(SCCM SQL Query) Find Symantec Endpoint Protection

-- Find Symantec Endpoint Protection

Declare @UserSIDs as varchar(Max) = 'Disabled',

@ProductName as varchar(50) = 'Symantec Endpoint Protection',

@CollectionID as varchar(10) = 'SMS00001' --All Systems Collection

select Distinct

RV.Netbios_Name0 as 'ComputerName',

rv.User_Name0 as 'UserName',

u.Full_User_Name0 as 'FullName',

u.Mail0 as 'EmailAddress',

u.telephoneNumber as 'PhoneNumber',

p.ProductName0 as 'ProductName',

p.ProductVersion0 as 'ProductVersion',

'FoundStatus' = 'True'

From 

fn_rbac_R_System_Valid(@UserSIDs) as RV

join fn_rbac_GS_INSTALLED_SOFTWARE(@UserSIDs) as P on p.ResourceID = RV.ResourceID

join fn_rbac_R_User(@UserSIDs) as u on u.User_Name0 = rv.User_Name0

Where 

RV.ResourceID in 

(

select 

p.ResourceID 

from 

fn_rbac_GS_INSTALLED_SOFTWARE(@UserSIDs) as P 

Where 

p.ProductName0 LIKE @ProductName

) and

p.ProductName0 LIKE @ProductName and

RV.ResourceID in 

(

select 

fcm.ResourceID

from fn_rbac_FullCollectionMembership(@UserSIDs) as fcm

where fcm.CollectionID = @CollectionID

)

UNION

select Distinct

RV.Netbios_Name0 as 'ComputerName',

rv.User_Name0 as 'UserName',

u.Full_User_Name0 as 'FullName',

u.Mail0 as 'EmailAddress',

u.telephoneNumber as 'PhoneNumber',

'ProductName' = 'Not Found',

'ProductVersion' = 'Not Found',

'FoundStatus' = 'False'

From 

fn_rbac_R_System_Valid(@UserSIDs) as RV

join fn_rbac_R_User(@UserSIDs) as u on u.User_Name0 = rv.User_Name0

Where 

RV.ResourceID not in 

(

select 

p.ResourceID 

from 

fn_rbac_GS_INSTALLED_SOFTWARE(@UserSIDs) as P 

Where 

p.ProductName0 LIKE @ProductName

) and

RV.ResourceID in 

(

select 

fcm.ResourceID

from fn_rbac_FullCollectionMembership(@UserSIDs) as fcm

where fcm.CollectionID = @CollectionID

)

ORDER BY 

FoundStatus

Fix System Time Date

Fast resolution would be as you stated connect to VPN and it should automatically set the time appropriately.

Here are the faster alternatives is simply to add or subtract minutes from this system by using the following PowerShell command.

 

Here is Microsoft’s documents on how to use the commandlet: Set-Date (Microsoft.PowerShell.Utility) - PowerShell | Microsoft Docs

 

Open as Admin PowerShell:

To subtract 10 minutes -

Set-Date -Adjust -0:10:0 -DisplayHint Time

 

To add 10 minutes -

Set-Date -Adjust 0:10:0 -DisplayHint Time

 

The other option is simply to run the resync command with the win32 time method.

Once again will be opening the PowerShell as administrator.

 

w32tm /resync

 

I did verify that this command works both on and off of VPN.

 

How-To Install RSAT tools - Windows 10 - 11

 Microsoft has done away with installer from package or otherwise it is now done through dism.

There is a PowerShell command that you could use to add RSAT tools to your system.

Right click on your start menu open PowerShell as administrator

To list all the available RSAT tools use the following command

Get-WindowsCapability -Name "*RSAT*" -Online

Say you want to list out the two tools for Active Directory DS LS tools and the group policy manager tools to give you the install state.

"Rsat.ActiveDirectory.DS-LDS.Tools*","Rsat.GroupPolicy.Management.Tools*" | ForEach-Object {Get-WindowsCapability -name $PSItem -Online}

 Changing the command just slightly you can add a particular windows capability in this case we’ll add the two above mentioned applications in RSAT.

The application will be retrieved from Microsoft servers and installed on your local system. Please note that if you’re having connection issues to get to Microsoft servers you may need to disconnect from the corporate network. I have had issues in the past were we are unable to hit the Microsoft servers do to ACL’s applied at the network layer.

 

"Rsat.ActiveDirectory.DS-LDS.Tools*","Rsat.GroupPolicy.Management.Tools*" | ForEach-Object {Add-WindowsCapability -name $PSItem -Online}

Once completed the install will give a status and if you need to restart the system.

Remote logoff user

 

To log off the end user from a remote system you will need a few things. Just To start with you'll need to know what the user's session ID number is on that device to obtain this you'll use the Q user tool to query the system remotely.

If you were to just type quser in your command prompt it would return all the active computers on the current system you're logged into.

PS> quser

This is mostly helpful for server situations where you may have multiple users and log in and out of a device that you're on and you need to find out who else is logged in. 

The same goes for remote devices you'll use the flag /server: the name of the remote computer.

For the sake of brevity will use your local system as the server that will target this works for remote systems as well. (Please note that you must be in the administrative group in order to remotely run this query.)

PS> quser /server:RemoteComputerName

Now that we know what users are logged in to a remote server we can use another windows called log off along with the user session ID number and the flag server and the target computer name.

In the following example will use a test system setup where I where I am logged into an RDP session. 

PS> quser /server:'HAEA-ENG-TEST01'

Now that we know who's logged in and what their session ID number is we can go about using the log off command through remotely logged that particular user off. (as a side note this session also give you basic information as to how the user is logged in. In this case I'm using RDP to remotely connect to a test system.)

In this instance we are going to log off this session ID number 2 on the engineering test system one with the following command.

logoff 2 /server:'HAEA-ENG-TEST01'

There will be no output as two the status of logging out from the command line however if you rerun quser to query this system once again you'll see that the user session no longer exists on that system.

In In our example will find that there is no other users logged into that computer at this time including the targeted user you just logged out.