A user asked how to set permissions for first-level support to logoff user sessions - the recommendation is to keep everything as "Not Set" and set specific permissions to "Allow". For more information, there is an article on creating a read-only permission set at https://support.controlup.com/v1/docs/security-policy-view-only-role.
Read the entire article here...
Security Related Training & Support Archives
Security training and support-related archives from inside the ControlUp Community on Slack.
Replacing a Weak SSL Certificate in ControlUp
A customer reported a weak SSL certificate from ControlUp (SHA1, wrong hostname, self-signed) and asked if any issues may surface when switching to a trusted, SHA256 certificate with the correct hostname. It was suggested that the certificate switch should work without any issues, but the current COP version, certificate name, and file were requested for confirmation. It was later established that the certificate deployed with Console, Monitor, and Agent was the culprit, and that the old certificate just needs to be replaced.
Read the entire article here...
Read the entire article here...
Using the EUC Universal Sync Script in ControlUp
When using the EUC Universal Sync Script, make sure the "preview" Parameter is set to false in the cfg file to run the Sync script, and restart the monitor service for scheduling. The version on Github is the latest. The warning "Commit Changes?" is misleading but to assign False to the Preview parameter commit needs to be set to Yes. A bug in 8.8 related to Templates being empty was mentioned.
Read the entire article here...
Read the entire article here...
Investigating Network Latency Issues in ControlUp
A user noticed that some of their devices experience a network latency with white spaces at different intervals and asked for clarification. It was determined that the ping was failing consistently every 40 minutes and that there could be a network issue (not VPN) related to communicating with a target Citrix public IP address. The user was instructed to open a support ticket and view raw data to determine if the numbers match. The graphs looked normal when checked.
Read the entire article here...
Read the entire article here...
Running Nutanix CLI Commands From the ControlUp Console
A user asked if it was possible to run Nutanix CLI commands from the ControlUp console, and if it was possible through the PowerShell module or REST API. It was suggested that if the CLI tools and firewall are open, this might be possible. One member shared that they have a similar solution which involves SSH'ing into the Nutanix host, plus the OpenSSH Powershell module installed. The member agreed to share their solution.
Read the entire article here...
Read the entire article here...
How are the credentials saved on ControlUp Scoutbees for a published App/Desktop scout?
Credentials for Apps/Desktops on Scoutbees are encrypted either in a database or with AWS-vault, depending on whether the Scout is running on a cloud hive or a custom hive. When configuring a custom hive, the credentials are stored only locally in a file. For further information see https://controlupcommunity.slack.com/archives/C046DUGB6M9/p1668549692870029.
Read the entire article here...
Read the entire article here...
Understanding Hard & Soft Page Faults with ControlUp
A user asked about hard and soft page faults and ControlUp's reporting capabilities regarding these faults. Hard page faults generally have a larger negative impact on performance, however with more people using solid state drives this impact is not as drastic. ControlUp is working to include this measurement of hard page faults in its reporting. In terms of acceptable page fault expectations, it varies depending on underlying hardware and disk speeds, and looking at the combination of hard page faults and excessive queue lengths can help to determine if there is an issue.
Read the entire article here...
Read the entire article here...
Troubleshooting ControlUp Monitor not collecting data from VMs
A user had difficulty getting ControlUp Monitor to collect data from their VMs. Suggestions include creating a separate role for their Monitor service account and creating a separate service account with access to the computer objects in the farm and AD reader permissions. Additionally, the user was directed to a link with the Security Policy for Users and Permissions found on ControlUp's website.
Read the entire article here...
Read the entire article here...
Is there a Security Policy to Allow or Deny the Changing of Views in ControlUp Console
A user suggested a security policy to allow/deny changing views in ControlUp Console, which would have to be set on a per-user basis. It has been 6 years since views became global while the column order is still per user and stored in appdata XML. If a new view is created, everyone sees it, which might explain why our demo lab is "jam packed with them". The user tested that after moving OS to the left, closing the console, deleting the private config, and relaunching the console, OS was back to the right.
Read the entire article here...
Read the entire article here...
Using Multi-Factor Authentication (MFA) with ControlUp and Scoutbees
A user asked about using Multi-Factor Authentication(MFA) for Scoutbees with ControlUp, discussing external and internal scouts, static tokens, and options such as TOTP. Phone call verification and SMS-based MFA are both supported, as well as TOTP and static codes. Documentation was described as "clear as mud".
Read the entire article here...
Read the entire article here...