Collection by running process

0

how to create a collection to determine running process eg. if i wanted to know how many people running filezilla.

Cancel
login to comment
0

Something like this should work. Save these as XML files and import them.

scan profile

<?xml version="1.0" encoding="utf-8"?>
<AdminArsenal.Export Code="PDQInventory" Name="PDQ Inventory" Version="12.4.0.0" MinimumVersion="8.0">
<ScanProfile>
<Description>https://support.pdq.com/hc/en-us/community/posts/211689247-Collection-by-running-process</Description>
<ScanProfileId value="7" />
<IsDefault value="false" />
<Name>Is Word Running?</Name>
<Scanners type="list">
<Scanner>
<DateCreated>2017-05-12T09:14:12.0000000-06:00</DateCreated>
<DateModified>2017-05-12T09:15:24.0000000-06:00</DateModified>
<ExcludePatterns type="list" />
<IncludePatterns type="list">
<item>C:\Processes\winword.txt</item>
</IncludePatterns>
<RowLimit value="2500" />
<TypeName>Files</TypeName>
<SourceScannerId value="31" />
</Scanner>
</Scanners>
<ScheduleTriggers type="list" />
</ScanProfile>
</AdminArsenal.Export>

 

collection

<?xml version="1.0" encoding="utf-8"?>
<AdminArsenal.Export Code="PDQInventory" Name="PDQ Inventory" Version="12.4.0.0" MinimumVersion="4.0">
<Collection>
<ReportDefinition name="Definition">
<Columns type="list">
<Column>
<Column>ComputerId</Column>
<Summary></Summary>
<Table>Computer</Table>
<Title></Title>
</Column>
</Columns>
<RootFilter name="Filter">
<Comparison>All</Comparison>
<Filters type="list">
<ValueFilter>
<Table>File</Table>
<Column>Name</Column>
<Comparison>Equals</Comparison>
<Value>winword.txt</Value>
</ValueFilter>
<ValueFilter>
<Table>File</Table>
<Column>PathName</Column>
<Comparison>Equals</Comparison>
<Value>C:\Processes</Value>
</ValueFilter>
</Filters>
</RootFilter>
<ReportDefinitionTypeName>BasicReportDefinition</ReportDefinitionTypeName>
</ReportDefinition>
<IsDrilldown value="false" />
<Created>2017-05-12T09:23:13.0000000-06:00</Created>
<Description>https://support.pdq.com/hc/en-us/community/posts/211689247-Collection-by-running-process</Description>
<Id value="1180" />
<IsEnabled value="true" />
<Modified>2017-05-12T09:23:13.0000000-06:00</Modified>
<Name>Is Word Running?</Name>
<ParentId value="null" />
<Path>Is Word Running?</Path>
<TypeName>DynamicCollection</TypeName>
<Children type="list" />
</Collection>
</AdminArsenal.Export>

 

package

<?xml version="1.0" encoding="utf-8"?>
<AdminArsenal.Export Code="PDQDeploy" Name="PDQ Deploy" Version="13.0.4.0" MinimumVersion="9.0">
<Package>
<PackageDefinition name="Definition">
<CopyMode>Default</CopyMode>
<InventoryScanProfileId value="7" />
<ScanAfterDeployment value="true" />
<Timeout value="60" />
<UseCustomTimeout value="false" />
<RunAs value="null" />
<Steps type="list">
<PowerShellStep>
<CustomCommandLine></CustomCommandLine>
<Files></Files>
<Script>$Result_Directory = "C:\Processes"
$Result_Name = "winword.txt"

$Process_State = Get-Process winword -ErrorAction SilentlyContinue

if ( $Process_State -ne $null ) {

if ( ( Test-Path "$Result_Directory" ) -eq $false ) {

New-Item -ItemType "Directory" -Path "$Result_Directory"

}

New-Item -ItemType "File" -Path "$Result_Directory" -Name "$Result_Name"

} else {

Write-Output "Word is not running"

}</Script>
<SuccessCodes>0</SuccessCodes>
<RunAs value="null" />
<Conditions type="list">
<PackageStepCondition>
<Architecture>Both</Architecture>
<Version>All</Version>
<TypeName>OperatingSystem</TypeName>
</PackageStepCondition>
<PackageStepCondition>
<IsUserLoggedOn>AlwaysRun</IsUserLoggedOn>
<TypeName>LoggedOnUser</TypeName>
</PackageStepCondition>
</Conditions>
<ErrorMode>StopDeploymentFail</ErrorMode>
<Title></Title>
<TypeName>PowerShell</TypeName>
<IsEnabled value="true" />
</PowerShellStep>
</Steps>
</PackageDefinition>
<Description>https://support.pdq.com/hc/en-us/community/posts/211689247-Collection-by-running-process</Description>
<FolderId value="null" />
<Name>Is Word Running?</Name>
<Path>Is Word Running?</Path>
<Version>1.0</Version>
<PackageDisplaySettings name="DisplaySettings">
<DisplayType>Normal</DisplayType>
<IconKey>Icon-Package</IconKey>
<SortOrder value="12" />
</PackageDisplaySettings>
</Package>
</AdminArsenal.Export>
Cancel
login to comment

0

Shane, is there a way to hack this up, like running the command below from Deploy, piping the result to a text file on the local PC, then detecting that file/content as part of a collection?

%WINDIR%\System32\tasklist /FI "IMAGENAME eq winword.exe" | find /I /N "winword.exe"

Thanks,
Mark

 

 

Cancel
login to comment

0

Hi,

This data isn't stored in the Inventory database so you wouldn't be able to create a collection or a report based on this data. The data can only be viewed in (almost) real time from the computer window in the Process panel.

Cancel
login to comment

Reply