Prepare Your Environment for Remote PowerShell

Posted on Leave a commentPosted in PowerShell

If you joined us at our live webcast this last Thursday (October 13, 2016 as of this posting) you were introduced to some nifty PowerShell scripts which we want to make available to you. If you missed the webcast, click the video below and get caught up! First, we discuss getting your environment ready for using remote PowerShell, then we dive into favorite scripts.

Don’t miss another free webcast by signing up for email notices here.

Preparing Your Environment for Remote PowerShell

Enabling WinRM

Usually, it’s easiest to configure WinRM with Active Directory Group Policy, but for those who wish to do it manually, these commands will help configure your machines to use WinRM by using either command prompt or PowerShell:

Command prompt or PowerShell:

winrm quickconfig -force -q

PowerShell only:

Enable-PSRemoting -Force

This will only setup the basic configuration for WinRM. If you want to take it a step further and secure it with a certificate, you could use this wonderful gem as a starting point: enable WinRM using a certificate.

Auto Login

Sometimes we have a need to have a machine automatically login with a specific user when the machine boots up. These scripts will help get that configured. Please note that each script includes a line that will reboot the target machine.

Setting up Auto Login for a Machine

Removing Auto Login for a Machine

Resolving Trust Relationship Issues

We’ve all been there. You have a domain trust relationship issue. There are many reasons for this to fail, but it seems that the most common has to do with the machine account password. Check out these scripts to get it working again.
Fixing the secure channel with Test-ComputerSecureChannel
$Credential = Get-Credential
Test-ComputerSecureChannel -Repair -Credential $Credential
Fixing the machine account password with Reset-ComputerMachinePassword

Fixing Windows Update Service

If you’ve ever encountered an instance of the Windows Update service not running, this (very) simple script is for you. When using products that lock a machine’s settings (Deep Freeze, etc), we’ve noticed that the Windows Update service doesn’t always get set to run. This quick script will change the Windows Update service to startup Automatically and then start the service.
Set Windows Update service to Automatic and start the service
Set-Service -Name wuauserv -StartupType Automatic
Start-Service -Name wuauserv

Delete and/or Copy Files

These are just quick script examples for deleting or copying files.

Deleting temp files for current and all users

Copying files to all user paths

Getting IP Configuration Settings

Sometimes we just need a quick way to grab network adapter settings for a machine. Here are a couple of examples to do it for a machine. The first example can be used in a PDQ Deploy package or via a PDQ Inventory Remote Command. These ensure that a command is run locally on a target machine.  The second example could be used from a PDQ Inventory Custom Tool or even straight up from a PowerShell window (fancy).

Getting network adapter info locally

Getting network adapter info using Invoke-Command

Links Referenced in the Webcast

Definitely check out Stephen Valdinger’s blog on automating software installs for imaged computers.

Awesome PowerShell Commands List

Using PowerShell to Set Static and DHCP IP Addresses

Information on Microsoft easy fixes


What’s New in PDQ Inventory 11

Posted on Leave a commentPosted in PDQ Inventory

The beta release of PDQ Inventory 11 is now available. Want to try out the latest release? Make sure you’ve included the Beta version in update checks by looking at File > Preferences > Auto Update Alerts in your PDQ Inventory console. (Note: The Auto Update Alerts name is changed to Alerts in PDQ Inventory 11)

What’s New in PDQ Inventory 11

Tools Librarytools-library

What is the Tools Library? Imagine an arsenal of ready-made tools for your IT department’s world domination plans. More tools are coming in later releases of PDQ Inventory, so you’ll want to jump in and get a hold of these tools now. The Tools Library is available with a current Enterprise license.

You can access the Tools Library in the left tree and then click the Tools Library tab to start importing your tools. Once imported, you can start using the tools on your computers by selecting any computer(s) and selecting the tool from the tools drop down.



You’re definitely not limited to what’s listed in Tools. With a Pro license you can create your own tools, integrate tools (such as Sysinternals and DameWare), and create neat automation to easily execute. Click here to check out some ideas for tools you can create. Into PowerShell? You should be. We hosted Stephen Valdinger, a PDQ Inventory customer, at a live webcast were he shared some of his favorite tools he uses in his environment. Click here to check out that webcast and glean some inspiration!

Nifty Updates and Upgrades

Remote Command Window

The remote command window you know and love has gotten a face lift…but the changes aren’t all purely cosmetic. Get a gander at the remote command window by selecting a computer (or computers), right click > Tools > Remote Command

  • Improved Command History – Delete individual commands in your history instead of having to clear the whole history. Save your favorites!
  • Scan After – Run a scan after executing your remote command, making it easier to keep your data in PDQ Inventory up-to-date.

New Columns in Files and Registry

You can now see which Scan Profile(s) returned the data found in the Files and Registry sections of a computers window. (Double-click on any computer, and then select either Files or Registry in the left panel to view the data.)

registryandfilesscanprofiles Pdq inventory 11


Integrate Your Favorite Sys Admin Utilities with PDQ Inventory

Posted on Leave a commentPosted in PDQ Inventory

I was visiting a customer last month in Philadelphia and I really liked the first question that he asked me: “What feature do you wish more people would use in PDQ?”

“That’s easy. For PDQ Deploy it is Auto Deployments and for PDQ Inventory it is Custom Tools.”

Those of you who know PDQ Inventory are probably familiar with the Tools menu. The Tools menu allows you to call fairly common tools/utilities with a few keystrokes. The image below shows the default tools that come with PDQ Inventory. You can initiate VNC or Remote Desktop sessions, deploy software via PDQ Deploy, view the Event Log on the target and so on.


You can also add your own tools or utilities. Now it is up to you to extend this list to include your favorite sys admin tools and utilities. Basically, if you have a program/utility that can called from the Command Line (CLI) then you can integrate it with PDQ Inventory. Here are some of my favorite examples:

Example Integrations with PDQ Inventory

DameWare Remote Control

If you use DameWare for your Remote Control solution then you owe it to yourself to create a custom tool to initiate DameWare remote control sessions. You can see a breakdown of the available DameWare commands here.

In my environment I have DameWare 12. It is installed on the computer where PDQ Inventory runs. You may differ slightly in your command depending on where DameWare is installed and what options you want to use, but here’s an example.

Go to File > Preferences. Select Custom Tools. Click the New Tool button. Give the new tool a name. Your command may be different depending on your DameWare path and how you authenticate (Smart Card, Windows password, etc.).

"C:\Program Files\SolarWinds\DameWare Mini Remote Control x64\DWRCC.exe" -c -h -m:%TARGET% -md: -a:1 -x:

You can also add the shortcut keys CTRL+SHIFT+D. The shortcut is optional.



Here is a quick breakdown of the DameWare CLI.

 -c means “Connect Automatically”.

The -m: argument expects you pass the name of the target computer. Well, we don’t want to hardcode a computer name here because we expect to run this command against many different computers. This is where we can use a variable. In this case I am using the name of the computer.

How did I know which variables were available? Well, surprise surprise, I referenced the documentation. From the Custom Computer Tool window I simply clicked the help button (the blue question mark). I could also simply hit the F1 button. If you don’t have this window opened you can also just jump to the online help for this feature here. You will see a list of the variables that we support. As far as the rest of the command arguments refer to the DameWare link above.

Now when you are looking at a specific computer in PDQ Inventory you can initiate a remote control session by selecting Tools > DameWare 12 or using the shortcut you defined.

Open an Elevated CMD Window

If you use UAC then you’ve probably had to re-open a CMD window after you realized it wasn’t running in an elevated mode. Here is how you can quickly open up an elevated CMD window.

Create a custom tool. Call it something like CMD (Elevated).

In the Command Line field enter the following text:

%SYSTEMROOT%\system32\cmd.exe /k

Notice how no variables are being passed? This is intended. I just want to open a cmd window. In cases like this you should enable the System Tool checkbox. This means that you don’t have to have a computer selected in PDQ Inventory in order to run this custom tool.



Open Active Directory Users and Computers

Here is how I open up the Active Directory Users and Computers window. This command is actually a snap in called dsa.msc and it is loaded into the Microsoft Management Console (MMC). As a result you won’t call the actual dsa.msc file but instead pass the this file as an argument to mmc.exe. Obviously you need to have the Remote Server Administration Tools (RSAT) enabled on your console machine before you can run this command.

%WINDIR%\System32\mmc.exe dsa.msc



As you can see the process is fairly simple. You may need to do some leg work to find the correct command line to run, but the effort is well worth the work.

Remotely Access the Registry

Posted on Leave a commentPosted in PDQ Inventory, Reports

At our last live webcast (you can sign up to join our free IT webcasts here), we discussed Custom Tools and shared some of our favorites. Below is a download for a favorite utility that allows you to remotely access the registry of a target computer you can import for use on your PDQ Inventory console. There are also report filters you can import in to PDQ Inventory for finding local admin accounts on your network. Please note that this utility is not supported by Admin Arsenal and it only works in English. This is a utility that Shane wrote years ago while he was annoyed (and probably drunk) at the lack of remote registry capabilities in Windows.


What are Custom Tools?

Using the Custom Tools feature allows you to create keyboard shortcuts to call your favorite tools and utilities. If you have a program/utility that can called from the Command Line (CLI) then you can integrate it with PDQ Inventory. You can set up these Custom Tools by going to File > Preferences > Custom Tools.

Remotely Access the Registry with a Custom Tool 

A favorite utility allows you to open the registry on a target machine. In the webcast it was called “Remote Registry”.
After you unzip this file rename the two .exe.rename files to end in .exe. Use the StartReg64.exe if the console machine is running on a 64-bit OS. There is also a PNG showing the syntax for use in a Custom Tool.

Using PDQ Inventory to Find Local Admins

There are three XML files in the download below to import into PDQ Inventory. In the webcast, Shane walked through each of these examples and how the filters are set up. Click here to jump to that portion of the webcast.

Click here to download the report filters.



PDQ Deploy 11

Posted on Leave a commentPosted in PDQ Deploy, Uncategorized

New Additions

PDQ Deploy 11 is here and includes some great new additions to its already powerful lineup of features. You can upgrade PDQ Deploy to version 11 by clicking the “A new version is available” notice in the status bar of your console. If the update link is not visible, go to File > Preferences > Auto Update Alerts; this will now alert you to all future versions available. You can also download the new release here; PDQ Deploy 11. Let’s dive into some of the new additions.

Drag and Drop to Change the Order of Steps in a Package

PDQ Deploy 11 makes it easy to change the order of steps in your package with drag and drop functionality. Let’s say you create a package with the Install Step as step number one.


However, what if you decide that it would be a good idea to send your users a message before the package begins to install? You now have the ability to simply drag and drop to change the step order. Now the Message Step is step number one. Use this drag and drop functionality to easily place your package steps in the desired order.

Removed the Default Install Step of a New Package

PDQ Deploy 11 gives you more control over your package creation. We understand that not all packages start with an install and so the default Install Step has been removed. On the PDQ Deploy Main Console window, click File > New Package. A new blank Package window opens with Package Properties selected allowing you to add a New Step. Now you have total control to choose the individual steps and the order of those steps in your package.


New Option in Install Step for Installation Requires Source

There are some installations that require a source path if additional features, modifications, or repairs need to be made locally by the end user. PDQ Deploy 11 now gives you the option to have these files saved on the target computer. (Pro or Enterprise mode required) This feature is only available on an Install Step and is used for applications that specifically require a local copy/path of the original installation files in order to perform post-deployment programmatic modifications.

Other Features and Fixes

There are other hidden gems in PDQ Deploy 11:

  • Variables can now be used in the email body of the Post Deployment Notification (Pro or Enterprise mode required).


  • Added a Report Summary to the attached report included in a Post Deployment Notification (Pro or Enterprise mode required).


  • The ability to open Elevated Command and PowerShell prompts from within the Help Menu.


  • Direct link to the Output Log in the Deployment Computer List and More Info window when encountering an error with a step.
  • URLs in Package Details and Package Descriptions are now hyperlinks.
  • Issues with sorting during a running deployment has been fixed.
  • Clarified the Logged On State when a user is logged on.
  • Other minor bugs and enhancements.

We’re excited about the great new additions to PDQ Deploy 11  and hope you enjoy the added flexibility these additions bring.

Click to get the latest PDQ Deploy 11.

Managing Your Users’ Web Browser with Browser Router

Posted on Leave a commentPosted in Uncategorized

Ever have a website your users need to use a specific browser to access? Or perhaps you need a particular browser to be the default browser. Getting users directed to the correct browser can be done with a little set up using the Browser Router in PolicyPak.

First, you’ll need to make sure that you have the desired browser deployed to your target machines. PDQ Deploy makes deploying the correct browsers to your target machines a piece of cake.

Setting Up the Browser Router

First things first, you’ll need to create a new GPO. Right click on your newly created GPO and select edit to open your Group Policy Management Editor. If you have PolicyPak loaded, you’ll have the PolicyPak module loaded. Don’t have PolicyPak? Check it out here and get a free trial.

If you expand PolicyPak you’ll see the Browser Router node. To start putting together your settings, create a new collection by right-clicking the blank area and clicking (surprise!) New Collection.

add new collection browser router

Now you’re ready to start defining policies and defaults for all your users.

Set a Default Browser

Setting a default browser is straightforward and simple. Right click and select “Add New Default Browser”. Choose your browser and you’re set!

Select Browser

Default Browser Exceptions;  Routing Users to the Correct Browser

Having a default browser is great, but let’s say you have a site that only wants to work with a specific browser and it happens to be a browser other than the default browser. Simple, just click Add > New Policy. Then add in the URL,  and select a browser. That site will now use the designated browser.  

Specific site browser


Wild Cards

You can easily set up Wildcards with the Browser Router. In this example, let’s say you only want to use Chrome when visiting anything in Googleland. By using the *google* wildcard you can set Google Chrome as the default browser.

Wild Card


Blocking Sites

Need to Block a specific site? No problem. With the PolicyPak Browser Router you can easily define a blocked site and even display a pop up message to the user.

Block site

Local Intranet Browser

Many businesses have a local intranet security zone that requires the use of a specific browser for things such as time cards and other applications. Browser Router can easily make those accommodations. Just click “Internet Security Zone” then select “Local Intranet” from the dropdown menu and designate the appropriate browser.

Local Intranet


The Browser Router in PolicyPak gives you total control of what browsers are used in your environment. You can now use the right browser for the right job. For a detailed walk through and to see the Browser Router in action, click on the video below.



PDQ Inventory 10

Posted on 2 CommentsPosted in PDQ Inventory, PowerShell

New Features

The latest PDQ Inventory 10 is now available and it includes some highly requested features! PDQ Inventory can be upgraded to version 10 by clicking the “A new version is available” notice in the status bar of your console. You can also download the new release here; PDQ Inventory 10. Read on to discover all the new possibilities.

Hide Collections in the Collection Library

Do you love using the Collection Library, but would like to only see the collections that pertain to you and remove a lot of the clutter? Well, you are in luck, as this can now be accomplished in PDQ Inventory 10. Simply hide any collection within the collection library to customize your view. (Enterprise mode required). To hide collections, select the collection(s) in the console, right-click and check View > Hide Library Collection. Hiding a parent collection will always hide the child collections by default.

Context menu


The Collection Library page itself will always display all hidden collections and the ability to display in the tree can be easily toggled on and off using View > Display Hidden Library Collections (or Preferences > Interface). Hidden collections are identifiable by their opaque icon and opaque text. For ease of identification, parent collections of hidden collection(s) are also displayed with an opaque icon, however, the text is not opaque.

Display Hidden Collections


Because of this powerful new feature, we will be able to bring even more library collections your way. Keep your eyes peeled!

Wake-on-LAN and PowerShell added to Remote Command

Didn’t think Remote Command could get any more powerful than it already is? Well, think again. In PDQ Inventory 10, we’ve now added the ability to initiate a distributed Wake-on-LAN and run PowerShell cmdlets directly from this tool (Pro or Enterprise mode required). To access Remote Command, select the computer(s) to which you wish to execute a remote command and select Tools > Remote Desktop (or Ctrl+Alt+R).

Remote Command

Other features and fixes

Included in this release are many other smaller, but just as tasty morsels:

-The Program, Publisher, and Version of the Hot Fix table can now be used in Collections and Reports.

-Firmware Revision column has been added to the Disk Drives page.

-Other minor bugs and enhancements.

We hope you enjoy this release as much as we enjoyed bringing it to you. As always, we welcome your feedback.

Click to get the latest PDQ Inventory 10 release.


Set User-Side Group Policy With PolicyPak Admin Templates Manager

Posted on Leave a commentPosted in PDQ Deploy

So let’s say you’ve got some specialty computers such as lab computers, sales computers or conference room computers. These computers have different users logging on at different times throughout the day. You’d like these specialty computers to eat just “some” user side policy settings enabling them to maintain the same user settings regardless of who logs on. Normally you’d have to use very complicated Group Policy loopback mode to force your computers to eat user side policy. The downside is that you’ll end up with way more settings than you need making it impossible to manage the experience. The answer? PolicyPak Admin Templates Manager. With PolicyPak Admin Templates Manager you’ll be able to gently force your computers to eat user side functions.

Force Computers To Eat User-Side Functions

From the PolicyPak console, go to “Standard Computers” and create a new GPO. Then simply create a name for your new GPO.

Name GPO 1

Now go to the Computer Configuration side to the PolicyPak node and click on Administrative Templates Manager. Click “Add New Policy”.

GP Management editor

In the upper left of the New Admin Template Entry window, you’ll want to check the “User Policy” button. Now, under the Administrative Templates window, you’ll see several options that you can access. Let’s go to “Start Menu and Taskbar”.  Once clicked, you’ll be presented with a list of available options. Let’s select “Remove Help menu from Start Menu”.

User policy list

In the new window, click “enable” and you’re set. 


Now, in this example, all users who logon to this machine will have the “Help Menu” removed from the Start Menu. You’ve successfully taken a user side function and delivered it to your specialty computers for all users using the PolicyPak Admin Templates Manager. To see each step in action, check out the video below.

How to Enforce Firefox Settings

Posted on 2 CommentsPosted in Deployment Examples, PDQ Deploy

It’s simple enough to get Mozilla Firefox remotely installed on your computers, but how do you keep users from changing settings and potentially leaving your network vulnerable? In this post we’ll first silently install Firefox on machines, and then enforce Firefox settings using group policy.

Silently Installing Firefox

Mozilla Firefox is one of the many deployment packages available in the Package Library. With a PDQ Deploy Enterprise licence you can import this ready-to-deploy package (which we recommend as the package has additional steps to uninstall past versions of Firefox and other steps that also help avoid installation errors). With the free version you can also create this package to quickly install Firefox.

  1. Add the Firefox Setup exe in the Install File field in your install step
  2. Add silent parameter -ms to the Parameters field.
  3. Save and close, you’re ready to deploy. Simply highlight your newly created package in the left tree and click the Deploy button in the right corner. From there you’ll be able to deploy right away or schedule (Pro or higher) and select deployment targets. silently install firefox enforce settings

Enforce Firefox Settings

Watch this video to learn how to set up PolicyPak, the video will also show you where to find and how to add  “Paks” which you’ll need to help quickly manage hundreds of applications.

  1. First things first…in your Group Policy editor, add a new GPO. Right click and select edit.
  2. Now you’re ready to hit up the PolicyPak module. Click Application Settings Manager, right click and select the Mozilla Firefox pak. (The video link above will show you how to set up these paks.)
  3. Double-click on the Firefox application now listed to start editing you settings. As you make changes right click and select the lock down option you desire to enforce settings in Firefox. enforce firefox settings