future. They also discussed the potential of using the ControlUp client to detect and flag unauthorized access. No clear solution was found, but the potential for future developments in this area was identified.
Read the entire article here...
ControlUp Scripts & Triggers Training & Support Archives
ControlUp Script and Trigger training and support-related archives from inside the ControlUp Community on Slack.
How to Check for Affected Devices with ControlUp’s Bash Script
ControlUp shared a simple bash script for checking the XZ Utils version on devices and determining if it is affected by CVE-2024-3094. Resources and further information on this topic were provided. The shared script also includes an event script for checking the version on devices. Some discussion and referenced sources were also provided. Find the script for checking for affected devices at https://x.com/wdormann/status/1774221251931742706?s=46&t=gdqbN_60lboMJbaqr16mcw. The index script can be found in the thread below the original post.
Read the entire article here...
Read the entire article here...
Troubleshooting Triggers in ControlUp v9 Beta
A user shared their experience with an issue in the ControlUp v9 Beta 9.0.1470, where triggers for a specific event log were not firing. After upgrading to the latest version, 9.0.1546, and restarting the monitor service, the triggers started working. The user also shared a helpful tip for viewing triggers by clicking on Incidents in the RT console and toggling on the trigger column. They hoped this would help others with the same issue.
Read the entire article here...
Read the entire article here...
Choosing the Best Tool for User Management in ControlUp – Comparing Group Policy and WEM
A discussion takes place on the ControlUp Slack channel about the best way to add registry entries using the User logon trigger. Some users suggest using Group Policy or PowerShell commands, while others mention that Citrix WEM could also be an option. Different considerations, such as login times and scalability are mentioned when comparing WEM to Group Policy. Some users mention past issues with WEM, but also acknowledge that it may be a suitable tool for certain environments.
Read the entire article here...
Read the entire article here...
Troubleshooting Ivanti Data Configuration in Logon Script
A user asked about the configuration needed to get Ivanti data in the logon script, specifically for the ALD script. Another user suggested reposting in the appropriate channel and tagging experts. The needed configuration involves auditing specific events and enabling logging. A script is available on ControlUp's library for easier troubleshooting. The AppSense-related logs can be analyzed using EMMon. EMMon can be found in the suite download at https://www.controlup.com/script-library-posts/ivanti-environment-manager-logging-enable/
Read the entire article here...
Read the entire article here...
Troubleshooting the Built-In Synchronization Feature in ControlUp
A user encountered difficulties using the new Built-In Synchronization feature for ControlUp, specifically with custom mappings and instructions lacking examples. Other users provided helpful tips and guidance on how to properly use the feature, including the use of wildcards and setting the sync to a shorter interval. The discussion ended with the confirmation that the desired actions were accurately assigned.
Read the entire article here...
Read the entire article here...
Creating Triggers with ControlUp – A Discussion on Using “Super Triggers”
A team member asked if it was possible to create a trigger for logon duration exceeding a certain time. Another member suggested using average logon duration and getting creative with it. They discussed the idea of nested triggers and using "super triggers" as a workaround to count individual instances of logon duration and trigger an alert when a threshold is reached. The team will continue to look into this solution.
Read the entire article here...
Read the entire article here...
Fixing Script Errors in ControlUp Version 8.8
A user was having trouble with a script on ControlUp version 8.8. The script was supposed to restart Citrix desktop service when a specific user session went from active to disconnected, but it failed with an error involving a missing key in the dictionary. The user discovered it was a bug in the software and was able to fix it by upgrading to version 9.0. The community script used can be found at https://www.controlup.com/script-library-posts/restart-citrix-desktop-service/
Read the entire article here...
Read the entire article here...
EDX Software Changes Polling Frequency and Manual Initiation
Regarding EDX, a user asked how quickly it polls for software changes and if there is a way to manually initiate it. It was stated that EDX polls once a day and that the script for it can be found at the location: C:\ProgramData\Avacee\sip_agent\scripts, with the data being stored in the "installed apps" script. Another user mentioned that this location was initially hard to find.
Read the entire article here...
Read the entire article here...
Understanding the HZ Connection Server Health Status Monitor in ControlUp
A discussion took place about the HZ Connection Server Health Status monitor and what it monitors exactly. The monitor is based on the value that the connection server gives, and it is a VMware thing. The object returned from the soap api is used for the status. The user thanked a member for their assistance and mentioned that there are also horizon related triggers in the trigger packs, which can be found at https://support.controlup.com/docs/en/trigger-packs#vmware-horizon.
Read the entire article here...
Read the entire article here...