Just starting a new thread for ongoing enhancements to the RMM Suite.

This is a summary of the updates released between May 1 and November 30, 2019. 

Ticket Processing

The Intelligent Ticket Processing system has received quite a few enhancements and several new features:

• LAUser Support for a local admin account that you can provide to users when they are off-network is available. This will create the account or update the credentials of the "LAUser" account with a complex, 16-character password on a weekly, semi-monthly, or montly basis.
• Stale Agent Cleanup Running nightly, this process scans your agents and removes any agent license that has not checked in for a specific number of days. The duration has a minimum age of 45 days as a safety limit, and also limits the process to removing no more than 10 agent licenses per day. This does not uninstall the agent, so any system that powers on and checks in will simply re-create their license.
• Website Monitoring This two-part component can be used to quickly connect to website pages to keep them active (Keep-Alive) and responsive without actually monitoring the results. The second part will query the site and check the response for specific content that is either present or missing.
• Ticket Note Injection Generic and alert-specific text can be inserted into the ticket body, and ticket information and agent-specific custom field text can be used in the messages.
• LiveConnect Link is now embedded in every ticket associated with a VSA agent.
• Email Identity Injection modifies the "from" address so PSAs that associate tickets with customers by the email address can now automatically assign incoming tickets to customers.
• PSA Subject Rewrite allows you to dynamically replace the machine-readable subject line with a simple "parsing code" and a plain-text message. Faster/easier parsing and easier comprehension of the alert type.
• Agent/Group Blacklisting allows you to apply full automation to an agent or group but suppress the creation of PSA tickets - perfect for labs or onboarding.
• Telemetry Maintenance and Smart Monitor events that self-remediate now generate special alerts that are logged to a CSV file. These can easily be loaded into Excel for reporting and other analysis.

Core Tool Enhancements

New tools as well as enhancements to the core tool set have been deployed. Some changes took effect immediately, while others are optional and may require configuration changes.

• The Daily Download tool was updated to eliminate dependencies on WGET.EXE. The file checking process was also enhanced to minimize web traffic. This also improved performance, reducing the deployment time for a fresh deployment from 2+ minutes to under 40 seconds.
• Patch Management has been enhanced to allow reboot suppression on servers by simply adding "-R" to the Patch Schedule Code. The updated management spreadsheet now identifies the reboot status as well.
• Daily Audit now collects Bitlocker status for the C: drive, and the next release will report status for all disk volumes. The audit cache file is now uploaded via GetFile, and tools will be available soon to collect and summarize this data for reporting. The audit also collects all software/version info, and can add App/Version specific tags to the System Roles for use by the Daily Maintenance tools.
• A new Disk Free Tool (RMUDFW.BMS) has been released. This can be invoked prior to upgrades or installs to determine if the specified disk has sufficient space.

Daily Maintenance Tool Enhancements

One of the most exciting enhancements to the Daily Maintenance tool suite is the ability to respond to Zero-Day Vulnerabilities. No less than 5 of the new features directly support this capability.

• Platform Awareness allows different tasks to be invoked on 32 or 64-bit platforms
• Product Awareness allows a task to run when a specific product/version is present.
• Direct Download allows downloading of files via HTTP(S) protocol.
• Registry Write enables global configuration to be easily maintained.
• File Delete capability has been added. Download, Run, Delete!
• Enhanced Message Display option allows using a graphic image instead of text; customizing the button text; and specifying a delay time before the button is active. See the Forums for details, and download our sample Patch Reminder notice from Downloads/Software.
• PrimaryDayOnly control will now prevent day-specific tasks (like messages) from being executed when catching up on missed maintenance tasks.
• Multiple Role Control allows tasks to be run if any or all roles specified are detected. This permits controlling tasks to run only when DHCP is present on a DC, for example.

Smart Monitor Enhancements

We've updated several of the Smart Monitors to eliminate dependencies on external tools, improve security, or accommodate special situations.

• The Network Time Smart Monitor was updated to eliminate the dependency on NTPDate.exe, which stopped functioning after Microsoft deprecated one of the DLLs it depended on. The logic has been internalized, which also improved performance.
• Agent Endpoint Security Smart Monitor now supports a RunBlind option that allows running a definition update command that does not return any response.
• The Server Boot Smart Monitor now has the ability to check that specific applications and/or services are running 15-minutes after a system reboot.

General Security Enhancements

While we build all of our tools following enterprise security methods, we're always looking for ways to improve and enhance the tools and our practices.

• Password Ciphering is supported when using Managed Variables to deploy local account credentials. This protects the password at rest in the VSA and in-flight to the agent, where it is deciphered immediately prior to updating the account.
• API Access Control - All tools that employ the API for communication with VSA have been updated to require license authorization via the MSP Builder website. These tools will not use the cached license data, requiring a live authorization for use prior to any VSA API access. This provides a rudimentary form of multi-factor authorization for these tools.

Core Automation - New Features - Released 01/06/2020

Enhancement to RMUGET - App Download Utility

The RMUGET utility has been updated to bypass the applications that are actively in use, specifically the RMMKSE.EXE and RMUGET.BMS. This prevents logging errors that the files cannot be written. These files are updated prior to running the RMUGET, so attempting to update these is redundant. The log now reports these files as being skipped.

This change is automatic - no action is required. 

Enhanced Maintenance & Monitoring - New Features

Enhancements to the EMM Maintenance Interface

Internationalization

All messages in the user interface can now be displayed in any language, selected as defined in the user's LOCALE Language setting. MSP Builder provides a sample messages file (.LNG extension) that the MSP can customize with any language. Language files will be deployed and loaded on demand - where available - when a user's LOCAL Language ID matches the ID in the file name.

This change to the interface is automatic. The MSP must define and deploy the language file(s) to support alternate languages. 

Ticket Submission

The end user can now submit a standard priority support request directly from the User Interface. The dialog box prompts for the user's name, email, a summary line, and a detailed description. The ticket is submitted and processed by the Intelligent Ticket Processing system and delivered to the MSP's PSA. 

This change to the interface is automatic. The MSP must enable the Ticket feature if they so choose via a simple configuration setting.

Security Identification for MSP Call Verification

The User Interface now displays a pair of 4-digit numbers that are unique to the agent and update every 60 seconds. A separate utility, used by the MSP technician, can generate the same security code when the customer's Agent Name is entered. The MSP technician can present the security code to the end user, who can verify that it matches the code displayed on their interface. This can help prevent attacks through social engineering by verifying that the caller is actually from the MSP.

The change to the interface is automatic. The Technician Interface requires a security configuration setting to be performed by MSP Builder's support team.

New Smart Monitor - User & Group Change Monitoring

A new Smart Monitor is being released that will generate Warning Alarms for all changes to User and Group security - both machine-local and in Active Directory. 

The Smart Monitor is deployed automatically. The MSP Builder support team will be updating the deployment procedure and monitor set.

Documentation

All Operation & Configuration guides have been updated to reflect these enhancements.