Well I'm not sure if many people are interested in this, but surely someone will be so I thought I'd share. Forgive me if I've re-invented the wheel, but I couldn't find it anywhere else.
In our organization we have some very security sensitive managers, one of whom was wholeheartedly for Local Security Solution. However, he quickly became concerned that passwords after being disclosed were opening security holes. While limited to those computers he was still concerned enough and he has enough pull to have this issue block our full implementation of Local Security Solution. Therefore, it quickly became important to address his issues.
After looking through the default LSS reports I found one that almost immediately fit our needs. After ripping it apart I was able to come up with a collection of computers that have had their current Local Security Solution passwords disclosed.
The query is below:
Code:
SELECT dbo.vComputer.guid
FROM dbo.vLSS_CurrentDisclosedUserPassword INNER JOIN
dbo.vComputer ON dbo.vLSS_CurrentDisclosedUserPassword.ComputerGuid = dbo.vComputer.Guid
After working the collection out it was as easy as setting up a Software Delivery Task (or a Task Server Task) to run the following command line.
Code:
"C:\Program Files\Altiris\Altiris Agent\Agents\LocalSecurity\AltirisLSSAgentUtil.exe" /cyclePasswords /sendInventory
All in all it was quite easy, but I thought I'd share to make sure others (especially those like me who might miss the simple things) would be able to get it to work. The collection was the tricky part as the report couldn't translate directly.
Linear Mode
